[Oraclevm-errata] OVMBA-2015-0127 Oracle VM 3.2 kernel-uek bug fix update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Fri Nov 6 12:29:32 PST 2015


Oracle VM Bug Fix Advisory OVMBA-2015-0127

The following updated rpms for Oracle VM 3.2 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-2.6.39-400.249.3.el5uek.x86_64.rpm
kernel-uek-firmware-2.6.39-400.249.3.el5uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/kernel-uek-2.6.39-400.249.3.el5uek.src.rpm



Description of changes:

[2.6.39-400.249.3.el5uek]
- IB/core: Prevent integer overflow in ib_umem_get address arithmetic 
(Shachar Raindel)  [Orabug: 20788393]  {CVE-2014-8159} {CVE-2014-8159}

[2.6.39-400.249.2.el5uek]
- xen-pciback: limit guest control of command register (Jan Beulich) 
[Orabug: 20704156]  {CVE-2015-2150} {CVE-2015-2150}
- net: sctp: fix slab corruption from use after free on INIT collisions 
(Daniel Borkmann)  [Orabug: 20780348]  {CVE-2015-1421}

[2.6.39-400.249.1.el5uek]
- pci: move reset-notify field to preserve pci_dev size and offsets (Dan 
Duval)  [Orabug: 20426076]
- ocfs2: fix journal commit deadlock (Junxiao Bi)  [Orabug: 19390111]
- loop: inherit queue limits from underlying device (Dave Kleikamp) 
[Orabug: 19216610]
- block: Introduce blk_set_stacking_limits function (Martin K. Petersen) 
  [Orabug: 19216610]
- kvm: fix excessive pages un-pinning in kvm_iommu_map error path. 
(Quentin Casasnovas)  [Orabug: 20687314]  {CVE-2014-3601} 
{CVE-2014-8369} {CVE-2014-3601}
- Revert "mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) 
support" (Guangyu Sun)  [Orabug: 20673281]  {CVE-2014-8173}
- netfilter: conntrack: disable generic tracking for known protocols 
(Florian Westphal)  [Orabug: 20679630]  {CVE-2014-8160}
- mac80211: fix fragmentation code, particularly for encryption 
(Johannes Berg)  [Orabug: 20673313]  {CVE-2014-8709}
- mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support 
(Kirill A. Shutemov)  [Orabug: 20673282]  {CVE-2014-8173}
- tracing/syscalls: Ignore numbers outside NR_syscalls' range (Rabin 
Vincent)  [Orabug: 20673164]  {CVE-2014-7825} {CVE-2014-7826}
- tracing/syscalls: Fix perf syscall tracing when syscall_nr == -1 (Will 
Deacon)  [Orabug: 20673164]  {CVE-2014-7825} {CVE-2014-7826}

[2.6.39-400.248.1.el5uek]
- NVMe: Disable pci before clearing queue (Keith Busch)  [Orabug: 20533100]
- x86, fpu: disable eagerfpu by default (Santosh Shilimkar)  [Orabug: 
20521543]

[2.6.39-400.247.1]
- ib/sdp: fix null dereference of sk->sk_wq in sdp_rx_irq() (Chuck 
Anderson)  [Orabug: 20070989]
- Ensure request structure is not modified after being reused. (Ashish 
Samant)  [Orabug: 19971490]
- ocfs2: quorum: add a log for node not fenced (Junxiao Bi)  [Orabug: 
20472045]
- ocfs2: o2net: set tcp user timeout to max value (Junxiao Bi)  [Orabug: 
20472045]
- ocfs2: o2net: dont shutdown connection when idle timeout (Junxiao Bi) 
  [Orabug: 20472045]
- ocfs2: o2dlm: fix a race between purge and master query (Srinivas 
Eeda)  [Orabug: 20472034]
- ocfs2: fix null handle in ocfs2_write_zero_page (Junxiao Bi)  [Orabug: 
19632637]
- ocfs2: fix deadlock due to wrong locking order (Junxiao Bi)  [Orabug: 
19632637]
- net: sctp: fix NULL pointer dereference in af->from_addr_param on 
malformed packet (Daniel Borkmann)  [Orabug: 20425333]  {CVE-2014-7841}

