[El-errata] ELBA-2019-1337 Oracle Linux 7 kernel bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jun 5 10:49:17 PDT 2019 

Oracle Linux Bug Fix Advisory ELBA-2019-1337

http://linux.oracle.com/errata/ELBA-2019-1337.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-957.21.2.el7.x86_64.rpm
kernel-3.10.0-957.21.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-957.21.2.el7.noarch.rpm
kernel-debug-3.10.0-957.21.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.21.2.el7.x86_64.rpm
kernel-devel-3.10.0-957.21.2.el7.x86_64.rpm
kernel-doc-3.10.0-957.21.2.el7.noarch.rpm
kernel-headers-3.10.0-957.21.2.el7.x86_64.rpm
kernel-tools-3.10.0-957.21.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.21.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.21.2.el7.x86_64.rpm
perf-3.10.0-957.21.2.el7.x86_64.rpm
python-perf-3.10.0-957.21.2.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-957.21.2.el7.src.rpm



Description of changes:

[3.10.0-957.21.2.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-957.21.2.el7]
- [security] xattr: use RH_KABI_CONST to avoid 
security_inode_init_security checksum change (Cestmir Kalina) [1702286 
1710633]

[3.10.0-957.21.1.el7]
- [x86] spec_ctrl: Update MDS mitigation status after late microcode 
load (Waiman Long) [1712998 1712993 1710501 1710498] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] speculation/mds: Properly set/clear mds_idle_clear static key 
(Waiman Long) [1713004 1707292] {CVE-2018-12126 CVE-2018-12130 
CVE-2018-12127 CVE-2019-11091}

[3.10.0-957.20.1.el7]
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with 
mitigations off (Waiman Long) [1692597 1692598 1692599 1705815 1690335 
1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 
CVE-2019-11091}
- [x86] x86/speculation/mds: Fix comment (Waiman Long) [1692597 1692598 
1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation 
decisions (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 
1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 
CVE-2019-11091}
- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [kernel] x86/speculation: Remove redundant arch_smt_update() 
invocation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 
1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 
CVE-2019-11091}
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode 
load (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 
1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 
CVE-2019-11091}
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] Documentation: Add MDS vulnerability documentation 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] Documentation: Move L1TF to separate directory (Waiman 
Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman 
Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle 
entry (Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 
1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 
CVE-2019-11091}
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman 
Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 
1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 
1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 
1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 
1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [kernel] sched/smt: Make sched_smt_present track topology (Waiman 
Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of 
cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1705815 1690335 
1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 
CVE-2019-11091}
- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP 
mitigation (Waiman Long) [1692597 1692598 1692599 1705815 1690335 
1690348 1690358 1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 
CVE-2019-11091}
- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available 
(Waiman Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 
1709296] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 
1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman 
Long) [1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 
1692598 1692599 1705815 1690335 1690348 1690358 1709296] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}
- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) 
[1692597 1692598 1692599 1705815 1690335 1690348 1690358 1709296] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091}

[3.10.0-957.19.1.el7]
- [security] selinux: always allow mounting submounts (Ondrej Mosnacek) 
[1702923 1077929]
- [block] Make blk_queue_enter() reexamine the DYING flag (Ming Lei) 
[1702921 1701348]
- [block] wakeup tasks blocked on q->mq_freeze_wq (Ming Lei) [1702921 
1701348]
- [fs] revert "[fs] xfs: use rhashtable to track buffer cache" (Brian 
Foster) [1702922 1658749]
- [fs] xfs: hold xfs_buf locked between shortform->leaf conversion and 
the addition of an attribute (Brian Foster) [1701293 1613405]
- [fs] xfs: add the ability to join a held buffer to a defer_ops (Brian 
Foster) [1701293 1613405]
- [fs] xfs: refactor buffer logging into buffer dirtying helper (Brian 
Foster) [1701293 1613405]
- [char] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash 
(Tony Camuso) [1701991 1692236]
- [char] ipmi_si: Fix crash when using hard-coded device (Tony Camuso) 
[1701991 1692236]
- [char] ipmi: Remove platform driver overrides and use the id_table 
(Tony Camuso) [1701991 1692236]
- [security] xattr: Constify ->name member of "struct xattr" (Aaron 
Tomlin) [1702286 1607307]
- [net] ipv6 Use get_hash_from_flowi6 for rt6 hash (Sabrina Dubroca) 
[1702282 1625454]
- [s390] zcrypt: fix specification exception on z196 during ap probe 
(Hendrik Brueckner) [1700706 1669535]
- [md] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic 
checksum errors (Mike Snitzer) [1699722 1693466]
- [fs] blockdev: Fix livelocks on loop device (Lukas Czerner) [1698110 
1686149]
- [fs] ext4: fix crash during online resizing (Lukas Czerner) [1698110 
1686149]
- [fs] ext4: fix overflow caused by missing cast in ext4_resize_fs() 
(Lukas Czerner) [1698110 1671293]
- [powerpc] livepatch: return -ERRNO values in 
save_stack_trace_tsk_reliable() (Joe Lawrence) [1697867 1658435]
- [powerpc] livepatch: small cleanups in save_stack_trace_tsk_reliable() 
(Joe Lawrence) [1697867 1658435]
- [powerpc] livepatch: relax reliable stack tracer checks for 
first-frame (Joe Lawrence) [1697867 1658435]
- [powerpc] 64s: Make reliable stacktrace dependency clearer (Joe 
Lawrence) [1697867 1658435]
- [powerpc] 64s: Clear on-stack exception marker upon exception return 
(Joe Lawrence) [1697867 1658435]
- [powerpc] livepatch: Fix build error with kprobes disabled (Joe 
Lawrence) [1697867 1658435]
- [fs] xfs: don't screw up direct writes when freesp is fragmented 
(Brian Foster) [1693796 1667523]
- [nvme] ensure forward progress during Admin passthru (David Milburn) 
[1690519 1672428]

