[El-errata] ELSA-2019-4836 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Nov 13 07:54:26 PST 2019


Oracle Linux Security Advisory ELSA-2019-4836

http://linux.oracle.com/errata/ELSA-2019-4836.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1902.7.3.el7uek.aarch64.rpm
perf-4.14.35-1902.7.3.el7uek.aarch64.rpm
python-perf-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1902.7.3.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.7.3.el7uek.src.rpm



Description of changes:

[4.14.35-1902.7.3.el7uek]
- rds: Rename rds_send_ping to rds_send_hs_ping (Håkon Bugge) [Orabug: 
30418043]
- rds: Use {READ,WRITE}_ONCE for heartbeat start and state (Håkon Bugge) 
[Orabug: 30418043]
- rds: Change heartbeat params from module params to sysctl (Håkon 
Bugge) [Orabug: 30418043]
- rds: Fix and augment probe counters (Håkon Bugge) [Orabug: 30418043]
- rds: Introduce heartbeat interval (Håkon Bugge) [Orabug: 30418043]
- rds: Fix heartbeat (Håkon Bugge) [Orabug: 30418043]
- kexec: generate VMCOREINFO for modules (Isaac Chen) [Orabug: 30464386]
- rds: RDS does not flush IPv6 neighbor cache (Ka-Cheong Poon) [Orabug: 
30283690]
- kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) 
[Orabug: 29967630] {CVE-2018-12207}
- kvm: Add helper function for creating VM worker threads (Junaid 
Shahid) [Orabug: 29967630] {CVE-2018-12207}
- kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967630] 
{CVE-2018-12207}
- x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 
29967630] {CVE-2018-12207}
- KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) 
[Orabug: 29967630] {CVE-2018-12207}
- KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo 
Bonzini) [Orabug: 29967630] {CVE-2018-12207}
- kvm: x86: Do not release the page inside mmu_set_spte() (Junaid 
Shahid) [Orabug: 29967630] {CVE-2018-12207}
- kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967630] 
{CVE-2018-12207}
- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) 
[Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan 
Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/tsx: Add "auto" option to the tsx= cmdline parameter (Pawan Gupta) 
[Orabug: 30419234] {CVE-2019-11135}
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) 
[Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan 
Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) 
[Orabug: 30419234] {CVE-2019-11135}
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default 
(Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) 
[Orabug: 30419234] {CVE-2019-11135}
- x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419234] 
{CVE-2019-11135}

[4.14.35-1902.7.2.el7uek]
- floppy: fix div-by-zero in setup_format_params (Denis Efremov) 
[Orabug: 30447842] {CVE-2019-14284}
- perfutil: Warn when exceeding MAX_NR_CPUS in cpumap (Kyle Meyer) 
[Orabug: 30441330]
- perf header: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer) 
[Orabug: 30441330]
- perf machine: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle 
Meyer) [Orabug: 30441330]
- perf session: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle 
Meyer) [Orabug: 30441330]
- perf stat: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer) 
[Orabug: 30441330]
- perf svghelper: Replace MAX_NR_CPUS with perf_env::nr_cpus_online 
(Kyle Meyer) [Orabug: 30441330]
- perf timechart: Refactor svg_build_topology_map() (Kyle Meyer) 
[Orabug: 30441330]
- perf tools: Increase MAX_NR_CPUS and MAX_CACHES (Kyle Meyer) [Orabug: 
30441330]
- x86/boot/64: Round memory hole size up to next PMD page (Steve Wahl) 
[Orabug: 30441300]
- x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area 
(Steve Wahl) [Orabug: 30441300]
- ACPICA: Increase total number of possible Owner IDs (Bob Moore) 
[Orabug: 30448814]

