development/system

kernel-headers - Header files for the Linux kernel for use by glibc

Website: http://www.kernel.org/
License: GPLv2
Vendor: Scientific Linux
Description:
Kernel-headers includes the C header files that specify the interface
between the Linux kernel and userspace libraries and programs.  The
header files define structures and constants that are needed for
building most standard programs and are also needed for rebuilding the
glibc package.

Packages

kernel-headers-2.6.32-754.35.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2020-09-16):
- [ata] libata: fix NULL sdev dereference race in atapi_qc_complete() (Kenneth Yin) [1876296]
kernel-headers-2.6.32-754.33.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2020-08-10):
- [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1824907]
kernel-headers-2.6.32-754.31.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2020-06-15):
- [x86] x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543}
- [netdrv] bonding/802.3ad: fix link_failure_count tracking (Patrick Talbert) [1841819]
- [mm] mm: migration: add migrate_entry_wait_huge() (Waiman Long) [1839653]
- [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1796810]
- [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Update Spectre v2 reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1796810]
- [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Gustavo Duarte) [1796810]
- [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Patch barrier_nospec in modules (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add barrier_nospec (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Add helper to check if offset is within relative branch range (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Have patch_instruction detect faults (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Introduce asm-prototypes.h (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Move local setup.h declarations to arch includes (Gustavo Duarte) [1796810]
kernel-headers-2.6.32-754.30.2.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2020-05-29):
- x86/speculation: Provide SRBDS late microcode loading support (Waiman Long)
- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543}
kernel-headers-2.6.32-754.29.2.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2020-05-07):
- [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711}
kernel-headers-2.6.32-754.29.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2020-03-12):
- [wireless] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775226] {CVE-2019-17666}
- [x86] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes (Denys Vlasenko) [1485759]
- [powerpc] powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB (Denys Vlasenko) [1485759]
- binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Denys Vlasenko) [1485759]
- [powerpc] powerpc: Use generic PIE randomization (Denys Vlasenko) [1485759]
kernel-headers-2.6.32-754.28.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2020-01-31):
- [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1795404]
- [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779473] {CVE-2019-17055}
- [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778625] {CVE-2019-17133}
- [netdrv] bonding: speed/duplex update at NETDEV_UP event (Patrick Talbert) [1772779]
- [netdrv] bonding: make speed, duplex setting consistent with link state (Patrick Talbert) [1772779]
- [netdrv] bonding: simplify / unify event handling code for 3ad mode (Patrick Talbert) [1772779]
- [netdrv] bonding: unify all places where actor-oper key needs to be updated (Patrick Talbert) [1772779]
- [netdrv] bonding: simple code refactor (Patrick Talbert) [1772779]
kernel-headers-2.6.32-754.25.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2019-11-20):
- [kvm] KVM: VMX: Set VMENTER_L1D_FLUSH_NOT_REQUIRED if !X86_BUG_L1TF (Waiman Long) [1733760]
- [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746799] {CVE-2019-14821}
- [virt] KVM: MMIO: Lock coalesced device when checking for available entry (Bandan Das) [1746799] {CVE-2019-14821}
- [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1749512]
- [security] KEYS: prevent creating a different user's keyrings (David Howells) [1537371]
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135}
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155}
kernel-headers-2.6.32-754.24.3.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2019-11-12):
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155}
kernel-headers-2.6.32-754.24.2.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2019-11-06):
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135}
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155}
kernel-headers-2.6.32-754.23.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2019-09-17):
- [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750869 1750869] {CVE-2019-14835}
kernel-headers-2.6.32-754.22.1.el6.x86_64 [4.6 MiB] Changelog by Denys Vlasenko (2019-08-16):
- [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712858] {CVE-2019-11810}
- [net] net: Set sk_prot_creator when copying sockets to the right proto (Andrea Claudi) [1657117] {CVE-2018-9568}
kernel-headers-2.6.32-754.18.2.el6.x86_64 [4.6 MiB] Changelog by Phillip Lougher (2019-07-25):
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125}
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125}