[2.6.39-400.246.1]
- sched: Fix possible divide by zero in avg_atom() calculation (Mateusz 
Guzik)  [Orabug: 20148169]
- include/linux/math64.h: add div64_ul() (Alex Shi)
- deadlock when two nodes are converting same lock from PR to EX and 
idletimeout closes conn (Tariq Saeed)  [Orabug: 18639535]
- bonding: Bond master should reflect slaves features. (Ashish Samant) 
[Orabug: 20231825]
- x86, fpu: remove the logic of non-eager fpu mem allocation at the 
first usage (Annie Li)  [Orabug: 20239143]
- x86, fpu: remove cpu_has_xmm check in the fx_finit() (Suresh Siddha) 
[Orabug: 20239143]
- x86, fpu: make eagerfpu= boot param tri-state (Suresh Siddha) [Orabug: 
20239143]
- x86, fpu: enable eagerfpu by default for xsaveopt (Suresh Siddha) 
[Orabug: 20239143]
- x86, fpu: decouple non-lazy/eager fpu restore from xsave (Suresh 
Siddha)  [Orabug: 20239143]
- x86, fpu: use non-lazy fpu restore for processors supporting xsave 
(Suresh Siddha)  [Orabug: 20239143]
- lguest, x86: handle guest TS bit for lazy/non-lazy fpu host models 
(Suresh Siddha)  [Orabug: 20239143]
- x86, fpu: always use kernel_fpu_begin/end() for in-kernel FPU usage 
(Suresh Siddha)  [Orabug: 20239143]
- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() 
(Suresh Siddha)  [Orabug: 20239143]
- x86, fpu: remove unnecessary user_fpu_end() in save_xstate_sig() 
(Suresh Siddha)  [Orabug: 20239143]
- raid5: add AVX optimized RAID5 checksumming (Jim Kukunas)  [Orabug: 
20239143]
- x86, fpu: drop the fpu state during thread exit (Suresh Siddha) 
[Orabug: 20239143]
- x32: Add a thread flag for x32 processes (H. Peter Anvin)  [Orabug: 
20239143]
- x86, fpu: Unify signal handling code paths for x86 and x86_64 kernels 
(Suresh Siddha)  [Orabug: 20239143]
- x86, fpu: Consolidate inline asm routines for saving/restoring fpu 
state (Suresh Siddha)  [Orabug: 20239143]
- x86, signal: Cleanup ifdefs and is_ia32, is_x32 (Suresh Siddha) 
[Orabug: 20239143]
into exported and internal interfaces (Linus Torvalds)  [Orabug: 20239143]
- i387: Uninline the generic FP helpers that we expose to kernel modules 
(Linus Torvalds)  [Orabug: 20239143]
- i387: use restore_fpu_checking() directly in task switching code 
(Linus Torvalds)  [Orabug: 20239143]
- i387: fix up some fpu_counter confusion (Linus Torvalds)  [Orabug: 
20239143]

[2.6.39-400.245.1]
- isofs: Fix unbounded recursion when processing relocated directories 
(Jan Kara)  [Orabug: 20224060]  {CVE-2014-5471} {CVE-2014-5472}
- x86_64, traps: Stop using IST for #SS (Andy Lutomirski)  [Orabug: 
20224028]  {CVE-2014-9090} {CVE-2014-9322}

[2.6.39-400.244.1]
- HID: magicmouse: sanity check report size in raw_event() callback 
(Jiri Kosina)  [Orabug: 19849355]  {CVE-2014-3181}
- ALSA: control: Protect user controls against concurrent access 
(Lars-Peter Clausen)  [Orabug: 20192542]  {CVE-2014-4652}
- target/rd: Refactor rd_build_device_space + rd_release_device_space 
(Nicholas Bellinger)  [Orabug: 20192517]  {CVE-2014-4027}
- media-device: fix infoleak in ioctl media_enum_entities() (Salva 
Peiró)  [Orabug: 20192501]  {CVE-2014-1739} {CVE-2014-1739}
- udf: Avoid infinite loop when processing indirect ICBs (Jan Kara) 
[Orabug: 20192449]  {CVE-2014-6410}
- ALSA: control: Make sure that id->index does not overflow (Lars-Peter 
Clausen)  [Orabug: 20192418]  {CVE-2014-4656}
- ALSA: control: Handle numid overflow (Lars-Peter Clausen)  [Orabug: 
20192376]  {CVE-2014-465}
- HID: picolcd: sanity check report size in raw_event() callback (Jiri 
Kosina)  [Orabug: 20192205]  {CVE-2014-3186}
- net: sctp: fix remote memory pressure from excessive queueing (Daniel 
Borkmann)  [Orabug: 20192059]  {CVE-2014-3688}

[2.6.39-400.243.1]
- timekeeping: Indicate that clock was set in the pvclock gtod notifier 
(David Vrabel)  [Orabug: 20019459]
- Revert timekeeping: Indicate that clock was set in the pvclock gtod 
notifier (Jason Luan)  [Orabug: 20019459]

[2.6.39-400.242.0]
- This patch only affects the system with Mellanox CX2/3 with SR-IOV 
enabled. (Chien-Hua Yen)  [Orabug: 19622192]
- NVMe: Fix the memory leak with BLKRRPART ioctls (Keith Busch) [Orabug: 
20071659]
- Revert af_unix: Allow credentials to work across user and pid 
namespaces. (Dan Duval)  [Orabug: 16735268]
- Revert scm: Capture the full credentials of the scm sender. (Dan 
Duval)  [Orabug: 16735268]

[2.6.39-400.241.0]
- mpt2sas: setpci panic bug fix (Nagarajkumar Narayanan)  [Orabug: 19849933]
- o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper 
(Srinivas Eeda)  [Orabug: 19602075]

