[El-errata] ELSA-2020-0834 Important: Oracle Linux 7 kernel security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Mar 18 22:29:41 PDT 2020 

Oracle Linux Security Advisory ELSA-2020-0834

http://linux.oracle.com/errata/ELSA-2020-0834.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1062.18.1.el7.noarch.rpm
kernel-debug-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-doc-3.10.0-1062.18.1.el7.noarch.rpm
kernel-headers-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.18.1.el7.x86_64.rpm
perf-3.10.0-1062.18.1.el7.x86_64.rpm
python-perf-3.10.0-1062.18.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.18.1.el7.src.rpm



Description of changes:

[3.10.0-1062.18.1.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [Orabug: 24817676]

[3.10.0-1062.18.1.el7]
- [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank 
Ramsay) [1798163 1773762]
- [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel 
area (Frank Ramsay) [1798163 1773762]
- [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) 
(Andreas Grunbacher) [1796431 1784550]
- [fs] gfs2: gfs2_create_inode(): don't bother with d_splice_alias() 
(Andreas Grunbacher) [1796431 1784550]
- [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas 
Grunbacher) [1796431 1784550]
- [scsi] scsi: hpsa: remove printing internal cdb on tag collision 
(Joseph Szczypek) [1793579 1741355]
- [scsi] scsi: hpsa: correct scsi command status issue after reset 
(Joseph Szczypek) [1793579 1741355]
- [infiniband] IB/mlx5: Fix MR registration flow to use UMR properly 
(Alaa Hleihel) [1792371 1741343]
- [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) 
[1791825 1760746]
- [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) 
[1791782 1761978]
- [block] block: don't change REQ_NR_BITS (Ming Lei) [1791781 1779712]
- [scsi] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Himanshu 
Madhani) [1791595 1729270]
- [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) 
[1789744 1780026]
- [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() 
(Nilesh Javali) [1784824 1772966]
- [md] md/raid10: prevent access of uninitialized resync_pages offset 
(Nigel Croxon) [1781584 1767935]
- [fs] fix inode leaks on d_splice_alias() failure exits (Miklos 
Szeredi) [1781159 1749390]
- [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while 
vmscan is active (David Howells) [1780149 1765975]
- [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1780035 1725396]
- [mm] mm: do_swap_page: clean up parameter list passing a pointer to 
struct vm_fault (Rafael Aquini) [1780035 1725396]
- [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte 
dereference (Rafael Aquini) [1780035 1725396]
- [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest 
that lack it (Paolo Bonzini) [1779766 1779768]
- [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality 
(Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) 
[1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo 
Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo 
Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES 
(Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo 
Bonzini) [1779766 1779768] {CVE-2019-19338}
- [s390] scsi: zfcp: fix reaction on bit error threshold notification 
(Philipp Rudo) [1778691 1765123]
- [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read 
(Stefano Brivio) [1778084 1753480]
- [net] revert "[net] ipv6: Display all addresses in output of 
/proc/net/if_inet6" (Stefano Brivio) [1778084 1753480]
- [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) 
[1775235 1775236] {CVE-2019-17666}
- [md] md: improve handling of bio with REQ_PREFLUSH in 
md_flush_request() (Xiao Ni) [1773482 1752061]
- [fs] fscache: Don't use a constructor function on the slab allocator 
(David Howells) [1793086 1739996]
- [mm] mm: fix insert_pfn regression (Jeff Moyer) [1793088 1739889]
- [mm] mm/page_idle.c: fix oops because end_pfn is larger than max_pfn 
(Rafael Aquini) [1768386 1730471]
- [mm] mm/mlock.c: mlockall error for flag MCL_ONFAULT (Rafael Aquini) 
[1768386 1730471]
- [mm] hugetlb: use same fault hash key for shared and private mappings 
(Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: on restore reserve error path retain subpool 
reservation (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory.c: fix modifying of page protection by insert_pfn() 
(Rafael Aquini) [1768386 1730471]
- [mm] mm, swap: bounds check swap_info array accesses to avoid NULL 
derefs (Rafael Aquini) [1768386 1730471]
- [mm] mm/slub.c: remove an unused addr argument (Rafael Aquini) 
[1768386 1730471]
- [mm] hugetlbfs: fix races and page leaks during migration (Rafael 
Aquini) [1768386 1730471]
- [mm] mm, oom: fix use-after-free in oom_kill_process (Rafael Aquini) 
[1768386 1730471]
- [mm] percpu: convert spin_lock_irq to spin_lock_irqsave (Rafael 
Aquini) [1768386 1730471]
- [mm] mm/swapfile.c: use kvzalloc for swap_info_struct allocation 
(Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (Rafael 
Aquini) [1768386 1730471]
- [mm] mm: Fix warning in insert_pfn() (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: dirty pages as they are added to pagecache (Rafael 
Aquini) [1768386 1730471]
- [mm] mm/swapfile.c: fix swap_count comment about nonexistent 
SWAP_HAS_CONT (Rafael Aquini) [1768386 1730471]
- [mm] slab: __GFP_ZERO is incompatible with a constructor (Rafael 
Aquini) [1768386 1730471]
- [mm] mm: fix the NULL mapping case in __isolate_lru_page() (Rafael 
Aquini) [1768386 1730471]
