[El-errata] ELSA-2018-2164 Important: Oracle Linux 6 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jul 10 21:11:12 PDT 2018 

Oracle Linux Security Advisory ELSA-2018-2164

http://linux.oracle.com/errata/ELSA-2018-2164.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.32-754.2.1.el6.i686.rpm
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-debug-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm
kernel-headers-2.6.32-754.2.1.el6.i686.rpm
perf-2.6.32-754.2.1.el6.i686.rpm
python-perf-2.6.32-754.2.1.el6.i686.rpm

x86_64:
kernel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm
kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm
perf-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-2.6.32-754.2.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-754.2.1.el6.src.rpm



Description of changes:

[2.6.32-754.2.1.el6.OL6]
- Update genkey [bug 25599697]

[2.6.32-754.2.1.el6]
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) 
[1596113] {CVE-2018-10872}
- [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas 
Grunbacher) [1506281]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto 
Caringi) [1576757] {CVE-2018-10675}
- [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page() 
(Larry Woodman) [1381653]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin 
Coddington) [1553423]
- [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin 
Coddington) [1553423]
- [fs] NFSv4.1: Label each entry in the session slot tables with its 
slot number (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session 
pointer (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin 
Coddington) [1553423]
- [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots 
(Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression 
(Benjamin Coddington) [1553423]
- [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310]
- [scsi] ipr: Wait to do async scan until scsi host is initialized 
(Gustavo Duarte) [1572310]

[2.6.32-754.1.1.el6]
- [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava) 
[1574592]
- [x86] microcode: Synchronize late microcode loading (Prarit Bhargava) 
[1574592]
- [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1574592]
- [x86] microcode: Sanitize per-cpu microcode reloading interface 
(Prarit Bhargava) [1574592]
- [x86] virt_spec_ctrl: Set correct host SSDB value for AMD (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions 
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Disable SSBD update from scheduler if not user 
settable (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584356] 
{CVE-2018-3639}
- [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU 
features (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584356] 
{CVE-2018-3639}
- [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584356] 
{CVE-2018-3639}
- [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) 
[1584356] {CVE-2018-3639}
- [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) 
[1584356] {CVE-2018-3639}
- [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG 
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) 
[1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading 
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value 
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Rework speculative_store_bypass_update() (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Add virtualized speculative store bypass disable 
support (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream 
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584356] 
{CVE-2018-3639}
- [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) 
[1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS 
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Fix missing void (Waiman Long) [1584356] {CVE-2018-3639}
- [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) 
[1584356] {CVE-2018-3639}
- [x86] speculation: Make "seccomp" the default mode for Speculative 
Store Bypass (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Move speculation migitation control to arch code 
(Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584356] 
{CVE-2018-3639}
- [uapi] prctl: Add force disable speculation (Waiman Long) [1584356] 
{CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) 
[1584356] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman 
Long) [1584356] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long) 
[1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Show IBPB in the Spectre_v2 sysfs file (Waiman Long) 
[1584356] {CVE-2018-3639}
- [x86] pti: Check MSR_IA32_ARCH_CAPABILITIES for Meltdown 
vulnearability (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream 
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] pti: Fix kexec warning on debug kernel (Waiman Long) [1584356] 
{CVE-2018-3639}
- [x86] kvm/fpu: Enable eager FPU restore (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] always enable eager FPU by default (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Load xsave pointer *after* initialization (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: Fix 32-bit signal frame handling (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Always restore_xinit_state() when use_eager_cpu() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Rename drop_init_fpu() to fpu_reset_state() (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: Fix math_state_restore() race with kernel_fpu_begin() 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fold __drop_fpu() into its sole user (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse drop_init_fpu() in flush_thread() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce restore_init_xstate() (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Document user_fpu_begin() (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change xstateregs_get()/set() to use ->xsave.i387 rather 
than ->fxsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Always allow FPU in interrupt if use_eager_fpu() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce per-cpu in_kernel_fpu state (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change math_error() to use unlazy_fpu(), kill (now) unused 
save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Merge simd_math_error() into math_error() (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't reset thread.fpu_counter (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: shift drop_init_fpu() from save_xstate_sig() to 
handle_signal() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Allow FPU to be used at interrupt time even with eagerfpu (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387.c: Initialize thread xstate only on CPU0 only once (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: fix kvm's usage of kernel_fpu_begin/end() (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] rhel: initialize scattered CPUID features early (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: make eagerfpu= boot param tri-state (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: enable eagerfpu by default for xsaveopt (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: decouple non-lazy/eager fpu restore from xsave (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: use non-lazy fpu restore for processors supporting xsave 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: remove unnecessary user_fpu_end() in save_xstate_sig() 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop_fpu() before restoring new state from sigframe (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Unify signal handling code paths for x86 and x86_64 kernels 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop the fpu state during thread exit (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] signals: ia32_signal.c: add __user casts to fix sparse warnings 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Consolidate inline asm routines for saving/restoring fpu 
state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] signal: Cleanup ifdefs and is_ia32, is_x32 (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu/xsave: Keep __user annotation in casts (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] extable: Remove open-coded exception table entries in 
arch/x86/include/asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665}
into exported and internal interfaces (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] i387: Uninline the generic FP helpers that we expose to kernel 
modules (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: (DON'T ACTUALLY) support lazy restore of FPU state (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: use 'restore_fpu_checking()' directly in task switching 
code (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix up some fpu_counter confusion (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] i387: re-introduce FPU state preloading at context switch time 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU flag from thread_info to task_struct 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to 
restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: do not preload FPU state at task switch time (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: don't ever touch TS_USEDFPU directly, use helper functions 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU clearing out of __save_init_fpu and into 
callers (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix x86-64 preemption-unsafe user stack save/restore 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: math_state_restore() isn't called from asm (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fix potentially dangerous trailing '; ' in #defined 
values/expressions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Fix FPU exception handling on non-SSE systems 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Fix common misspellings (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: Initialize fpu state in preemptible context (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] fpu: Merge fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Rewrite fpu_save_init() (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Remove PSHUFB_XMM5_* macros (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Remove unnecessary ifdefs from i387 code. (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Simplify constraints for fxsave/fxtstor (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Fix cs value in convert_from_fxsr() (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Disable preemption when using TS_USEDFPU (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge __save_init_fpu() (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Merge tolerant_fwait() (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] fpu: Merge fpu_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Disable xsave in i387 emulation mode (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] xsave: Make xstate_enable_boot_cpu() __init, protect on CPU 0 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Add __init attribute to setup_xstate_features() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Make init_xstate_buf static (Paolo Bonzini) [1589047] 
{CVE-2018-3665}
- [x86] xsave: Check cpuid level for XSTATE_CPUID (0x0d) (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] xsave: Introduce xstate enable functions (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] xsave: Do not include asm/i387.h in asm/xsave.h (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] Avoid unnecessary __clear_user() and xrstor in signal handling 
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Cleanup return codes in check_for_xstate() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Separate fpu and xsave initialization (Paolo Bonzini) 
[1589047] {CVE-2018-3665}
- [x86] xsave: Move boot cpu initialization to xsave_init() (Paolo 
Bonzini) [1589047] {CVE-2018-3665}
- [x86] Revert "[x86] fpu: change save_i387_xstate() to rely on 
unlazy_fpu()" (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Revert "[x86] fpu: shift clear_used_math() from 
save_i387_xstate() to handle_signal()" (Paolo Bonzini) [1589047] 
{CVE-2018-3665}

More information about the El-errata mailing list