[El-errata] ELSA-2019-4836 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Nov 13 07:54:26 PST 2019
Oracle Linux Security Advisory ELSA-2019-4836
http://linux.oracle.com/errata/ELSA-2019-4836.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
kernel-uek-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1902.7.3.el7uek.aarch64.rpm
perf-4.14.35-1902.7.3.el7uek.aarch64.rpm
python-perf-4.14.35-1902.7.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1902.7.3.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.7.3.el7uek.src.rpm
Description of changes:
[4.14.35-1902.7.3.el7uek]
- rds: Rename rds_send_ping to rds_send_hs_ping (Håkon Bugge) [Orabug:
30418043]
- rds: Use {READ,WRITE}_ONCE for heartbeat start and state (Håkon Bugge)
[Orabug: 30418043]
- rds: Change heartbeat params from module params to sysctl (Håkon
Bugge) [Orabug: 30418043]
- rds: Fix and augment probe counters (Håkon Bugge) [Orabug: 30418043]
- rds: Introduce heartbeat interval (Håkon Bugge) [Orabug: 30418043]
- rds: Fix heartbeat (Håkon Bugge) [Orabug: 30418043]
- kexec: generate VMCOREINFO for modules (Isaac Chen) [Orabug: 30464386]
- rds: RDS does not flush IPv6 neighbor cache (Ka-Cheong Poon) [Orabug:
30283690]
- kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid)
[Orabug: 29967630] {CVE-2018-12207}
- kvm: Add helper function for creating VM worker threads (Junaid
Shahid) [Orabug: 29967630] {CVE-2018-12207}
- kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967630]
{CVE-2018-12207}
- x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug:
29967630] {CVE-2018-12207}
- KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini)
[Orabug: 29967630] {CVE-2018-12207}
- KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo
Bonzini) [Orabug: 29967630] {CVE-2018-12207}
- kvm: x86: Do not release the page inside mmu_set_spte() (Junaid
Shahid) [Orabug: 29967630] {CVE-2018-12207}
- kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967630]
{CVE-2018-12207}
- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko)
[Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan
Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/tsx: Add "auto" option to the tsx= cmdline parameter (Pawan Gupta)
[Orabug: 30419234] {CVE-2019-11135}
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta)
[Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan
Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta)
[Orabug: 30419234] {CVE-2019-11135}
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
(Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta)
[Orabug: 30419234] {CVE-2019-11135}
- x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419234]
{CVE-2019-11135}
[4.14.35-1902.7.2.el7uek]
- floppy: fix div-by-zero in setup_format_params (Denis Efremov)
[Orabug: 30447842] {CVE-2019-14284}
- perfutil: Warn when exceeding MAX_NR_CPUS in cpumap (Kyle Meyer)
[Orabug: 30441330]
- perf header: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer)
[Orabug: 30441330]
- perf machine: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle
Meyer) [Orabug: 30441330]
- perf session: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle
Meyer) [Orabug: 30441330]
- perf stat: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer)
[Orabug: 30441330]
- perf svghelper: Replace MAX_NR_CPUS with perf_env::nr_cpus_online
(Kyle Meyer) [Orabug: 30441330]
- perf timechart: Refactor svg_build_topology_map() (Kyle Meyer)
[Orabug: 30441330]
- perf tools: Increase MAX_NR_CPUS and MAX_CACHES (Kyle Meyer) [Orabug:
30441330]
- x86/boot/64: Round memory hole size up to next PMD page (Steve Wahl)
[Orabug: 30441300]
- x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
(Steve Wahl) [Orabug: 30441300]
- ACPICA: Increase total number of possible Owner IDs (Bob Moore)
[Orabug: 30448814]
[4.14.35-1902.7.1.el7uek]
- tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue (Tim
Froidcoeur) [Orabug: 30331228]
- tcp: be more careful in tcp_fragment() (Eric Dumazet) [Orabug: 30331228]
- tcp: refine memory limit test in tcp_fragment() (Eric Dumazet)
[Orabug: 30331228]
- scsi: mpt3sas: Bump mpt3sas driver version to 32.100.00.00 (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fix module parameter max_msix_vectors (Sreekanth Reddy)
[Orabug: 30376510]
- scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Use Component img header to get Package ver (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fail release cmnd if diag buffer is released (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Add app owned flag support for diag buffer (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Reuse diag buffer allocated at load time (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: clear release bit when buffer reregistered (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Maintain owner of buffer through UniqueID (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Free diag buffer without any status check (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fix clear pending bit in ioctl status (Sreekanth Reddy)
[Orabug: 30376510]
- scsi: mpt3sas: Display message before releasing diag buffer (Sreekanth
Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Register trace buffer based on NVDATA settings
(Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Update driver version to 31.100.00.00 (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Run SAS DEVICE STATUS CHANGE EVENT from ISR (Suganath
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Reduce the performance drop (Suganath Prabu) [Orabug:
30299961]
- scsi: mpt3sas: Handle fault during HBA initialization (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Add sysfs to know supported features (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Support MEMORY MOVE Tool box command (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Allow ioctls to blocked access status NVMe (Suganath
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Enumerate SES of a managed PCIe switch (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Update MPI headers to 2.6.8 spec (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Gracefully handle online firmware update (Suganath
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: memset request frame before reusing (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Add support for PCIe Lane margin (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: support target smid for [abort|query] task (Minwoo Im)
[Orabug: 30299961]
- scsi: mpt3sas: clean up a couple sizeof() uses (Dan Carpenter)
[Orabug: 30299961]
- scsi: mpt3sas: Fix msix load balance on and off settings (Sreekanth
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Determine smp affinity on per HBA basis (Sreekanth
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Use configured PCIe link speed, not max (Sreekanth
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Remove CPU arch check to determine perf_mode (Sreekanth
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (Tomas Henzl) [Orabug: 30299961]
- scsi: mpt3sas: make driver options visible in sys (Tomas Henzl)
[Orabug: 30299961]
- scsi: mpt3sas: Mark expected switch fall-through (Gustavo A. R. Silva)
[Orabug: 30299961]
- scsi: mpt3sas: Update driver version to 29.100.00.00 (Suganath Prabu
S) [Orabug: 30299961]
- scsi: mpt3sas: Introduce perf_mode module parameter (Suganath Prabu S)
[Orabug: 30299961]
- scsi: mpt3sas: Enable interrupt coalescing on high iops (Suganath
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Affinity high iops queues IRQs to local node (Suganath
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: save and use MSI-X index for posting RD (Suganath Prabu
S) [Orabug: 30299961]
- scsi: mpt3sas: Use high iops queues under some circumstances (Suganath
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: change _base_get_msix_index prototype (Suganath Prabu
S) [Orabug: 30299961]
- scsi: mpt3sas: Add flag high_iops_queues (Suganath Prabu S) [Orabug:
30299961]
- scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (Suganath
Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: function pointers of request descriptor (Suganath Prabu
S) [Orabug: 30299961]
- scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (Gen
Zhang) [Orabug: 30299961]
- scsi: mpt3sas: fix indentation issue (Colin Ian King) [Orabug: 30299961]
- scsi: mpt3sas: Fix kernel panic during expander reset (Sreekanth
Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (Suganath
Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Improve the threshold value and introduce module param
(Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Load balance to improve performance and avoid soft
lockups (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Irq poll to avoid CPU hard lockups (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: simplify interrupt handler (Suganath Prabu) [Orabug:
30299961]
- scsi: mpt3sas: Fix typo in request_desript_type (Suganath Prabu)
[Orabug: 30299961]
- scsi: mpt3sas: Add missing breaks in switch statements (Gustavo A. R.
Silva) [Orabug: 30299961]
- scsi: mpt3sas: Update driver version to 27.102.00.00 (Suganath Prabu
S) [Orabug: 30299961]
- scsi: mpt3sas: Add support for ATLAS PCIe switch (Suganath Prabu S)
[Orabug: 30299961]
- scsi: mpt3sas: Add support for NVMe Switch Adapter (Suganath Prabu S)
[Orabug: 30299961]
- scsi: mpt3sas: Rename mpi endpoint device ID macro. (Suganath Prabu S)
[Orabug: 30299961]
- scsi: mpt3sas: mpt3sas_scsih: Mark expected switch fall-through
(Gustavo A. R. Silva) [Orabug: 30299961]
[4.14.35-1902.7.0.el7uek]
- rds: fix uninteneded increase of rds_rdma:pool->max_items_soft
(Manjunath Patil) [Orabug: 30397933]
- ACPI / APEI: Fix parsing HEST that includes Deferred Machine Check
subtable (Yazen Ghannam) [Orabug: 30385327]
- rds: add ibmr to busy_list in flush code path (Manjunath Patil)
[Orabug: 30383090]
- net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing)
[Orabug: 30350262] {CVE-2019-15916}
- kernel-uek.spec: defuse a memory bomb in xargs (Lukáš Lipinský)
[Orabug: 30339974]
- xen-netfront: do not use ~0U as error return value for
xennet_fill_frags() (Dongli Zhang) [Orabug: 30395404]
More information about the El-errata
mailing list