- [mm] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() 
(Rafael Aquini) [1768386 1730471]
- [fs] block_invalidatepage(): only release page if the full page was 
invalidated (Rafael Aquini) [1768386 1730471]
- [mm] mm/mempolicy.c: avoid use uninitialized preferred_node (Rafael 
Aquini) [1768386 1730471]
- [mm] mm: pin address_space before dereferencing it while isolating an 
LRU page (Rafael Aquini) [1768386 1730471]
- [fs] fs/hugetlbfs/inode.c: change put_page/unlock_page order in 
hugetlbfs_fallocate() (Rafael Aquini) [1768386 1730471]
- [mm] mm: do not rely on preempt_count in print_vma_addr (Rafael 
Aquini) [1768386 1730471]
- [mm] mm, swap: fix race between swap count continuation operations 
(Rafael Aquini) [1768386 1730471]
- [mm] mm: meminit: mark init_reserved_page as __meminit (Rafael Aquini) 
[1768386 1730471]
- [mm] mm/vmstat.c: fix wrong comment (Rafael Aquini) [1768386 1730471]
- [mm] mm, hugetlb: do not allocate non-migrateable gigantic pages from 
movable zones (Rafael Aquini) [1768386 1730471]
- [mm] mm: always flush VMA ranges affected by zap_page_range (Rafael 
Aquini) [1768386 1730471]
- [mm] mm/mremap: fail map duplication attempts for private mappings 
(Rafael Aquini) [1768386 1730471]
- [mm] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack 
(Rafael Aquini) [1768386 1730471]
- [mm] mm: numa: avoid waiting on freed migrated pages (Rafael Aquini) 
[1768386 1730471]
- [mm] mm/memory-failure.c: use compound_head() flags for huge pages 
(Rafael Aquini) [1768386 1730471]
- [fs] fs/block_dev: always invalidate cleancache in invalidate_bdev() 
(Rafael Aquini) [1768386 1730471]
- [mm] percpu: remove unused chunk_alloc parameter from pcpu_get_pages() 
(Rafael Aquini) [1768386 1730471]
- [mm] percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages 
(Rafael Aquini) [1768386 1730471]
- [mm] mm: do not access page->mapping directly on page_endio (Rafael 
Aquini) [1768386 1730471]
- [mm] mm/page_alloc: fix nodes for reclaim in fast path (Rafael Aquini) 
[1768386 1730471]
- [mm] mm: alloc_contig_range: allow to specify GFP mask (Rafael Aquini) 
[1768386 1730471]
- [mm] mm: vmscan: scan dirty pages even in laptop mode (Rafael Aquini) 
[1768386 1730471]
- [mm] mm/mempolicy.c: do not put mempolicy before using its nodemask 
(Rafael Aquini) [1768386 1730471]
- [mm] mm: fix set pageblock migratetype in deferred struct page init 
(Rafael Aquini) [1768386 1730471]
- [mm] mm: delete unnecessary and unsafe init_tlb_ubc() (Rafael Aquini) 
[1768386 1730471]
- [kernel] mm, mempolicy: task->mempolicy must be NULL before dropping 
final reference (Rafael Aquini) [1768386 1730471]
- [mm] mm: use phys_addr_t for reserve_bootmem_region() arguments 
(Rafael Aquini) [1768386 1730471]
- [mm] mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check 
(Rafael Aquini) [1768386 1730471]
- [mm] mm: soft-offline: check return value in second __get_any_page() 
call (Rafael Aquini) [1768386 1730471]
- [include] include/linux/memblock.h: fix ordering of 'flags' argument 
in comments (Rafael Aquini) [1768386 1730471]
- [mm] rmap: fix theoretical race between do_wp_page and 
shrink_active_list (Rafael Aquini) [1768386 1730471]
- [mm] mm/mremap.c: clean up goto just return ERR_PTR (Rafael Aquini) 
[1768386 1730471]
- [mm] mremap should return -ENOMEM when __vm_enough_memory fail (Rafael 
Aquini) [1768386 1730471]
- [mm] writeback: fix possible underflow in write bandwidth calculation 
(Rafael Aquini) [1768386 1730471]
- [mm] writeback: add missing INITIAL_JIFFIES init in 
global_update_bandwidth() (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory.c: actually remap enough memory (Rafael Aquini) 
[1768386 1730471]
- [mm] mm/compaction: fix wrong order check in compact_finished() 
(Rafael Aquini) [1768386 1730471]
- [mm] mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled 
process being killed (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix anon_vma_clone() error treatment (Rafael Aquini) [1768386 
1730471]
- [mm] mm, thp: fix collapsing of hugepages on madvise (Rafael Aquini) 
[1768386 1730471]
- [mm] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations 
(Rafael Aquini) [1768386 1730471]
- [mm] OOM, PM: OOM killed task shouldn't escape PM suspend (Rafael 
Aquini) [1768386 1730471]
- [mm] mm, compaction: pass gfp mask to compact_control (Rafael Aquini) 
[1768386 1730471]
- [mm] mm: page_alloc: abort fair zone allocation policy when remotes 
nodes are encountered (Rafael Aquini) [1768386 1730471]
- [mm] mm: vmscan: only update per-cpu thresholds for online CPU (Rafael 
Aquini) [1768386 1730471]
- [mm] mm, thp: replace smp_mb after atomic_add by smp_mb__after_atomic 
(Rafael Aquini) [1768386 1730471]
- [mm] mm, thp: move invariant bug check out of loop in 
__split_huge_page_map (Rafael Aquini) [1768386 1730471]
- [mm] thp: consolidate assert checks in __split_huge_page() (Rafael 
Aquini) [1768386 1730471]
- [mm] mm: fix sleeping function warning from __put_anon_vma (Rafael 
Aquini) [1768386 1730471]
- [mm] mm: cleanup add_to_page_cache_locked() (Rafael Aquini) [1768386 
1730471]
- [mm] mm: mempolicy: turn vma_set_policy() into vma_dup_policy() 
(Rafael Aquini) [1768386 1730471]
- [powerpc] powerpc/pseries: correctly track irq state in default idle 
(Steve Best) [1767620 1751970]
- [mm] mm: prevent get_user_pages() from overflowing page refcount 
(Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487}
- [mm] mm/hugetlb.c: __get_user_pages ignores certain 
follow_hugetlb_page errors (Aristeu Rozanski) [1705004 1705005] 
{CVE-2019-11487}