[3.10.0-957.18.1.el7]
- [s390] cputime: fix incorrect system time (Hendrik Brueckner) [1701743 
1698825]

[3.10.0-957.17.1.el7]
- [message] scsi: mptsas: Fixup device hotplug for VMWare ESXi (Tomas 
Henzl) [1699723 1661906]

[3.10.0-957.16.1.el7]
- [netdrv] net/mlx5e: Properly set steering match levels for offloaded 
TC decap rules (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Always use the match level enum when parsing TC 
rule match (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Support offloaded TC flows with no matches on 
headers (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Get the required HW match level while parsing TC 
flow matches (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Properly order min inline mode setup while parsing 
TC matches (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Avoid redundant zeroing of offloaded TC flow 
attributes (Alaa Hleihel) [1686292 1618427]
- [netdrv] net/mlx5e: Err if asked to offload TC match on frag being 
first (Alaa Hleihel) [1686292 1618427]
- [x86] hyperv: Stop suppressing X86_FEATURE_PCID (Vitaly Kuznetsov) 
[1697940 1691421]
- [net] geneve: correctly handle ipv6.disable module parameter (Jiri 
Benc) [1694981 1677049]
- [fs] ceph: Fix append mode for sync/direct write (Zheng Yan) [1696595 
1691227]
- [fs] ovl: fix return value from ovl_posix_acl_create() (Miklos 
Szeredi) [1696292 1677705]
- [x86] mm: Unbreak modules that use the DMA API (Gary Hook) [1695511 
1697241 1676613 1662887]
- [sound] alsa/hda: add more quirks for HP Z2 G4 and HP Z240 (Jaroslav 
Kysela) [1693562 1680180]
- [sound] alsa: hda/conexant - Add fixup for HP Z2 G4 workstation 
(Jaroslav Kysela) [1693562 1657855]
- [block] mtip32xx: fix memory corruption by initializing internal 
command header (Ming Lei) [1689929 1660292]
- [fs] nfsd: deal with revoked delegations appropriately (Dave 
Wysochanski) [1689811 1552203]

[3.10.0-957.15.1.el7]
- [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas 
Czerner) [1693561 1684780]
- [net] sched: act_csum: Fix csum calc for tagged packets (Ivan Vecera) 
[1693110 1676462]

[3.10.0-957.14.1.el7]
- [fs] move the call of __d_drop(anon) into 
__d_materialise_unique(dentry, anon) (Zheng Yan) [1692266 1627001]
- [fs] dcache: d_splice_alias should ignore DCACHE_DISCONNECTED (Zheng 
Yan) [1692266 1627001]
- [fs] dcache: d_splice_alias should detect loops (Zheng Yan) [1692266 
1627001]
- [fs] dcache: d_splice_alias mustn't create directory aliases (Zheng 
Yan) [1692266 1627001]
- [fs] dcache: close d_move race in d_splice_alias (Zheng Yan) [1692266 
1627001]
- [fs] dcache: move d_splice_alias (Zheng Yan) [1692266 1627001]
- [fs] dcache: don't clear DCACHE_DISCONNECTED too early (Zheng Yan) 
[1692266 1627001]
- [fs] dcache: Don't set DISCONNECTED on "pseudo filesystem" dentries 
(Zheng Yan) [1692266 1627001]
- [fs] dcache: use IS_ROOT to decide where dentry is hashed (Zheng Yan) 
[1692266 1627001]

[3.10.0-957.13.1.el7]
- [drm] drm/nouveau/kms/nv50-: also flush fb writes when rewinding push 
buffer (Ben Skeggs) [1690761 1669098]

More information about the El-errata mailing list