The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis . The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka quot;retpolinesquot;. - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel in the function get_net_ns_by_id in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely . - CVE-2017-17712: The raw_sendmsg function in net/ipv4/raw.c in the Linux kernel has a race condition in inet-gt;hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges . - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service . - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a quot;pointer leak . - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action . - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write . - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference . - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition . The following non-security bugs were fixed: - 8021q: fix a memory leak for VLAN 0 device . - acpi / scan: Prefer devices without _HID/_CID for _ADR matching . - af_key: fix buffer overread in parse_exthdrs . - af_key: fix buffer overread in verify_address_len . - afs: Adjust mode bits processing . - afs: Connect up the CB.ProbeUuid . - afs: Fix afs_kill_pages . - afs: Fix missing put_page . - afs: Fix page leak in afs_write_begin . - afs: Fix the maths in afs_fs_store_data . - afs: Flush outstanding writes when an fd is closed . - afs: Migrate vlocation fields to 64-bit . - afs: Populate and use client modification time . - afs: Populate group ID from vnode status . - afs: Prevent callback expiry timer overflow . - alpha: fix build failures . - alsa: aloop: Fix inconsistent format due to incomplete rule . - alsa: aloop: Fix racy hw constraints adjustment . - alsa: aloop: Release cable upon open error path . - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds . - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines . - alsa: hda - Add mute led support for HP EliteBook 840 G3 . - alsa: hda - Add mute led support for HP ProBook 440 G4 . - alsa: hda - add support for docking station for HP 820 G2 . - alsa: hda - add support for docking station for HP 840 G3 . - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant . - alsa: hda - Apply the existing quirk to iMac 14,1 . - alsa: hda - change the location for one mic on a Lenovo machine . - alsa: hda: Drop useless WARN_ON . - alsa: hda - Fix click noises on Samsung Ativ Book 8 . - alsa: hda - fix headset mic detection issue on a Dell machine . - alsa: hda - fix headset mic problem for Dell machines with alc274 . - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 . - alsa: hda - Fix mic regression by ASRock mobo fixup . - alsa: hda - Fix missing COEF init for ALC225/295/299 . - alsa: hda - Fix surround output pins for ASRock B150M mobo . - alsa: hda - On-board speaker fixup on ACER Veriton . - alsa: hda/realtek - Add ALC256 HP depop function . - alsa: hda/realtek - Add default procedure for suspend and resume state . - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic . - alsa: hda/realtek - Add support for ALC1220 . - alsa: hda/realtek - Add support for headset MIC for ALC622 . - alsa: hda/realtek - ALC891 headset mode for Dell . - alsa: hda/realtek - change the location for one of two front microphones . - alsa: hda/realtek - Enable jack detection function for Intel ALC700 . - alsa: hda/realtek - Fix ALC275 no sound issue . - alsa: hda/realtek - Fix Dell AIO LineOut issue . - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 . - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV . - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 . - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 . - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 . - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE . - alsa: hda/realtek - Fix typo of pincfg for Dell quirk . - alsa: hda/realtek - New codec device ID for ALC1220 . - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 . - alsa: hda/realtek - New codec support for ALC257 . - alsa: hda/realtek - New codec support of ALC1220 . - alsa: hda/realtek - No loopback on ALC225/ALC295 codec . - alsa: hda/realtek - Remove ALC285 device ID . - alsa: hda/realtek - Support Dell headset mode for ALC3271 . - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 . - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 . - alsa: hda/realtek - Update headset mode for ALC225 . - alsa: hda/realtek - Update headset mode for ALC298 . - alsa: hda - Skip Realtek SKU check for Lenovo machines . - alsa: pcm: Abort properly at pending signal in OSS read/write loops . - alsa: pcm: Add missing error checks in OSS emulation plugin builder . - alsa: pcm: Allow aborting mutex lock at OSS read/write loops . - alsa: pcm: prevent UAF in snd_pcm_info . - alsa: pcm: Remove incorrect snd_BUG_ON usages . - alsa: pcm: Remove yet superfluous WARN_ON . - alsa: rawmidi: Avoid racy info ioctl via ctl device . - alsa: seq: Remove spurious WARN_ON at timer check . - alsa: usb-audio: Add check return value for usb_string . - alsa: usb-audio: Fix out-of-bound error . - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU . - arc: uaccess: dont use quot;lquot; gcc inline asm constraint modifier . - arm64: Add skeleton to harden the branch predictor against aliasing attacks . - arm64: Add trace_hardirqs_off annotation in ret_to_user . - arm64: Branch predictor hardening for Cavium ThunderX2 . - arm64/cpufeature: do not use mutex in bringup path . - arm64: cpufeature: Pass capability structure to -gt;enable callback . - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs . - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 . - arm64: debug: remove unused local_dbg_{enable, disable} macros . - arm64: Define cputype macros for Falkor CPU . - arm64: Disable TTBR0_EL1 during normal kernel execution . - arm64: Do not force KPTI for CPUs that are not vulnerable . - arm64: do not pull uaccess.h