[3.10.0-1062.17.1.el7]
- [kvm] kvm: x86: always expose VIRT_SSBD to guests (Eduardo Habkost) 
[1797511 1744281]
- [kvm] kvm: x86: fix reporting of AMD speculation bug CPUID leaf 
(Eduardo Habkost) [1797511 1744281]

[3.10.0-1062.16.1.el7]
- [netdrv] ixgbevf: Use cached link state instead of re-reading the 
value for ethtool (Ken Cox) [1796798 1794812]
- [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) 
[1796261 1771094]

[3.10.0-1062.15.1.el7]
- [tools] perf top: Fix global-buffer-overflow issue (Michael Petlan) 
[1793581 1757325]
- [tools] perf top: Always sample time to satisfy needs of use of 
ordered queuing (Michael Petlan) [1793581 1757325]

[3.10.0-1062.14.1.el7]
- [s390] jump_label: replace stop_machine with smp_call_function 
(Hendrik Brueckner) [1787559 1720387]
- [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) 
[1787558 1777876]
- [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly 
Kuznetsov) [1783177 1674266]

[3.10.0-1062.13.1.el7]
- [scsi] libiscsi: fall back to sendmsg for slab pages (Oleksandr 
Natalenko) [1784826 1720506]

More information about the El-errata mailing list