[2.6.39-400.240.0]
- net: sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) 
[Orabug: 20010591]  {CVE-2014-3687}
- net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks 
(Daniel Borkmann)  [Orabug: 20010578]  {CVE-2014-3673}
- genhd: fix leftover might_sleep() in blk_free_devt() (Jens Axboe) 
[Orabug: 19889185]
- xen/pciback: Restore configuration space when detaching from a guest. 
(Konrad Rzeszutek Wilk)  [Orabug: 19931428]
- x86: xen: Sync the CMOS RTC as well as the Xen wallclock (David 
Vrabel)  [Orabug: 19932271]
- x86: xen: Sync the wallclock when the system time is set (David 
Vrabel)  [Orabug: 19932271]
- timekeeping: Indicate that clock was set in the pvclock gtod notifier 
(David Vrabel)  [Orabug: 19932271]
- timekeeping: Pass flags instead of multiple bools to 
timekeeping_update() (David Vrabel)  [Orabug: 19932271]
- time: export time information for KVM pvclock (Marcelo Tosatti) 
[Orabug: 19932271]
- xen: Remove clock_was_set() call in the resume path (David Vrabel) 
[Orabug: 19932271]
- hrtimers: Support resuming with two or more CPUs online (but stopped) 
(David Vrabel)  [Orabug: 19932271]
- x86: Fix vrtc_get_time/set_mmss to use new timespec interface (John 
Stultz)  [Orabug: 19932271]
- x86: Increase precision of x86_platform.get/set_wallclock() (David 
Vrabel)  [Orabug: 19932271]

[2.6.39-400.239.0]
- rds: fix list corruption and tx hang when netfilter is used (shamir 
rabinovitch)  [Orabug: 18963548]
- Revert ib_cm: reduce latency when destroying large number of ids 
(Ajaykumar Hotchandani)  [Orabug: 19959153]
- Revert rds: avoid duplicate connection drops for active bonding 
(Ajaykumar Hotchandani)  [Orabug: 19959153]
- mlx4_core: change default for mlx4_scale_profile (Chien-Hua Yen) 
[Orabug: 19869294]
- mlx_core: Change log_num_mtt scaling range (Mukesh Kacker)  [Orabug: 
19951718]
- mlx4_core: Fix integer overflow issues around MTT table (Yishai Hadas) 
  [Orabug: 19890202]
- mlx4_core: Clean up buddy bitmap allocation (Roland Dreier)  [Orabug: 
19810605]
- mlx4_core: Allow large mlx4_buddy bitmaps (Yishai Hadas)  [Orabug: 
19810605]

[2.6.39-400.238.0]
- net/mlx4_core: Convert rcu locking to rwlock in CQ. (Zheng Li) 
[Orabug: 19831407]

[2.6.39-400.237.0]
- block: nvme: Let iostat show nvme device partitions (Santosh 
Shilimkar)  [Orabug: 19826058]
- reboot: rigrate shutdown/reboot to boot cpu (Robin Holt)  [Orabug: 
18386007]
- CPU hotplug: provide a generic helper to disable/enable CPU hotplug 
(Srivatsa S. Bhat)  [Orabug: 18386007]

[2.6.39-400.236.0]
- Simple fix to update related dst pmtu in routing table (Shirley Ma) 
[Orabug: 19592021]
- ipv6: ip6_dst_check needs to check for expired dst_entries (Hannes 
Frederic Sowa)  [Orabug: 19033899]
- ipv6: fix race condition regarding dst->expires and dst->from. 
(YOSHIFUJI Hideaki / ????)  [Orabug: 19033909]
- ipv6: recursive check rt->dst.from when call rt6_check_expired (Li 
RongQing)  [Orabug: 19033915]
- ipv6: fix problem with expired dst cache (Gao feng)  [Orabug: 19033921]
- ipv6: Kill rt6i_dev and rt6i_expires defines. (David S. Miller) 
[Orabug: 19592073]

[2.6.39-400.235.0]
- RDS: move more queing for loopback connections to separate queue 
(Mukesh Kacker)  [Orabug: 18977932]
- xen/pvhvm: Support more than 32 VCPUs when migrating. (Konrad 
Rzeszutek Wilk)
- RDS: add module parameter to allow module unload or not (Wengang Wang)
- prevent spurious PMU NMIs on Haswell systems (Dan Duval)  [Orabug: 
19449304]

[2.6.39-400.234.0]
- USB: whiteheat: Added bounds checking for bulk command response (James 
Forshaw)  [Orabug: 19849335]  {CVE-2014-3185}
- HID: fix a couple of off-by-ones (Jiri Kosina)  [Orabug: 19849318] 
{CVE-2014-3181}
- KVM: x86: Improve thread safety in pit (Andy Honig)  [Orabug: 
19905687]  {CVE-2014-3611}