into *.S . - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN . - arm64: entry: Add exception trampoline page for exceptions from EL0 . - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 . - arm64: entry: Explicitly pass exception level to kernel_ventry macro . - arm64: entry: Hook up entry trampoline to exception vectors . - arm64: entry: remove pointless SPSR mode check . - arm64: entry.S convert el0_sync . - arm64: entry.S: convert el1_sync . - arm64: entry.S: convert elX_irq . - arm64: entry.S: move SError handling into a C function for future expansion . - arm64: entry.S: Remove disable_dbg . - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code . - arm64: explicitly mask all exceptions . - arm64: factor out entry stack manipulation . - arm64: factor out PAGE_* and CONT_* definitions . - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros . - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro . - arm64: factor work_pending state machine to C . - arm64: fpsimd: Prevent registers leaking from dead tasks . - arm64: Handle el1 synchronous instruction aborts cleanly . - arm64: Handle faults caused by inadvertent user access with PAN enabled . - arm64: head.S: get rid of x25 and x26 with "global" scope . - arm64: Implement branch predictor hardening for affected Cortex-A CPUs . - arm64: Implement branch predictor hardening for Falkor . - arm64: Initialise high_memory global variable earlier . - arm64: introduce an order for exceptions . - arm64: introduce mov_q macro to move a constant into a 64-bit register . - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 . - arm64: kaslr: Put kernel vectors address in separate data page . - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 . - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry . - arm64: kill ESR_LNX_EXEC . - arm64: kpti: Fix the interaction between ASID switching and software PAN . - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls . - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one . - arm64: kvm: Make PSCI_VERSION a fast path . - arm64: kvm: Use per-CPU vector when BP hardening is enabled . - arm64: Mask all exceptions during kernel_exit . - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper . - arm64: mm: Allocate ASIDs in pairs . - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN . - arm64: mm: hardcode rodata=true . - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR . - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI . - arm64: mm: Map entry trampoline into trampoline and kernel page tables . - arm64: mm: Move ASID from TTBR0 to TTBR1 . - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 . - arm64: mm: Rename post_ttbr0_update_workaround . - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN . - arm64: mm: Use non-global mappings for kernel space . - arm64: Move BP hardening to check_and_switch_context . - arm64: Move post_ttbr_update_workaround to C code . - arm64: Move the async/fiq helpers to explicitly set process context flags . - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm . - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb . - arm64: swp emulation: bound LL/SC retries before rescheduling . - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg . - arm64: Take into account ID_AA64PFR0_EL1.CSV3 . - arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel. Disable until kvm is fixed. - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks . - arm64: Turn on KPTI only on CPUs that need it . - arm64: use alternative auto-nop . - arm64: use RET instruction for exiting the trampoline . - arm64: xen: Enable user access before a privcmd hvc call . - arm/arm64: kvm: Make default HYP mappings non-excutable . - arm: avoid faulting on qemu . - arm: BUG if jumping to usermode address in kernel mode . - arm-ccn: perf: Prevent module unload while PMU is in use . - arm: dma-mapping: disallow dma_get_sgtable for non-kernel managed memory . - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend . - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 . - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio . - arm: dts: ti: fix PCI bus dtc warnings . - arm: kprobes: Align stack to 8-bytes in test code . - arm: kprobes: Fix the return address of multiple kretprobes . - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one . - arm: OMAP1: DMA: Correct the number of logical channels . - arm: OMAP2+: Fix device node reference counts . - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure . - arm: OMAP2+: Release device node after it is no longer needed . - asm-prototypes: Clear any CPP defines before declaring the functions . - asn.1: check for error from ASN1_OP_END__ACT actions . - asn.1: fix out-of-bounds read when parsing indefinite length item . - asoc: fsl_ssi: AC"97 ops need regmap, clock and cleaning up on failure . - asoc: twl4030: fix child-node lookup . - asoc: wm_adsp: Fix validation of firmware and coeff lengths . - ath9k: fix tx99 potential info leak . - atm: horizon: Fix irq release error . - audit: ensure that "audit=1" actually enables audit for PID 1 . - axonram: Fix gendisk handling . - backlight: pwm_bl: Fix overflow condition . - bcache: add a comment in journal bucket reading . - bcache: Avoid nested function definition . - bcache: bch_allocator_thread is not freezable . - bcache: bch_writeback_thread is not freezable . - bcache: check return value of register_shrinker . - bcache: documentation formatting, edited for clarity, stripe alignment notes . - bcache: documentation updates and corrections . - bcache: Do not reinvent the wheel but use existing llist API . - bcache: do not write back data if reading it failed . - bcache: explicitly destroy mutex while exiting . - bcache: fix a comments typo in bch_alloc_sectors . - bcache: Fix building error on MIPS . - bcache: fix sequential large write IO bypass . - bcache: fix wrong