[El-errata] ELSA-2019-4820 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Oct 11 18:53:42 PDT 2019 

Oracle Linux Security Advisory ELSA-2019-4820

http://linux.oracle.com/errata/ELSA-2019-4820.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1902.6.6.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1902.6.6.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1902.6.6.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1902.6.6.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1902.6.6.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1902.6.6.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1902.6.6.el7uek.aarch64.rpm
perf-4.14.35-1902.6.6.el7uek.aarch64.rpm
python-perf-4.14.35-1902.6.6.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1902.6.6.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.6.6.el7uek.src.rpm



Description of changes:

[4.14.35-1902.6.6.el7uek]
- RDMA/restrack: Protect from reentry to resource return path (Leon 
Romanovsky) [Orabug: 30388717]

[4.14.35-1902.6.5.el7uek]
- hv_netvsc: fix vf serial matching with pci slot info (Haiyang Zhang) 
[Orabug: 30373111]
- rds: Use correct conn when dropping connections due to cancel (Håkon 
Bugge) [Orabug: 30293898]
- scsi: megaraid_sas: Introduce module parameter for default queue depth 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Fix a compilation warning (Qian Cai) [Orabug: 
30317396]
- scsi: megaraid_sas: Make a bunch of functions static (YueHaibing) 
[Orabug: 30317396]
- scsi: megaraid_sas: Update driver version to 07.710.50.00 (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: Add module parameter for FW Async event logging 
(Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: Enable msix_load_balance for Invader and later 
controllers (Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: Fix calculation of target ID (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Make some symbols static (YueHaibing) [Orabug: 
30317396]
- scsi: megaraid_sas: Update driver version to 07.710.06.00-rc1 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Introduce various Aero performance modes 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Use high IOPS queues based on IO workload 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Set affinity for high IOPS reply queues 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Enable coalescing for high IOPS queues 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Add support for High IOPS queues (Chandrakanth 
Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Add support for MPI toolbox commands (Chandrakanth 
Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Offload Aero RAID5/6 division calculations to 
driver (Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: RAID1 PCI bandwidth limit algorithm is applicable 
for only Ventura (Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: megaraid_sas: Add check for count returned by 
HOST_DEVICE_LIST DCMD (Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Handle sequence JBOD map failure at driver level 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Don't send FPIO to RL Bypass queue (Chandrakanth 
Patil) [Orabug: 30317396]
- scsi: megaraid_sas: In probe context, retry IOC INIT once if firmware 
is in fault (Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD 
timeout (Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Call disable_irq from process IRQ poll 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Remove few debug counters from IO path 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Add support for Non-secure Aero PCI IDs 
(Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Add 32 bit atomic descriptor support to AERO 
adapters (Chandrakanth Patil) [Orabug: 30317396]
- scsi: megaraid_sas: Use struct_size() helper (Gustavo A. R. Silva) 
[Orabug: 30317396]
(YueHaibing) [Orabug: 30317396]
- scsi: megaraid_sas: use DEVICE_ATTR_{RO, RW} (Tomas Henzl) [Orabug: 
30317396]
- scsi: megaraid_sas: use octal permissions instead of constants (Tomas 
Henzl) [Orabug: 30317396]
- scsi: megaraid_sas: make max_sectors visible in sys (Tomas Henzl) 
[Orabug: 30317396]
- scsi: megaraid_sas: remove set but not used variables 'buff_addr' and 
'ci_h' (YueHaibing) [Orabug: 30317396]
- scsi: megaraid_sas: remove set but not used variable 'sge_sz' 
(YueHaibing) [Orabug: 30317396]
- scsi: megaraid_sas: remove set but not used variables 'host' and 
'wait_time' (YueHaibing) [Orabug: 30317396]
- scsi: megaraid_sas: remove set but not used variable 'cur_state' 
(YueHaibing) [Orabug: 30317396]
- scsi: megaraid_sas: Update driver version to 07.708.03.00 (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: Export RAID map through debugfs (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Fix MSI-X vector print (Shivasharan S) [Orabug: 
30317396]
- scsi: megaraid_sas: Add debug prints for device list (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Add prints in suspend and resume path (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: Print firmware interrupt status (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Print FW fault information (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Export RAID map id through sysfs (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Print BAR information from driver (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Dump system registers for debugging (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: Dump system interface regs from sysfs (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: Add formatting option for megasas_dump 
(Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: Enhance internal DCMD timeout prints (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: Enhance prints in OCR and TM path (Sumit Saxena) 
[Orabug: 30317396]
- scsi: megaraid_sas: Load balance completions across all MSI-X 
(Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Block PCI config space access from userspace 
during OCR (Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: Rework code around controller reset (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: fw_reset_no_pci_access required for MFI adapters 
only (Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: Remove unused variable target_index (Shivasharan 
S) [Orabug: 30317396]
- scsi: megaraid_sas: fix spelling mistake "oustanding" -> "outstanding" 
(Colin Ian King) [Orabug: 30317396]
- scsi: megaraid_sas: Make megasas_host_device_list_query() static 
(YueHaibing) [Orabug: 30317396]
- scsi: megaraid_sas: reduce module load time (Steve Sistare) [Orabug: 
30317396]
- scsi: megaraid_sas: Remove a bunch of set but not used variables 
(YueHaibing) [Orabug: 30317396]
- scsi: megaraid_sas: driver version update (Shivasharan S) [Orabug: 
30317396]
- scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD 
(Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver 
(Shivasharan S) [Orabug: 30317396]
- scsi: megaraid_sas: Rework device add code in AEN path (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Rework code to get PD and LD list (Shivasharan S) 
[Orabug: 30317396]
- scsi: megaraid_sas: Retry reads of outbound_intr_status reg 
(Shivasharan S) [Orabug: 30317396]
- rds: ib: Optimize rds_ib_laddr_check (Håkon Bugge) [Orabug: 30327669]
- x86,sched: Allow topologies where NUMA nodes share an LLC (Mridula 
Shastry) [Orabug: 30068079]