[2.6.39-400.233.0]
- mm/hugetlb.c: undo change to page mapcount in fault handler (Hillf Danton)
- NVMe: Configure support for block flush (Keith Busch)  [Orabug: 19791092]
- NVMe: Do not over allocate for discard requests (Keith Busch) [Orabug: 
19791092]
- NVMe: Do not open disks that are being deleted (Keith Busch)  [Orabug: 
19791092]
- kref: Implement kref_get_unless_zero v3 (Thomas Hellstrom)  [Orabug: 
19689679]
- NVMe: Clear QUEUE_FLAG_STACKABLE (Keith Busch)  [Orabug: 19791092]
- NVMe: Fix device probe waiting on kthread (Keith Busch)  [Orabug: 
19791092]
- NVMe: Updates for 1.1 spec (Keith Busch)  [Orabug: 19791092]
- NVMe: Passthrough IOCTL for IO commands (Keith Busch)  [Orabug: 19791092]
- NVMe: Add revalidate_disk callback (Keith Busch)  [Orabug: 19791092]
- NVMe: Fix nvmeq waitqueue entry initialization (Keith Busch)  [Orabug: 
19791092]
- NVMe: Translate NVMe status to errno (Keith Busch)  [Orabug: 19791092]
- NVMe: Fix SG_IO status values (Keith Busch)  [Orabug: 19791092]
- NVMe: Remove duplicate compat SG_IO code (Keith Busch)  [Orabug: 19791092]
- nvme: Replace rcu_assign_pointer() with RCU_INIT_POINTER() 
(Andreea-Cristina Bernat)  [Orabug: 19791092]
- NVMe: Correctly handle IOCTL_SUBMIT_IO when cpus > online queues (Sam 
Bradshaw)  [Orabug: 19791092]
- NVMe: Add shutdown timeout as module parameter. (Dan McLeran) [Orabug: 
19791092]
- NVMe: Skip orderly shutdown on failed devices (Keith Busch)  [Orabug: 
19791092]
- NVMe: Whitespace fixes (Keith Busch)  [Orabug: 19791092]
- NVMe: Handling devices incapable of I/O (Keith Busch)  [Orabug: 19791092]
- NVMe: Change nvme_enable_ctrl to set EN and manage CC thru 
ctrl_config. (Dan McLeran)  [Orabug: 19791092]
- NVMe: Mismatched host/device page size support (Keith Busch)  [Orabug: 
19791092]
- NVMe: Update list of status codes (Matthew Wilcox)  [Orabug: 19791092]
- NVMe: Async event request (Keith Busch)  [Orabug: 19791092]
- rds: avoid duplicate connection drops for active bonding (Ajaykumar 
Hotchandani)  [Orabug: 19502619]
- ib_cm: reduce latency when destroying large number of ids (Ajaykumar 
Hotchandani)  [Orabug: 18538705]