cache_misses statistics . - bcache: gc does not work when triggering by manual command . - bcache: implement PI controller for writeback rate . - bcache: increase the number of open buckets . - bcache: only permit to recovery read error when cache device is clean . - bcache: partition support: add 16 minors per bcacheN device . - bcache: rearrange writeback main thread ratelimit . - bcache: recover data from backing when data is clean . - bcache: Remove redundant set_capacity . - bcache: remove unused parameter . - bcache: rewrite multiple partitions support . - bcache: safeguard a dangerous addressing in closure_queue . - bcache: silence static checker warning . - bcache: smooth writeback rate control . - bcache.txt: standardize document format . - bcache: update bio-gt;bi_opf bypass/writeback REQ_ flag hints . - bcache: update bucket_in_use in real time . - bcache: Update continue_at documentation . - bcache: use kmalloc to allocate bio in bch_data_verify . - bcache: use llist_for_each_entry_safe in __closure_wake_up . - bcache: writeback rate clamping: make 32 bit safe . - bcache: writeback rate shouldn"t artifically clamp . - be2net: restore properly promisc mode after queues reconfiguration . - block: wake up all tasks blocked in get_request . - bluetooth: btusb: driver to enable the usb-wakeup feature . - bnx2x: do not rollback VF MAC/VLAN filters we did not configure . - bnx2x: fix possible overrun of VFPF multicast addresses array . - bnx2x: prevent crash when accessing PTP with interface down . - btrfs: add missing memset while reading compressed inline extents . - btrfs: clear space cache inode generation always . - btrfs: embed extent_changeset::range_changed to the structure . - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges . - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled . - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions . - btrfs: qgroup: Return actually freed bytes for qgroup release or free data . - btrfs: qgroup-test: Fix backport error in qgroup selftest . - btrfs: ulist: make the finalization function public . - btrfs: ulist: rename ulist_fini to ulist_release . - can: af_can: canfd_rcv: replace WARN_ONCE by pr_warn_once . - can: af_can: can_rcv: replace WARN_ONCE by pr_warn_once . - can: ems_usb: cancel urb on -EPIPE and -EPROTO . - can: esd_usb2: cancel urb on -EPIPE and -EPROTO . - can: gs_usb: fix return value of the quot;set_bittimingquot; callback . - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO . - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback . - can: kvaser_usb: free buf in error paths . - can: kvaser_usb: ratelimit errors if incomplete messages are received . - can: peak: fix potential bug in packet fragmentation . - can: ti_hecc: Fix napi poll return value for repoll . - can: usb_8dev: cancel urb on -EPIPE and -EPROTO . - cdc-acm: apply quirk for card reader . - cdrom: factor out common open_for_* code . - cdrom: wait for tray to close . - ceph: more accurate statfs . - clk: imx6: refine hdmi_isfr"s parent to make HDMI work on i.MX6 SoCs w/o VPU . - clk: mediatek: add the option for determining PLL source clock . - clk: tegra: Fix cclk_lp divisor register . - config: arm64: enable HARDEN_BRANCH_PREDICTOR - config: arm64: enable UNMAP_KERNEL_AT_EL0 - cpuidle: fix broadcast control when broadcast can not be entered . - cpuidle: powernv: Pass correct drv-gt;cpumask for registration . - cpuidle: Validate cpu_dev in cpuidle_add_sysfs . - crypto: algapi - fix NULL dereference in crypto_remove_spawns . - crypto: chacha20poly1305 - validate the digest size . - crypto: chelsio - select CRYPTO_GF128MUL . - crypto: crypto4xx - increase context and scatter ring buffer elements . - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex . - crypto: mcryptd - protect the per-CPU queue with a lock . - crypto: n2 - cure use after free . - crypto: pcrypt - fix freeing pcrypt instances . - crypto: s5p-sss - Fix completing crypto request in IRQ handler . - crypto: tcrypt - fix buffer lengths in test_aead_speed . - cxl: Check if vphb exists before iterating over AFU devices . - dax: Pass detailed error code from __dax_fault . - dccp: do not restart ccid2_hc_tx_rto_expire if sk in closed state . - delay: add poll_event_interruptible . - dlm: fix malfunction of dlm_tool caused by debugfs changes . - dmaengine: dmatest: move callback wait queue to thread context . - dmaengine: Fix array index out of bounds warning in __get_unmap_pool . - dmaengine: pl330: fix double lock . - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type . - dm btree: fix serious bug in btree_split_beneath . - dm bufio: fix shrinker scans when . - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 . - drivers/firmware: Expose psci_get_version through psci_ops structure . - drm/amd/amdgpu: fix console deadlock if late init failed . - drm: extra printk wrapper macros . - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement . - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU . - drm/omap: fix dmabuf mmap for dma_alloc"ed buffers . - drm/radeon: fix atombios on big endian . - drm/radeon: reinstate oland workaround for sclk . - drm/radeon/si: add dpm quirk for Oland . - drm/vmwgfx: Potential off by one in vmw_view_add . - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 . - edac, i5000, i5400: Fix definition of NRECMEMB register . - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro . - edac, sb_edac: Fix missing break in switch . - eeprom: at24: check at24_read/write arguments . - efi/esrt: Cleanup bad memory map log messages . - efi: Move some sysfs files to be read-only by root . - eventpoll.h: add missing epoll event masks . - ext4: fix crash when a directory"s i_size is too small . - ext4: Fix ENOSPC handling in DAX page fault handle . - ext4: fix fdatasync after fallocate operation . - fbdev: controlfb: Add missing modes to fix out of bounds access . - Fix EX_SIZE. We do not have the patches that shave off parts of the exception data. - Fix mishandling of cases with MSR not being present . - Fix return value from ib[rs|pb]_enabled - Fixup hang when calling "nvme list" on all paths down . - fjes: Fix wrong netdevice feature flags . - flow_dissector: properly cap thoff field . - fm10k: ensure we process SM mbx when processing VF mbx . - fork: clear thread stack upon allocation . - fscache: Fix the default for fscache_maybe_release_page . - futex: Prevent overflow by strengthen input validation . - gcov: disable for COMPILE_TEST . - gfs2: Take inode off order_write list when setting jdata flag . - gpio: altera: Use handle_level_irq when configured as a level_high . - hid: chicony: Add support for another ASUS Zen AiO keyboard . - hid: xinmo: fix for out of range for THT 2P arcade controller . - hrtimer: Reset hrtimer cpu base proper on CPU hotplug . - hv: kvp: Avoid reading past allocated blocks from KVP file . - hwmon: fix uninitialized data access . - i40iw: Account for IPv6 header when setting MSS . - i40iw: Allocate a sdbuf per CQP WQE . - i40iw: Cleanup AE processing . - i40iw: Clear CQP Head/Tail during initialization . - i40iw: Correct ARP index mask . - i40iw: Do not allow posting WR after QP is flushed . - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE . - i40iw: Do not generate CQE for RTR on QP flush . - i40iw: Do not retransmit MPA request after it is ACKed . - i40iw: Fixes for static checker warnings . - i40iw: Ignore AE source field in AEQE for some AEs . - i40iw: Move cqp_cmd_head init to CQP initialization . - i40iw: Move exception_lan_queue to VSI structure . - i40iw: Move MPA request event for loopback after connect . - i40iw: Notify user of established connection after QP in RTS . - i40iw: Reinitialize IEQ on MTU change . - ib/hfi1: Fix misspelling in comment . - ib/hfi1: Prevent kernel QP post send hard lockups . - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush . - ib/ipoib: Fix race condition in neigh creation . - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop . - ib/mlx4: Increase maximal message size under UD QP . - ib/mlx5: Assign send CQ and recv CQ of UMR QP . - ib/mlx5: Serialize access to the VMA list . - ibmvnic: Allocate and request vpd in init_resources . - ibmvnic: Do not handle RX interrupts when not up . - ibmvnic: Fix IP offload control buffer . - ibmvnic: Fix IPv6 packet descriptors . - ibmvnic: Fix pending MAC address changes . - ibmvnic: Modify buffer size and number of queues on failover . - ibmvnic: Revert to previous mtu when unsupported value requested . - ibmvnic: Wait for device response when changing MAC . - ib/rdmavt: restore IRQs on error path in rvt_create_ah . - ib/srpt: Disable RDMA access by the initiator . - ib/srpt: Fix ACL lookup during login . - ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp . - igb: check memory allocation failure . - ima: fix hash algorithm initialization . - inet: frag: release spinlock before calling icmp_send . - input: 88pm860x-ts - fix child-node lookup . - input: elantech - add new icbody type 15 . - input: i8042 - add TUXEDO BU1406 to the nomux list . - input: trackpoint - force 3 buttons if 0 button is reported . - input: twl4030-vibra - fix sibling-node lookup . - input: twl6040-vibra - fix child-node lookup . - input: twl6040-vibra - fix DT node memory management . - intel_th: pci: Add Gemini Lake support . - iommu/arm-smmu-v3: Do not free page table ops twice . - iommu/vt-d: Fix scatterlist offset handling . - ip6_gre: remove the incorrect mtu limit for ipgre tap . - ip6_tunnel: disable dst caching if tunnel is dual-stack . - ip_gre: remove the incorrect mtu limit for ipgre tap . - ipmi: Stop timers before cleaning up the module . - ipv4: Fix use-after-free when flushing FIB tables . - ipv4: igmp: guard against silly MTU values . - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY . - ipv6: Fix getsockopt for sockets with default IPV6_AUTOFLOWLABEL . - ipv6: fix possible mem leaks in ipv6_make_skb . - ipv6: fix udpv6 sendmsg crash caused by too small MTU . - ipv6: ip6_make_skb needs to clear cork.base.dst . - ipv6: mcast: better catch silly mtu values . - ipv6: reorder icmpv6_init and ip6_mr_init . - ipvlan: fix ipv6 outbound device . - ipvlan: remove excessive packet scrubbing . - irda: vlsi_ir: fix check for DMA mapping errors . - irqchip/crossbar: Fix incorrect type of register size . - iscsi_iser: Re-enable "iser_pi_guard" module parameter . - iscsi-target: fix memory leak in lio_target_tiqn_addtpg . - iscsi-target: Make TASK_REASSIGN use proper se_cmd-gt;cmd_kref . - isdn: kcapi: avoid uninitialized data . - iser-target: Fix possible use-after-free in connection establishment error . - iw_cxgb4: Only validate the MSN for successful completions . - iw_cxgb4: reflect the original WR opcode in drain cqes . - iw_cxgb4: when flushing, complete all wrs in a chain . - ixgbe: fix use of uninitialized padding . - jump_label: Invoke jump_label_test via early_initcall . - kabi fix for new hash_cred function . - kabi: Keep KVM stable after enable s390 wire up bpb feature . - kABI: protect struct bpf_map . - kABI: protect struct ipv6_pinfo . - kABI: protect struct t10_alua_tg_pt_gp . - kABI: protect struct usbip_device . - kabi/severities: arm64: ignore cpu capability array - kabi/severities: do not care about stuff_RSB - kaiser: Set _PAGE_NX only if supported . - kaiser: Set _PAGE_NX only if supported . - kbuild: add "-fno-stack-check" to kernel build options . - kbuild: modversions for EXPORT_SYMBOL for asm . - kbuild: pkg: use --transform option to prefix paths in tar . - kdb: Fix handling of kallsyms_symbol_next return value . - kernel/acct.c: fix the acct-gt;needcheck check in check_free_space . - kernel: make groups_sort calling a responsibility group_info allocators . - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only signals . - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL . - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal . - keys: add missing permission check for request_key destination . - kprobes/x86: Disable preemption in ftrace-based jprobes . - kpti: Rename to PAGE_TABLE_ISOLATION . - kpti: Report when enabled . - kvm: Fix stack-out-of-bounds read in write_mmio . - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset . - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down . - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables . - kvm: s390: Enable all facility bits that are known good for passthrough . - kvm: s390: wire up bpb feature . - kvm: VMX: Fix enable VPID conditions . - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts . - kvm: vmx: Scrub hardware GPRs at VM-exit . - kvm: x86: Add memory barrier on vmcs field lookup . - kvm: x86: correct async page present tracepoint . - kvm: x86: Exit to user-mode on #UD intercept when emulator requires . - kvm: X86: Fix load RFLAGS w/o the fixed bit . - kvm: x86: fix RSM when PCID is non-zero . - kvm: x86: inject exceptions produced by x86_decode_insn . - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk . - l2tp: cleanup l2tp_tunnel_delete calls . - lan78xx: Fix failure in USB Full Speed . - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices . - libata: drop WARN from protocol error in ata_sff_qc_issue . - lib/genalloc.c: make the avail variable an atomic_long_t . - macvlan: Only deliver one copy of the frame to the macvlan interface . - md: more open-coded offset_in_page . - media: dvb: i2c transfers over usb cannot be done from stack . - mfd: cros ec: spi: Do not send first message too soon . - mfd: twl4030-audio: Fix sibling-node lookup . - mfd: twl6040: Fix child-node lookup . - mlxsw: reg: Fix SPVMLR max record count . - mlxsw: reg: Fix SPVM max record count . - mm: avoid returning VM_FAULT_RETRY from -gt;page_mkwrite handlers . - mmc: core: Do not leave the block driver in a suspended state . - mmc: mediatek: Fixed bug where clock frequency could be set wrong . - mm: drop unused pmdp_huge_get_and_clear_notify . - mm: Handle 0 flags in _calc_vm_trans macro . - mm/mprotect: add a cond_resched inside change_pmd_range . - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP . - module: Add retpoline tag to VERMAGIC . - module: set __jump_table alignment to 8 . - more bio_map_user_iov leak fixes . - mtd: nand: Fix writing mtdoops to nand flash . - net: Allow neigh contructor functions ability to modify the primary_key . - net/appletalk: Fix kernel memory disclosure . - net: bcmgenet: correct MIB access of UniMAC RUNT counters . - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values . - net: bcmgenet: power down internal phy if open or resume fails . - net: bcmgenet: Power up the internal PHY before probing the MII . - net: bcmgenet: reserved phy revisions must be checked first . - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks . - net: core: fix module type in sock_diag_bind . - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces . - net: fec: fix multicast filtering hardware setup . - netfilter: bridge: honor frag_max_size when refragmenting . - netfilter: do not track fragmented packets . - netfilter: ipvs: Fix inappropriate output of procfs . - netfilter: nfnetlink_queue: fix secctx memory leak . - netfilter: nfnetlink_queue: fix timestamp attribute . - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table . - netfilter: nfnl_cthelper: Fix memory leak . - netfilter: nfnl_cthelper: fix runtime expectation policy updates . - net: Fix double free and memory corruption in get_net_ns_by_id . - net: igmp: fix source address check for IGMPv3 reports . - net: igmp: Use correct source address on IGMPv3 reports . - net: initialize msg.msg_flags in recvfrom . - net: ipv4: fix for a race condition in raw_sendmsg . - netlink: add a start callback for starting a netlink dump . - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y . - net/mlx5: Avoid NULL pointer dereference on steering cleanup . - net/mlx5: Cleanup IRQs in case of unload failure . - net/mlx5e: Add refcount to VXLAN structure . - net/mlx5e: Fix ETS BW check . - net/mlx5e: Fix features check of IPv6 traffic . - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare . - net/mlx5e: Fix possible deadlock of VXLAN lock . - net/mlx5e: Prevent possible races in VXLAN control flow . - net/mlx5: Fix error flow in CREATE_QP command . - net/mlx5: Fix rate limit packet pacing naming and struct . - net/mlx5: Stay in polling mode when command EQ destroy fails . - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case . - net: mvneta: clear interface link status on port disable . - net: mvneta: eliminate wrong call to handle rx descriptor error . - net: mvneta: use proper rxq_number in loop on rx queues . - net/packet: fix a race in packet_bind and packet_notifier . - net: phy: at803x: Change error to EINVAL for invalid MAC . - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround . - net: qdisc_pkt_len_init should be more robust . - net: qmi_wwan: add Sierra EM7565 1199:9091 . - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 . - net: reevalulate autoflowlabel setting after sysctl setting . - net: Resend IGMP memberships upon peer notification . - net: sctp: fix array overrun read on sctp_timer_tbl . - net: stmmac: enable EEE in MII, GMII or RGMII only . - net: systemport: Pad packet before inserting TSB . - net: systemport: Utilize skb_put_padto . - net: tcp: close sock if net namespace is exiting . - net: wimax/i2400m: fix NULL-deref at probe . - nfsd: auth: Fix gid sorting when rootsquash enabled . - nfsd: Fix another OPEN stateid race . - nfsd: fix nfsd_minorversion . - nfsd: fix nfsd_reset_versions for NFSv4 . - nfsd: Fix stateid races between OPEN and CLOSE . - nfsd: Make init_open_stateid a bit more whole . - nfs: Do not take a reference