[4.14.35-1902.6.4.el7uek]
- net/rds: Use DMA memory pool allocation for rds_header (Ka-Cheong 
Poon) [Orabug: 30358057]
- net/rds: Check laddr_check before calling it (Ka-Cheong Poon) [Orabug: 
30319176]
- x86/microcode/intel: Issue the revision updated message only on the 
BSP (Borislav Petkov) [Orabug: 30298021]
- x86/microcode: Update late microcode in parallel (Ashok Raj) [Orabug: 
30298021]
- xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink 
(YueHaibing) [Orabug: 30322228] {CVE-2019-15666}
- floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 
30318218] {CVE-2019-14283}
- ALSA: line6: Fix write on zero-sized buffer (Takashi Iwai) [Orabug: 
30254322] {CVE-2019-15221}

[4.14.35-1902.6.3.el7uek]
- KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug: 
30328863] {CVE-2019-14821} {CVE-2019-14821}
- net/rds: Incorrect work request accouting (Ka-Cheong Poon) [Orabug: 
30288715]
- vhost: make sure log_num < in_num (yongduan) [Orabug: 30313999] 
{CVE-2019-14835}
- vhost: block speculation of translated descriptors (Michael S. 
Tsirkin) [Orabug: 30313999] {CVE-2019-14835}
- vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30313999]
- RDMA/restrack: Release task struct which was hold by CM_ID object 
(Leon Romanovsky) [Orabug: 30307611]
- x86/speculation: Re-initialize x86_spec_ctrl_base/priv during late 
microcode update (Boris Ostrovsky) [Orabug: 30312533]
- x86/speculation: Properly initialize percpu variables (Boris 
Ostrovsky) [Orabug: 30312533]
- nfsd4: catch some false session retries (J. Bruce Fields) [Orabug: 
30172625]
- nfsd4: fix cached replies to solo SEQUENCE compounds (J. Bruce Fields) 
[Orabug: 30172625]
- net/rds: Fix info leak in rds6_inc_info_copy() (Ka-Cheong Poon) 
[Orabug: 30260894]
- A/A Bonding: Log ip_config details if it fails to find a failover port 
(Sudhakar Dindukurti) [Orabug: 30313262]
- A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch 
(Sudhakar Dindukurti) [Orabug: 30313262]
- KVM: svm: svm_set_msr(MSR_IA32_SPEC_CTRL) should allow SPEC_CTRL_SSBD 
bit (Liam Merwick) [Orabug: 30257820]
- rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 
30255694]
- xen-netfront: do not assume sk_buff_head list is empty in error 
handling (Dongli Zhang) [Orabug: 30313831]