[2.6.39-400.232.0]
- IPoIB: Change default IPOIB_RX_RING_SIZE to 2048 (Chien-Hua Yen) 
[Orabug: 19606645]
- megaraid_sas: Permit large RAID0/1 requests (Martin K. Petersen) 
[Orabug: 19625877]
- megaraid_sas: Version and Changelog update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Fix reset_mutex leak (Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Remove unused variables in megasas_instance (Adam 
Radford)  [Orabug: 19625877]
- megaraid_sas: Add missing initial call to 
megasas_get_ld_vf_affiliation(). (Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Fix LD/VF affiliation parsing (Adam Radford)  [Orabug: 
19625877]
- megaraid: Fail resume if MSI-X re-initialization failed (Alexander 
Gordeev)  [Orabug: 19625877]
- megaraid_sas: fix a small problem when reading state value from hw 
(Tomas Henzl)  [Orabug: 19625877]
- megaraid_sas: Version and Changelog update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Add Dell PowerEdge VRTX SR-IOV VF support (Adam Radford) 
  [Orabug: 19625877]
- megaraid_sas: Return leaked MPT frames to MPT frame pool (Adam 
Radford)  [Orabug: 19625877]
- megaraid_sas: Fix megasas_ioc_init_fusion (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Load correct raid context timeout (Adam Radford) 
[Orabug: 19625877]
- megaraid_sas: Performance boost fixes (Sumit.Saxena at lsi.com)  [Orabug: 
19625877]
- megaraid_sas: Set 32-bit DMA mask (Sumit.Saxena at lsi.com)  [Orabug: 
19625877]
- megaraid_sas: Big endian code related fixes (Sumit.Saxena at lsi.com) 
[Orabug: 19625877]
- megaraid_sas: Dont wait forever for non-IOCTL DCMDs 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: check return value for megasas_get_pd_list() (Hannes 
Reinecke)  [Orabug: 19625877]
- megaraid_sas_fusion: Return correct error value in 
megasas_get_ld_map_info() (Hannes Reinecke)  [Orabug: 19625877]
- megaraid_sas_fusion: correctly pass queue info pointer (Hannes 
Reinecke)  [Orabug: 19625877]
- megaraid: missing bounds check in mimd_to_kioc() (Dan Carpenter) 
[Orabug: 19625877]
- megaraid: Use resource_size_t for PCI resources, not long (Ben 
Collins)  [Orabug: 19625877]
- megaraid_sas: Fix synchronization problem between sysPD IO path and 
AEN path (Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: fixes for few endianess issues (Sumit.Saxena at lsi.com) 
[Orabug: 19625877]
- megaraid_sas: addded support for big endian architecture 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Version and Changelog update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Add High Availability clustering support using shared 
Logical Disks (Adam Radford)  [Orabug: 19625877]
- scsi/megaraid fixed several typos in comments (Matthias Schid) 
[Orabug: 19625877]
- megaraid_sas: megaraid_sas driver init fails in kdump kernel 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: fix a bug for 64 bit arches (Dan Carpenter)  [Orabug: 
19625877]
- megaraid: minor cut and paste error fixed. (James Georgas)  [Orabug: 
19625877]
- megaraid_sas: Changelog and driver version update 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Add support to differentiate between iMR vs MR Firmware 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Add support for Uneven Span PRL11 (Sumit.Saxena at lsi.com) 
  [Orabug: 19625877]
- megaraid_sas: Add support for Extended MSI-x vectors for 12Gb/s 
controller (Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Set IoFlags to enable Fast Path for JBODs for 12 Gb/s 
controllers (Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Add support to display Customer branding details in 
syslog (Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Add support for MegaRAID Fury (device ID-0x005f) 12Gb/s 
controllers (Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Set IO request timeout value provided by OS timeout for 
Tape devices (Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Free event detail memory without device ID check 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Update balance count in driver to be in sync of firmware 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Fix the interrupt mask for Gen2 controller 
(Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: Return DID_ERROR for SCSI IO, when controller is in 
critical h/w error (Sumit.Saxena at lsi.com)  [Orabug: 19625877]
- megaraid_sas: release lock on error path (Dan Carpenter)  [Orabug: 
19625877]
- megaraid_sas: Use correct #define for MSI-X capability (Bjorn Helgaas) 
  [Orabug: 19625877]
- megaraid_sas: Version and Changelog update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Dont load DevHandle unless FastPath enabled (Adam 
Radford)  [Orabug: 19625877]
- megaraid_sas: Add 4k FastPath DIF support (Adam Radford)  [Orabug: 
19625877]
- megaraid: fix BUG_ON() from incorrect use of delayed work (Xiaotian 
Feng)  [Orabug: 19625877]
- megaraid_sas: Version, Changelog, Copyright update (Adam Radford) 
[Orabug: 19625877]
- megaraid_sas: Remove duplicate code (Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Add SystemPD FastPath support (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Add array boundary check for SystemPD (Adam Radford) 
[Orabug: 19625877]
- megaraid_sas: Load io_request DataLength in bytes (Adam Radford) 
[Orabug: 19625877]
- megaraid_sas: Add module param for configurable MSI-X vector count 
(Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Remove un-needed completion_lock spinlock calls (Adam 
Radford)  [Orabug: 19625877]
- megaraid_sas: combine kmalloc+memset into kzalloc (Fengguang Wu) 
[Orabug: 19625877]
- megaraid_sas: Version and Changelog update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Add resetwaittime module parameter (Adam Radford) 
[Orabug: 19625877]
- megaraid_sas: Add throttlequeuedepth module parameter (Adam Radford) 
[Orabug: 19625877]
- megaraid: remove a spurious IRQ enable (Dan Carpenter)  [Orabug: 19625877]
- megaraid_sas: Version and Changelog update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Add fpRead/WriteCapable, fpRead/WriteAcrossStripe checks 
(Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Optimize HostMSIxVectors setting (Adam Radford) [Orabug: 
19625877]
- megaraid_sas: Version and Changelog update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: remove poll_mode_io code (Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Fix reglockFlags for degraded raid5/6 (Adam Radford) 
[Orabug: 19625877]
- megaraid_sas: Changelog and version update (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Add driver workaround for PERC5/1068 kdump kernel panic 
(Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Add multiple MSI-X vector/multiple reply queue support 
(Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Add support for MegaRAID 9360/9380 12GB/s controllers 
(Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Clear FUSION_IN_RESET before enabling interrupts (Adam 
Radford)  [Orabug: 19625877]
- megaraid_sas: Clear state change interrupts (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Remove some unnecessary code (Adam Radford)  [Orabug: 
19625877]
- megaraid_sas: Fix mismatch in megasas_reset_fusion() mutex lock-unlock 
(Adam Radford)  [Orabug: 19625877]
- megaraid_sas: Increase default cmds per lun to 256 (Adam Radford) 
[Orabug: 19625877]
- megaraid_sas: Continue booting immediately if FW in FAULT at driver 
load time (Adam Radford)  [Orabug: 19625877]
- Revert megaraid_sas: update to LSI version 6.505 (Martin K. Petersen) 
  [Orabug: 19625877]
- Revert megaraid: update from 6.505 to 6.600.18.00 (Martin K. Petersen) 
  [Orabug: 19625877]

[2.6.39-400.231.0]
- ALSA: control: Dont access controls outside of protected regions 
(Lars-Peter Clausen)  [Orabug: 19817786]  {CVE-2014-4653} 
{CVE-2014-4654} {CVE-2014-4655}
- ALSA: control: Fix replacing user controls (Lars-Peter Clausen) 
[Orabug: 19817748]  {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
- kvm: iommu: fix the third parameter of kvm_iommu_put_pages 
(CVE-2014-3601) (Michael S. Tsirkin)  [Orabug: 19817647]  {CVE-2014-3601}
- mm: try_to_unmap_cluster() should lock_page() before mlocking 
(Vlastimil Babka)  [Orabug: 19817323]  {CVE-2014-3122}
- vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) 
[Orabug: 19816563]  {CVE-2013-2596}
- vm: add vm_iomap_memory() helper function (Linus Torvalds)  [Orabug: 
19816563]  {CVE-2013-2596}
- net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) 
[Orabug: 19816068]  {CVE-2014-5077}