on fl-gt;fl_file for LOCK operation . - nfs: Fix a typo in nfs_rename . - nfs: improve shinking of access cache . - nfsv4.1 respect server"s max size in CREATE_SESSION . - nfsv4: Fix client recovery when server reboots multiple times . - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick . - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ . - nvme_fc: correct hang in nvme_ns_remove . - nvme_fc: fix rogue admin cmds stalling teardown . - nvme-pci: Remove watchdog timer . - openrisc: fix issue handling 8 byte get_user calls . - packet: fix crash in fanout_demux_rollover . - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel . - parisc: Hide Diva-built-in serial aux and graphics card . - partially revert tipc improve link resiliency when rps is activated . - pci/AER: Report non-fatal errors only to the affected endpoint . - pci: Avoid bus reset if bridge itself is broken . - pci: Create SR-IOV virtfn/physfn links before attaching driver . - pci: Detach driver before procfs amp; sysfs teardown on device remove . - pci/PME: Handle invalid data when reading Root Status . - pci / PM: Force devices to D0 in pci_pm_thaw_noirq . - perf symbols: Fix symbols__fixup_end heuristic for corner cases . - perf test attr: Fix ignored test case result . - phy: work around "phys" references to usb-nop-xceiv devices . - pinctrl: adi2: Fix Kconfig build problem . - pinctrl: st: add irq_request/release_resources callbacks . - pipe: avoid round_pipe_size nr_pages overflow on 32-bit . - powerpc/64: Add macros for annotating the destination of rfid/hrfid . - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL . - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL . - powerpc/64s: Add EX_SIZE definition for paca exception save areas . - powerpc/64s: Add support for RFI flush of L1-D cache . - powerpc/64s: Allow control of RFI flush via debugfs . - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL . - powerpc/64s: Simple RFI macro conversions . - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti . - powerpc/64s: Wire up cpu_show_meltdown . - powerpc/asm: Allow including ppc_asm.h in asm files . - powerpc/ipic: Fix status get and status clear . - powerpc/perf: Dereference BHRB entries safely . - powerpc/perf/hv-24x7: Fix incorrect comparison in memord . - powerpc/powernv: Check device-tree for RFI flush settings . - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo . - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested . - powerpc/pseries: include linux/types.h in asm/hvcall.h . - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS . - powerpc/pseries: Query hypervisor for RFI flush settings . - powerpc/pseries/rfi-flush: Call setup_rfi_flush after LPM migration . - powerpc/rfi-flush: Add DEBUG_RFI config option . - powerpc/rfi-flush: Make setup_rfi_flush not __init . - powerpc/rfi-flush: Move RFI flush fields out of the paca . - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code . - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot . - ppp: Destroy the mutex when cleanup . - pppoe: take -gt;needed_headroom of lower device into account on xmit . - pti: unbreak EFI . - r8152: fix the list rx_done may be used without initialization . - r8152: prevent the driver from transmitting packets with carrier off . - r8169: fix memory corruption on retrieval of hardware statistics . - raid5: Set R5_Expanded on parity devices as well as data . - ravb: Remove Rx overflow log messages . - rbd: set max_segments to USHRT_MAX . - rdma/cma: Avoid triggering undefined behavior . - rdma/i40iw: Remove MSS change support . - rds: Fix NULL pointer dereference in __rds_rdma_map . - rds: Heap OOB write in rds_message_alloc_sgs . - rds: null pointer dereference in rds_atomic_free_op . - Re-enable fixup detection by CPU type in case hypervisor call fails. - regulator: core: Rely on regulator_dev_release to free constraints . - regulator: da9063: Return an error code on probe failure . - regulator: pwm: Fix regulator ramp delay for continuous mode . - regulator: Try to resolve regulators supplies on registration . - Revert quot;Bluetooth: btusb: driver to enable the usb-wakeup featurequot; . - Revert quot;drm/armada: Fix compile failquot; . - Revert quot;drm/radeon: dont switch vt on suspendquot; . - Revert quot;ipsec: Fix aborted xfrm policy dump crashquot; . - Revert quot;kaiser: vmstat show NR_KAISERTABLE as nr_overheadquot; . - Revert quot;lib/genalloc.c: make the avail variable an atomic_long_tquot; . - Revert quot;module: Add retpoline tag to VERMAGICquot; . - Revert quot;module: Add retpoline tag to VERMAGICquot; . - Revert quot;netlink: add a start callback for starting a netlink dumpquot; . - Revert quot;ocfs2: should wait dio before inode lock in ocfs2_setattrquot; . - Revert quot;Re-enable fixup detection by CPU type in case hypervisor call fails.quot; The firmware update is required for the existing instructions to also do the cache flush. - Revert quot;s390/kbuild: enable modversions for symbols exported from asmquot; . - Revert quot;sched/deadline: Use the revised wakeup rule for suspending constrained dl tasksquot; . - Revert quot;scsi: libsas: align sata_device"s rps_resp on a cachelinequot; . - Revert quot;spi: SPI_FSL_DSPI should depend on HAS_DMAquot; . - Revert quot;userfaultfd: selftest: vm: allow to build in vm/ directoryquot; . - Revert quot;x86/efi: Build our own page table structuresquot; . - Revert quot;x86/efi: Hoist page table switching code into efi_call_virtquot; . - Revert quot;x86/mm/pat: Ensure cpa-gt;pfn only contains page frame numbersquot; . - rfi-flush: Make DEBUG_RFI a CONFIG option . - ring-buffer: Mask out the info bits when returning buffer page length . - route: also update fnhe_genid when updating a route cache . - route: update fnhe_expires for redirect when the fnhe exists . - rtc: cmos: Initialize hpet timer before irq is registered . - rtc: pcf8563: fix output