The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update main focus is a regression fix in SystemV IPC handling. The following non-security bugs were fixed: - Drop cBPF SSBD as classic BPF does not really have a proper concept of pointers, and without eBPF maps the out-of-bounds access in speculative execution branch can"t be mounted. Moreoever, seccomp BPF uses only such a subset of BPF that can only do absolute indexing, and therefore seccomp data buffer boundarier can"t be crossed. Information condensed from Alexei and Kees. - ibrs used instead of retpoline on Haswell processor with spectre_v2=retpoline - ib/mlx4: Convert slave port before building address-handle . - KABI protect struct _lowcore . - Update config files, add Spectre mitigation for s390x . - Update s390 config files . - fanotify: fix logic of events on child . - ipc/msg: Fix faulty parsing of msgctl args . - ocfs2/dlm: Fix up kABI in dlm_ctxt . - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources . - powerpc, KVM: Split HVMODE_206 cpu feature bit into separate HV and architecture bits . - powerpc: Fix /proc/cpuinfo revision for POWER9 DD2 . - s390/cio: update chpid descriptor after resource accessibility event . - s390/dasd: fix IO error for newly defined devices . - s390/qdio: fix access to uninitialized qdio_q fields . - s390/qeth: on channel error, reject further cmd requests . - s390: add automatic detection of the spectre defense . - s390: add optimized array_index_mask_nospec . - s390: add sysfs attributes for spectre . - s390: correct module section names for expoline code revert . - s390: correct nospec auto detection init order . - s390: do not bypass BPENTER for interrupt system calls . - s390: fix retpoline build on 31bit . - s390: improve cpu alternative handling for gmb and nobp . - s390: introduce execute-trampolines for branches . - s390: move nobp parameter functions to nospec-branch.c . - s390: report spectre mitigation via syslog . - s390: run user space and KVM guests with modified branch prediction . - s390: scrub registers on kernel entry and KVM exit . - x86, mce: Fix mce_start_timer semantics . - x86/kaiser: symbol kaiser_set_shadow_pgd exported with non GPL