[2.6.39-400.230.0]
- genirq: Respect NUMA node affinity in setup_irq_irq affinity() (Prarit 
Bhargava)  [Orabug: 19716125]
- oracleasm: Use kern_unmount() (Martin K. Petersen)  [Orabug: 18413951]
- tick-sched: revert reprogram event conditional (Brian Maly)  [Orabug: 
19227794]
- mlx4_core: increase default number of qps in mlx4_core driver (Mukesh 
Kacker)  [Orabug: 19411059]
- mlx4_core: driver init-propagate enomem, fix compiler warning (Mukesh 
Kacker)  [Orabug: 19519575]

[2.6.39-400.229.0]
- module: fix sprintf format specifier in param_get_byte() (Christoph 
Jaeger)  [Orabug: 19638491]
- IPoIB/pkey: delete_child should only delete create_child devices 
(Mukesh Kacker)  [Orabug: 19607626]
- IB/ipoib: order:1 failure in ipoib_cm_alloc_rx_skb causes softlockup 
(Rama Nichanamatlu)  [Orabug: 19468224]
- rds: fix NULL pointer dereference panic during rds module unload (Rama 
Nichanamatlu)  [Orabug: 18952475]

[2.6.39-400.228.0]
- PCI: hotplug: Use global PCI rescan-remove locking (Rafael J. Wysocki) 
  [Orabug: 19503191]
- PCI: Add global pci_lock_rescan_remove() (Rafael J. Wysocki)  [Orabug: 
19503191]
- NVMe: Fix filesystem sync deadlock on removal (Keith Busch)  [Orabug: 
19589667]
- block: Fix dev_t minor allocation lifetime (Keith Busch)  [Orabug: 
19478980]
- block: fix synchronization and limit check in blk_alloc_devt() (Tejun 
Heo)  [Orabug: 19478980]
- block: fix ext_devt_idr handling (Tomas Henzl)  [Orabug: 19478980]

[2.6.39-400.227.0]
- auditsc: audit_krule mask accesses need bounds checking (Andy 
Lutomirski)  [Orabug: 19590597]  {CVE-2014-3917}

[2.6.39-400.226.0]
- xen-blkback: defer freeing blkif to avoid blocking xenwatch (Joe Jin) 
  [Orabug: 19308205]
- xen-blkback: fix shutdown race (Joe Jin)  [Orabug: 19308205]
- OFED: enable ib_ipoib cm_ibcrc_as_csum by default (Chien-Hua Yen) 
[Orabug: 19526489]
- RDS:active bonding: disable failover across HCAs(failover groups) 
(Mukesh Kacker)  [Orabug: 19430773]
- RDS/IB: active bonding - failover down interfaces on reboot. (Guangyu 
Sun)  [Orabug: 18697678]
- RDS/IB: Remove dangling rcu_read_unlock() and other cleanups (Mukesh 
Kacker)  [Orabug: 18995395]
- RFE: remove pkey coupling to device name (Mukesh Kacker)  [Orabug: 
19064704]
- IPoIB: Fix world-writable child interface control sysfs attributes (Or 
Gerlitz)  [Orabug: 19263083]
- net/mlx4_core: Fix racy flow in the driver CQ completion handler (Jack 
Morgenstein)  [Orabug: 19519594]

[2.6.39-400.225.0]
- OFED: Automatically size MTT in mlx4_core (Chien Yen)  [Orabug: 17938656]
- rds: new extension header: rdma bytes (Shamir Rabinovitch)  [Orabug: 
18468180]
- fix calculation of timer intervals in tick_nohz_stop_sched_tick() 
(Simon Ustimenko)  [Orabug: 19132065]
- NVMe: Reference count pci device (Keith Busch)  [Orabug: 19469273]
- oracleasm: Add support for new error return codes from block/SCSI 
(Martin K. Petersen)  [Orabug: 18438934]

[2.6.39-400.224.0]
- ib_ipoib: CSUM support in connected mode (Yuval Shaia)  [Orabug: 18692878]
- net: Reduce high cpu usage in bonding driver by do_csum (Venkat 
Venkatsubra)  [Orabug: 18141731]
- Partially revert 6d7c7e49: random: make add_interrupt_randomness() 
(John Sobecki)  [Orabug: 17740293]
- oracleasm: claim FMODE_EXCL access on disk during asm_open (Srinivas 
Eeda)  [Orabug: 19453460]
- notify block layer when using temporary change to cache_type (Vaughan 
Cao)  [Orabug: 19448451]
- sd: Fix parsing of temporary  cache mode prefix (Ben Hutchings) 
[Orabug: 19448451]
- sd: fix array cache flushing bug causing performance problems (James 
Bottomley)  [Orabug: 19448451]
- block: fix max discard sectors limit (James Bottomley)  [Orabug: 18961244]
- xen-netback: fix deadlock in high memory pressure (Junxiao Bi) 
[Orabug: 18959416]
- sdp: fix keepalive functionality (shamir rabinovitch)  [Orabug: 18728784]
- SELinux: Fix possible NULL pointer dereference in 
selinux_inode_permission() (Steven Rostedt)  [Orabug: 18552029]
- refcount: take rw_lock in ocfs2_reflink (Wengang Wang)  [Orabug: 18406219]
- ipv6: check return value for dst_alloc (Madalin Bucur)  [Orabug: 17865160]
- cciss: bug fix to prevent cciss from loading in kdump crash kernel 
(Mike Miller)  [Orabug: 17740446]
- configfs: fix race between dentry put and lookup (Junxiao Bi) [Orabug: 
17627075]