clock rate . - rtc: pl031: make interrupt optional . - rtc: set the alarm to the next expiring timer . - s390: always save and restore all registers on context switch . - s390/cpuinfo: show facilities as reported by stfle . - s390: fix compat system call table . - s390/pci: do not require AIS facility . - s390/qeth: no ETH header for outbound AF_IUCV . - s390/runtime instrumentation: simplify task exit handling . - sch_dsmark: fix invalid skb_cow usage . - sched/deadline: Make sure the replenishment timer fires in the next period . - sched/deadline: Throttle a constrained deadline task activated after the deadline . - sched/deadline: Use deadline instead of period when calculating overflow . - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks . - sched/deadline: Zero out positive runtime after throttling constrained tasks . - sched/rt: Do not pull from current CPU if only one CPU to pull . - scsi: bfa: integer overflow in debugfs . - scsi: cxgb4i: fix Tx skb leak . - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS . - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading . - scsi: hpsa: destroy sas transport properties before scsi_host . - scsi: libsas: align sata_device"s rps_resp on a cacheline . - scsi: lpfc: Use after free in lpfc_rq_buf_free . - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive . - scsi: sd: change allow_restart to bool in sysfs interface . - scsi: sd: change manage_start_stop to bool in sysfs interface . - scsi: sg: disable SET_FORCE_LOW_DMA . - scsi: sr: wait for the medium to become ready . - sctp: do not allow the v4 socket to bind a v4mapped v6 address . - sctp: do not free asoc when it is already dead in sctp_sendmsg . - sctp: Replace use of sockets_allocated with specified macro . - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf . - sctp: use the right sk after waking up from wait_buf sleep . - selftest/powerpc: Fix false failures for skipped tests . - selftests/x86: Add test_vsyscall . - selftests/x86/ldt_get: Add a few additional tests for limits . - serial: 8250_pci: Add Amazon PCI serial device ID . - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X . - series.conf: move core networking into sorted section - series.conf: whitespace cleanup - Set supported_modules_check 1 . - sfc: do not warn on successful change of MAC . - sh_eth: fix SH7757 GEther initialization . - sh_eth: fix TSU resource handling . - sit: update frag_off info . - sock: free skb in skb_complete_tx_timestamp on error . - sparc64/mm: set fields in deferred pages . - spi_ks8995: fix quot;BUG: key accdaa28 not in .data!quot; . - spi: sh-msiof: Fix DMA transfer size check . - spi: xilinx: Detect stall with Unknown commands . - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl . - sunrpc: add auth_unix hash_cred function . - sunrpc: add generic_auth hash_cred function . - sunrpc: add hash_cred function to rpc_authops struct . - sunrpc: add RPCSEC_GSS hash_cred function . - sunrpc: Fix rpc_task_begin trace point . - sunrpc: replace generic auth_cred hash with auth-specific function . - sunrpc: use supplimental groups in auth hash . - sunxi-rsb: Include OF based modalias in device uevent . - sysfs/cpu: Add vulnerability folder . - sysfs/cpu: Fix typos in vulnerability documentation . - sysfs: spectre_v2, handle spec_ctrl . - sysrq : fix Show Regs call trace on ARM . - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK . - target/file: Do not return error for UNMAP if length is zero . - target: fix ALUA transition timeout handling . - target:fix condition return in core_pr_dump_initiator_port . - target: fix race during implicit transition work flushes . - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd . - target: Use system workqueue for ALUA transitions . - tcp: correct memory barrier usage in tcp_check_space . - tcp: fix under-evaluated ssthresh in TCP Vegas . - tcp md5sig: Use skb"s saddr when replying to an incoming segment . - tcp: __tcp_hdrlen helper . - tg3: Fix rx hang on MTU change with 5717/5719 . - thermal/drivers/step_wise: Fix temperature regulation misbehavior . - thermal: hisilicon: Handle return value of clk_prepare_enable . - tipc: fix cleanup at module unload . - tipc: fix memory leak in tipc_accept_from_sock . - tipc: improve link resiliency when rps is activated . - tracing: Allocate mask_str buffer dynamically . - tracing: Fix converting enum"s from the map in trace_event_eval_update . - tracing: Fix crash when it fails to alloc ring buffer . - tracing: Fix possible double free on failure of allocating trace buffer . - tracing: Remove extra zeroing out of the ring buffer page . - tty fix oops when rmmod 8250 . - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices . - uas: ignore UAS for Norelsys NS1068 chips . - udf: Avoid overflow when session starts at large offset . - um: link vmlinux with -no-pie . - usb: Add device quirk for Logitech HD Pro Webcam C925e . - usb: add RESET_RESUME for ELSA MicroLink 56K . - usb: core: Add type-specific length check of BOS descriptors . - usb: core: prevent malicious bNumInterfaces overflow . - usb: devio: Prevent integer overflow in proc_do_submiturb . - usb: Fix off by one in type-specific length check of BOS SSP capability . - usb: fix usbmon BUG trigger . - usb: gadget: configs: plug memory leak . - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping . - usb: gadgetfs: Fix a potential memory leak in "dev_config" . - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed . - usb: gadget: udc: remove pointer dereference after free . - usb: hub: Cycle HUB power when initialization fails . - usb: Increase usbfs transfer limit . - usbip: Fix implicit fallthrough warning . - usbip: Fix potential format overflow in userspace tools . - usbip: fix stub_rx: get_pipe to validate endpoint number . - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input . - usbip: fix stub_send_ret_submit vulnerability