[4.14.35-1902.6.2.el7uek]
- net/rds: An rds_sock is added too early to the hash table (Ka-Cheong 
Poon) [Orabug: 30304759]
- route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a 
race (Xin Long) [Orabug: 30276919]
- KVM: VMX: sync pending posted interrupts based on PIR (Luwei Kang) 
[Orabug: 30270374]
- Revert "KVM: x86: Recompute PID.ON when clearing PID.SN" (Joao 
Martins) [Orabug: 30270374]
- x86/tsc: Make calibration refinement more robust (Daniel Vacek) 
[Orabug: 30260381]
- xen/swiotlb: remember having called xen_create_contiguous_region() 
(Juergen Gross) [Orabug: 30255523]
- xen/swiotlb: simplify range_straddles_page_boundary() (Juergen Gross) 
[Orabug: 30255523]
- xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() 
(Juergen Gross) [Orabug: 30255523]
- xen-swiotlb: use actually allocated size on check physical continuous 
(Joe Jin) [Orabug: 30255523]
- Bluetooth: hci_uart: check for missing tty operations (Vladis Dronov) 
[Orabug: 30244614] {CVE-2019-10207} {CVE-2019-10207}
- IB/mlx5: Fix leaking stack memory to userspace (Jason Gunthorpe) 
[Orabug: 30244589] {CVE-2018-20855}
- mm: memcontrol: drain stocks on resize limit (Shakeel Butt) [Orabug: 
30229285]
- mm/memcontrol.c: try harder to decrease [memory,memsw].limit_in_bytes 
(Andrey Ryabinin) [Orabug: 30229285]
- memcg: refactor mem_cgroup_resize_limit() (Yu Zhao) [Orabug: 30229285]
- cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() 
to fix the accounting (Oleg Nesterov) [Orabug: 30229262]
- drivers: net: Remove unnecessary semicolon (YueHaibing) [Orabug: 29320005]
- net: cisco: enic: Replace GFP_ATOMIC with GFP_KERNEL (Jia-Ju Bai) 
[Orabug: 29320005]
- enic: fix UDP rss bits (Govindarajulu Varadarajan) [Orabug: 29320005]
- enic: drop IP proto check for vxlan tunnel delete (Govindarajulu 
Varadarajan) [Orabug: 29320005]
- enic: fix boolreturn.cocci warnings (Fengguang Wu) [Orabug: 29320005]
- enic: set IG desc cache flag in open (Govindarajulu Varadarajan) 
[Orabug: 29320005]
- enic: set UDP rss flag (Govindarajulu Varadarajan) [Orabug: 29320005]
- enic: Check if hw supports multi wq with vxlan offload (Govindarajulu 
Varadarajan) [Orabug: 29320005]
- enic: Add vxlan offload support for IPv6 pkts (Govindarajulu 
Varadarajan) [Orabug: 29320005]
- enic: Check inner ip proto for pseudo header csum (Govindarajulu 
Varadarajan) [Orabug: 29320005]
- enic: add wq clean up budget (Govindarajulu Varadarajan) [Orabug: 
29320005]
- enic: add sw timestamp support (Govindarajulu Varadarajan) [Orabug: 
29320005]
- enic: Add support for 'ethtool -g/-G' (Parvi Kaustubhi) [Orabug: 29320005]
- enic: reset fetch index (Parvi Kaustubhi) [Orabug: 29320005]
- cgroup: make code and documentation consistent for cgroup cpuset v2 
(chris hyser) [Orabug: 29447566]
- x86: cpu: update blacklist spec features for late loading (Mihai 
Carabas) [Orabug: 29336757]
- x86: cpu: bugs.c: update cpu_smt_disable to support late loading 
(Mihai Carabas) [Orabug: 29336757]
- x86: cpu: bugs.c: create microcode late loading logic (Mihai Carabas) 
[Orabug: 29336757]
- x86: cpu: bugs.c: remove init attribute from functions and variables 
(Mihai Carabas) [Orabug: 29336757]
- x86: kernel: cpu: bugs.c: modify static_has to boot_bas (Mihai 
Carabas) [Orabug: 29336757]
- x86: cpu: modify boot_command_line to saved_command_line (Mihai 
Carabas) [Orabug: 29336757]
- x86: cpu: microcode: update flags for all cpus (Mihai Carabas) 
[Orabug: 29336757]

[4.14.35-1902.6.1.el7uek]
- rds: Bring loop-back peer down as well (Håkon Bugge) [Orabug: 30290065]
- rds: ib: Avoid connect retry on loopback connections (Håkon Bugge) 
[Orabug: 30290065]
- net/rds: Adding missing "dev_put" to __flush_eth_arp_entry() (Gerd 
Rausch) [Orabug: 30290073]

More information about the El-errata mailing list