[2.6.39-400.223.0]
- x86, xsave: remove thread_has_fpu() bug check in 
__sanitize_i387_state() (Suresh Siddha)  [Orabug: 19318796]
- perf, nmi: Fix unknown NMI warning (Markus Metzger)  [Orabug: 19317343]
- sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang)  [Orabug: 
19404245]  {CVE-2014-4667}

[2.6.39-400.222.0]
- xen/pciback: Dont deadlock when unbinding. (Konrad Rzeszutek Wilk) 
[Orabug: 18632945]
- xen-pciback: Document when we FLR an PCI device. (Konrad Rzeszutek 
Wilk)  [Orabug: 18632945]
- xen-pciback: First reset, then free. (Konrad Rzeszutek Wilk)  [Orabug: 
18632945]
- xen-pciback: Cleanup up pcistub_put_pci_dev (Konrad Rzeszutek Wilk) 
[Orabug: 18632945]
- xen/pciback: Restore the PCI config space after an FLR. (Konrad 
Rzeszutek Wilk)  [Orabug: 18632945]
- PCI: Split out pci_dev lock/unlock and save/restore (Alex Williamson) 
  [Orabug: 18632945]
- PCI: move mutex locking out of pci_dev_reset function (Konrad 
Rzeszutek Wilk)  [Orabug: 18632945]
- pciehp: make pciehp_surprise module option effective only during 
hot-plugin (Chuck Anderson)  [Orabug: 19360132]
[2.6.39-400.221.0]
- pciehp: Add pciehp_surprise module option (Chuck Anderson)  [Orabug: 
19264290]
- PCI: pciehp: (Oracle partial) Remove a non-existent card, regardless 
of surprise capability (Chuck Anderson)  [Orabug: 19264290]
- filter: prevent nla extensions to peek beyond the end of the message 
(Mathias Krause)  [Orabug: 19315782]  {CVE-2014-3144} {CVE-2014-3145}
- ocfs2/o2net: incorrect to terminate accepting connections loop upon 
rejecting an invalid one (Tariq Saeed)  [Orabug: 17981086]
- RDS: Ensure non-zero SL uses correct path before lane 0 connection is 
dropped (Ajaykumar Hotchandani)  [Orabug: 19133664]
- rds: Lost locking in loop connection freeing (Pavel Emelyanov) 
[Orabug: 19265200]
- n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) 
[Orabug: 18756449]  {CVE-2014-0196} {CVE-2014-0196}

[2.6.39-400.220.0]
- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha 
Levin)  [Orabug: 19229505]  {CVE-2014-4943} {CVE-2014-4943}
- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 
19230690]  {CVE-2014-4699}
- nvme: fix crash on removal of nvme device (Guangyu Sun)  [Orabug: 
19221576]
- intel_idle: add driver_data values to hsw_cstates (Jerry Snitselaar) 
[Orabug: 19050525]
- intel_idle: additional Haswell CPU-id (Len Brown)  [Orabug: 19050525]
- intel_idle: support Haswell (Len Brown)  [Orabug: 19050525]
- Revert intel_idle: allow tuning of ivy bridge cstate exit latency and 
target residency (Jerry Snitselaar)  [Orabug: 19146595]
- iser: handle RDMA_CM_EVENT_TIMEWAIT_EXIT in iser code (Shamir 
Rabinovitch)  [Orabug: 17829930]
- mm, hugetlb: improve page-fault scalability (Davidlohr Bueso) [Orabug: 
18820745]
-  x86, mm: revert-back-good-end (Brian Maly)  [Orabug: 17648801]
- pci: only use pci reset notifier code in 64-bit builds (Jerry 
Snitselaar)  [Orabug: 19145212]

[2.6.39-400.219.0]
- pci: fix kabi break from pci reset notify backport (Jerry Snitselaar) 
  [Orabug: 19080849]

[2.6.39-400.218.0]
- nvme: Backport of 3.16 NVMe driver updates from UEK3 (Martin K. 
Petersen)  [Orabug: 18939656]
- SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) 
  [Orabug: 19028380]  {CVE-2014-1874}
- floppy: dont write kernel-only members to FDRAWCMD ioctl output 
(Matthew Daley)  [Orabug: 19028444]  {CVE-2014-1738}
- floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew 
Daley)  [Orabug: 19028438]  {CVE-2014-1737}
- libertas: potential oops in debugfs (Dan Carpenter)  [Orabug: 
19028416]  {CVE-2013-6378}