to null transfer_buffer . - usbip: fix usbip bind writing random string after command in match_busid . - usbip: prevent leaking socket pointer address in messages . - usbip: prevent vhci_hcd driver from leaking a socket pointer address . - usbip: remove kernel addresses from usb device and urb debug msgs . - usbip: stub: stop printing kernel pointer addresses in messages . - usbip: vhci: stop printing kernel pointer addresses in messages . - usb: misc: usb3503: make sure reset is low for at least 100us . - usb: musb: da8xx: fix babble condition handling . - usb: phy: isp1301: Add OF device ID table . - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled . - usb: phy: tahvo: fix error handling in tahvo_usb_probe . - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub . - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ . - usb: serial: cp210x: add new device ID ELV ALC 8xxx . - usb: serial: ftdi_sio: add id for Airbus DS P8GR . - usb: serial: option: adding support for YUGA CLM920-NC5 . - usb: serial: option: add Quectel BG96 id . - usb: serial: option: add support for Telit ME910 PID 0x1101 . - usb: serial: qcserial: add Sierra Wireless EM7565 . - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID . - usb: usbfs: Filter flags passed in from user space . - usb: usbip: Fix possible deadlocks reported by lockdep . - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 . - usb: xhci: fix panic in xhci_free_virt_devices_depth_first . - userfaultfd: selftest: vm: allow to build in vm/ directory . - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE . - video: fbdev: au1200fb: Release some resources if a memory allocation fails . - video: fbdev: au1200fb: Return an error code if a memory allocation fails . - virtio: release virtio index when fail to device_register . - vmxnet3: repair memory leak . - vsyscall: Fix permissions for emulate mode with KAISER/PTI . - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend . - vti6: Do not report path MTU below IPV6_MIN_MTU . - vti6: fix device register to report IFLA_INFO_KIND . - workqueue: trigger WARN if queue_delayed_work is called with NULL @wq . - writeback: fix memory leak in wb_queue_work . - x.509: fix buffer overflow detection in sprint_oid . - x509: fix printing uninitialized stack memory when OID is empty . - x.509: reject invalid BIT STRING for subjectPublicKey . - x86/acpi: Handle SCI interrupts above legacy space gracefully . - x86/acpi: Reduce code duplication in mp_override_legacy_irq . - x86/alternatives: Add missing "\n" at end of ALTERNATIVE inline asm . - x86/alternatives: Fix optimize_nops checking . - x86/apic/vector: Fix off by one in error path . - x86/asm/32: Make sync_core handle missing CPUID on all 32-bit kernels . - x86/boot: Fix early command-line parsing when matching at end . - x86/cpu: Factor out application of forced CPU caps . - x86/cpufeatures: Add X86_BUG_CPU_INSECURE . - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] . - x86/cpufeatures: Make CPU bugs sticky . - x86/cpu: Implement CPU vulnerabilites sysfs functions . - x86/cpu: Merge bugs.c and bugs_64.c . - x86/cpu: Rename Merrifield2 to Moorefield . - x86/cpu: Rename quot;WESTMERE2quot; family to quot;NEHALEM_Gquot; . - x86/cpu, x86/pti: Do not enable PTI on AMD processors . - x86/Documentation: Add PTI description . - x86/efi-bgrt: Replace early_memremap with memremap . - x86/efi: Build our own page table structures . - x86/efi: Hoist page table switching code into efi_call_virt . - x86/entry: Use SYSCALL_DEFINE macros for sys_modify_ldt . - x86/hpet: Prevent might sleep splat on resume . - x86/kasan: Clear kasan_zero_page after TLB flush . - x86/kasan: Write protect kasan zero shadow . - x86/microcode/intel: Extend BDW late-loading further with LLC size check . - x86/microcode/intel: Extend BDW late-loading with a revision check . - x86/mm/32: Move setup_clear_cpu_cap earlier . - x86/mm: Disable PCID on 32-bit kernels . - x86/mm/pat: Ensure cpa-gt;pfn only contains page frame numbers . - x86/PCI: Make broadcom_postcore_init check acpi_disabled . - x86/pti: Document fix wrong index . - x86/pti/efi: broken conversion from efi to kernel page table . - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN . - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active . - x86/smpboot: Remove stale TLB flush invocations . - x86/spectre_v2: fix ordering in IBRS initialization . - x86/spectre_v2: nospectre_v2 means nospec too . - x86/tlb: Drop the _GPL from the cpu_tlbstate export . - x86/vm86/32: Switch to flush_tlb_mm_range in mark_screen_rdonly . - xen-netfront: avoid crashing on resume after a failure in talk_to_netback . - xen-netfront: Improve error handling during initialization . - xfrm: Copy policy family in clone_policy . - xfs: add configurable error support to metadata buffers . - xfs: add configuration handlers for specific errors . - xfs: add configuration of error failure speed . - xfs: add quot;fail at unmountquot; error handling configuration . - xfs: Add infrastructure needed for error propagation during buffer IO failure . - xfs: address kabi for xfs buffer retry infrastructure . - xfs: configurable error behavior via sysfs . - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real . - xfs: fix log block underflow during recovery cycle verification . - xfs: fix up inode32/64 mount handling . - xfs: introduce metadata IO error class . - xfs: introduce table-based init for error behaviors . - xfs: Properly retry failed inode items in case of error during buffer writeback . - xfs: remove xfs_trans_ail_delete_bulk . - xhci: Do not add a virt_dev to the devs array before it"s fully allocated . - xhci: Fix ring leak in failure path of xhci_alloc_virt_device . - xhci: plat: Register shutdown for xhci_plat . - zram: set physical queue limits to avoid array out of bounds accesses . - x86/microcode/intel: Fix BDW late-loading revision check .