[4.14.35-1902.7.1.el7uek]
- tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue (Tim 
Froidcoeur) [Orabug: 30331228]
- tcp: be more careful in tcp_fragment() (Eric Dumazet) [Orabug: 30331228]
- tcp: refine memory limit test in tcp_fragment() (Eric Dumazet) 
[Orabug: 30331228]
- scsi: mpt3sas: Bump mpt3sas driver version to 32.100.00.00 (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fix module parameter max_msix_vectors (Sreekanth Reddy) 
[Orabug: 30376510]
- scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Use Component img header to get Package ver (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fail release cmnd if diag buffer is released (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Add app owned flag support for diag buffer (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Reuse diag buffer allocated at load time (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: clear release bit when buffer reregistered (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Maintain owner of buffer through UniqueID (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Free diag buffer without any status check (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fix clear pending bit in ioctl status (Sreekanth Reddy) 
[Orabug: 30376510]
- scsi: mpt3sas: Display message before releasing diag buffer (Sreekanth 
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Register trace buffer based on NVDATA settings 
(Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Update driver version to 31.100.00.00 (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Run SAS DEVICE STATUS CHANGE EVENT from ISR (Suganath 
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Reduce the performance drop (Suganath Prabu) [Orabug: 
30299961]
- scsi: mpt3sas: Handle fault during HBA initialization (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Add sysfs to know supported features (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Support MEMORY MOVE Tool box command (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Allow ioctls to blocked access status NVMe (Suganath 
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Enumerate SES of a managed PCIe switch (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Update MPI headers to 2.6.8 spec (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Gracefully handle online firmware update (Suganath 
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: memset request frame before reusing (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Add support for PCIe Lane margin (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: support target smid for [abort|query] task (Minwoo Im) 
[Orabug: 30299961]
- scsi: mpt3sas: clean up a couple sizeof() uses (Dan Carpenter) 
[Orabug: 30299961]
- scsi: mpt3sas: Fix msix load balance on and off settings (Sreekanth 
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Determine smp affinity on per HBA basis (Sreekanth 
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Use configured PCIe link speed, not max (Sreekanth 
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Remove CPU arch check to determine perf_mode (Sreekanth 
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (Tomas Henzl) [Orabug: 30299961]
- scsi: mpt3sas: make driver options visible in sys (Tomas Henzl) 
[Orabug: 30299961]
- scsi: mpt3sas: Mark expected switch fall-through (Gustavo A. R. Silva) 
[Orabug: 30299961]
- scsi: mpt3sas: Update driver version to 29.100.00.00 (Suganath Prabu 
S) [Orabug: 30299961]
- scsi: mpt3sas: Introduce perf_mode module parameter (Suganath Prabu S) 
[Orabug: 30299961]
- scsi: mpt3sas: Enable interrupt coalescing on high iops (Suganath 
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Affinity high iops queues IRQs to local node (Suganath 
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: save and use MSI-X index for posting RD (Suganath Prabu 
S) [Orabug: 30299961]
- scsi: mpt3sas: Use high iops queues under some circumstances (Suganath 
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: change _base_get_msix_index prototype (Suganath Prabu 
S) [Orabug: 30299961]
- scsi: mpt3sas: Add flag high_iops_queues (Suganath Prabu S) [Orabug: 
30299961]
- scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (Suganath 
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: function pointers of request descriptor (Suganath Prabu 
S) [Orabug: 30299961]
- scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (Gen 
Zhang) [Orabug: 30299961]
- scsi: mpt3sas: fix indentation issue (Colin Ian King) [Orabug: 30299961]
- scsi: mpt3sas: Fix kernel panic during expander reset (Sreekanth 
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (Suganath 
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Improve the threshold value and introduce module param 
(Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Load balance to improve performance and avoid soft 
lockups (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Irq poll to avoid CPU hard lockups (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: simplify interrupt handler (Suganath Prabu) [Orabug: 
30299961]
- scsi: mpt3sas: Fix typo in request_desript_type (Suganath Prabu) 
[Orabug: 30299961]
- scsi: mpt3sas: Add missing breaks in switch statements (Gustavo A. R. 
Silva) [Orabug: 30299961]
- scsi: mpt3sas: Update driver version to 27.102.00.00 (Suganath Prabu 
S) [Orabug: 30299961]
- scsi: mpt3sas: Add support for ATLAS PCIe switch (Suganath Prabu S) 
[Orabug: 30299961]
- scsi: mpt3sas: Add support for NVMe Switch Adapter (Suganath Prabu S) 
[Orabug: 30299961]
- scsi: mpt3sas: Rename mpi endpoint device ID macro. (Suganath Prabu S) 
[Orabug: 30299961]
- scsi: mpt3sas: mpt3sas_scsih: Mark expected switch fall-through 
(Gustavo A. R. Silva) [Orabug: 30299961]

[4.14.35-1902.7.0.el7uek]
- rds: fix uninteneded increase of rds_rdma:pool->max_items_soft 
(Manjunath Patil) [Orabug: 30397933]
- ACPI / APEI: Fix parsing HEST that includes Deferred Machine Check 
subtable (Yazen Ghannam) [Orabug: 30385327]
- rds: add ibmr to busy_list in flush code path (Manjunath Patil) 
[Orabug: 30383090]
- net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) 
[Orabug: 30350262] {CVE-2019-15916}
- kernel-uek.spec: defuse a memory bomb in xargs (Lukáš Lipinský) 
[Orabug: 30339974]
- xen-netfront: do not use ~0U as error return value for 
xennet_fill_frags() (Dongli Zhang) [Orabug: 30395404]





More information about the El-errata mailing list