[2.6.39-400.217.0]
- RDS: active bonding - failover/failback only to matching pkey (Mukesh 
Kacker)  [Orabug: 18681364]
- RDS: active bonding - ports may not failback if all ports go down 
(Mukesh Kacker)  [Orabug: 18875563]
- futex: Make lookup_pi_state more robust (Thomas Gleixner)  [Orabug: 
18918614]  {CVE-2014-3153}
- futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) 
[Orabug: 18918614]  {CVE-2014-3153}
- futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas 
Gleixner)  [Orabug: 18918614]  {CVE-2014-3153}
- futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) 
(Thomas Gleixner)  [Orabug: 18918614]  {CVE-2014-3153} {CVE-2014-3153}

[2.6.39-400.216.0.el5uek]
- RDS: Use rds_local_wq for loopback connections in 
rds_conn_connect_if_down() (Chien-Hua Yen) [Orabug: 18892380]
- RDS: add workqueue for local loopback connections (Chien-Hua Yen) 
[Orabug: 18892366]
- block: Don't check QUEUE_FLAG_SAME_COMP in __blk_complete_request 
(Brian Maly) [Orabug: 17382566]
- block: improve rq_affinity placement (Brian Maly) [Orabug: 17282566]
- block: Make rq_affinity = 1 work as expected (Brian Maly) [Orabug: 
17382566]
- block: strict rq_affinity (Brian Maly)
- nvme: Backport of the NVMe driver updates from UEK3 (Martin K. 
Petersen) [Orabug: 17716680]
- nvme: enable nvme driver in config (Jerry Snitselaar) [Orabug: 17716680]
- nvme: Backport NVM Express driver from UEK3 (Martin K. Petersen) 
[Orabug: 17716680]
- APM/cma: Kernel panic during IB port failover test (Chien-Hua Yen) 
[Orabug: 18737494]
- block: Enable sysfs nomerge control for I/O requests in the plug list 
(Alireza Haghdoost) [Orabug: 18735919]
- RDMA/cma: Replace global lock in rdma_destroy_id() with handler_mutex 
(Chien-Hua Yen) [Orabug: 18802019]
- x86, mm: Probe memory block size for generic x86 64bit (Yinghai Lu) 
[Orabug: 18650110]
- mm: speedup in __early_pfn_to_nid (Russ Anderson) [Orabug: 18650110]
- RDS: SA query optimization (Bang Nguyen) [Orabug: 18801977]
- mlx4_ib: unmap FMR should update MPT status to 0xF (Mukesh Kacker) 
[Orabug: 18801967]
- RDS: Remove cond_resched() in RX tasklet (Bang Nguyen) [Orabug: 18801937]
- RDS: Replace queue_work() by cond_resched() in the tasklet to breakup 
RX stream (Bang Nguyen) [Orabug: 18801931]
- RDS: looping to reap cq recv queue in rds_conn_shutdown (Chien-Hua 
Yen) [Orabug: 18501034]
- rds: Fix regression in dynamic active bonding configuration (Bang Nguyen)
- OFED: Load multiple instances of mlx4_core in parallel (Chien-Hua Yen) 
[Orabug: 18801905]
- rds/rdma_cm: send RDMA_CM_EVENT_ADDR_CHANGE event for active bonding 
(Ajaykumar Hotchandani) [Orabug: 18421516]
- RDS: Idle QoS connections during remote peer reboot causing 
application brownout (Chien-Hua Yen) [Orabug: 18443194]
- IB/sdp: disable APM by default (Shamir Rabinovitch) [Orabug: 18443203]
- rds: dynamic active bonding configuration (Bang Nguyen)
- pciehp: only wait command complete for really hotplug control (Yinghai 
Lu) [Orabug: 18479141]
- RDS: Fix slowdown when doing massively parallel workload (Bang Nguyen) 
[Orabug: 18362838]
- RDS: active bonding needs to set brcast and mask for its primary 
interface (Chien-Hua Yen) [Orabug: 18479088]
- md: fix possible corruption of array metadata on shutdown. (NeilBrown) 
[Orabug: 18479081]
- md: don't set md arrays to readonly on shutdown. (NeilBrown) [Orabug: 
18479081]
- VFS : mount lock scalability for internal mounts (Tim Chen) [Orabug: 
18197894]
- block: add missing blk_queue_dead() checks (Tejun Heo) [Orabug: 18233050]
- block: Fix blk_execute_rq_nowait() dead queue handling (Muthukumar 
Ratty) [Orabug: 17636880]
- time: allow rcu delay to be tunable (Andi Kleen) [Orabug: 18801711]
- governor: clip sleep to 1 second, and drop highest sample (Jerry 
Snitselaar) [Orabug: 18801711]
- intel_idle: add driver_data values to ivb_cstates (Jerry Snitselaar) 
[Orabug: 18801711]
- intel_idle: allow tuning of ivy bridge cstate exit latency and target 
residency (Jerry Snitselaar) [Orabug: 18801711]
- intel_idle: export both C1 and C1E (Len Brown) [Orabug: 18801711]




More information about the Oraclevm-errata mailing list