kernel-headers-2.6.32-754.17.1.el6.x86_64 [4.6 MiB] Changelog by Phillip Lougher (2019-06-20):
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719840] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719585] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719585] {CVE-2019-11477}
- [lib] idr: free the top layer if idr tree has the maximum height (Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix top layer handling (Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix backtrack logic in idr_remove_all (Denys Vlasenko) [1698139] {CVE-2019-3896}
kernel-headers-2.6.32-754.15.3.el6.x86_64 [4.6 MiB] Changelog by Phillip Lougher (2019-06-13):
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719840] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719585] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719585] {CVE-2019-11477}
kernel-headers-2.6.32-754.14.2.el6.x86_64 [4.6 MiB] Changelog by Phillip Lougher (2019-04-24):
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Provide arch_smt_update() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
kernel-headers-2.6.32-754.12.1.el6.x86_64 [4.6 MiB] Changelog by Phillip Lougher (2019-03-07):
- [x86] vDSO: Don't generate retpoline for indirect call (Waiman Long) [1638552]
- [fs] cifs: fix reparse point/symlink breakage (Leif Sahlberg) [1636484]
- [scsi] qla2xxx: Mask off Scope bits in retry delay (Himanshu Madhani) [1588133]
- [net] tcp: make tcp_retransmit_timer a no-op on empty write queue (Paolo Abeni) [1585892]
- [kernel] sched/sysctl: Check user input value of sysctl_sched_time_avg (Lauro Ramos Venancio) [1579128]
- [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] hugetlbfs: switch to inode_init_owner() (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] udf: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ubifs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ramfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext4: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext3: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext2: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] btrfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] vfs: Add inode uid,gid,mode init helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [s390] kernel: adapt to changed CPU vulnerabilities function prototypes (Hendrik Brueckner) [1625381]
- [s390] detect etoken facility (Hendrik Brueckner) [1625381]
- [s390] Correct register corruption in critical section cleanup (Hendrik Brueckner) [1625381]
- [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1625381]
- [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1625381]
- [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1625381]
- [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1625381]
- [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1625381]
- [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1625381]
- [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Oleksandr Natalenko) [1670328]
- [perf] Fix a race between ring_buffer_detach() and ring_buffer_attach() (Jiri Olsa) [1589340]
- [perf] Fix mmap() accounting hole (Jiri Olsa) [1627672]
- [perf] Fix perf mmap bugs (Jiri Olsa) [1627672]
kernel-headers-2.6.32-754.11.1.el6.x86_64 [4.5 MiB] Changelog by Phillip Lougher (2019-01-22):
- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1644401]
- [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593083] {CVE-2018-10902}
kernel-headers-2.6.32-754.6.3.el6.x86_64 [4.5 MiB] Changelog by Frantisek Hrbata (2018-09-18):
- [kvm] VMX: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1628796]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1628796]
- [x86] KVM: VMX: skip L1TF flush on VM-entry if EPT is disabled (Marcelo Tosatti) [1616397]
kernel-headers-2.6.32-754.3.5.el6.x86_64 [4.5 MiB] Changelog by Phillip Lougher (2018-08-09):
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620}
kernel-headers-2.6.32-754.2.1.el6.x86_64 [4.5 MiB] Changelog by Phillip Lougher (2018-07-03):
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1596113] {CVE-2018-10872}
- [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas Grunbacher) [1506281]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576757] {CVE-2018-10675}
- [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page() (Larry Woodman) [1381653]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Label each entry in the session slot tables with its slot number (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session pointer (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression (Benjamin Coddington) [1553423]
- [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310]
- [scsi] ipr: Wait to do async scan until scsi host is initialized (Gustavo Duarte) [1572310]
kernel-headers-2.6.32-754.el6.x86_64 [4.5 MiB] Changelog by Phillip Lougher (2018-05-24):
- [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360]
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494]
- [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351]
- [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148]
- [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130}
- [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130}
kernel-headers-2.6.32-696.30.1.el6.x86_64 [4.5 MiB] Changelog by Jan Stancek (2018-05-18):
- [x86] x86/kvm: fix CPUID_7_EDX (word 18) mask (Jan Stancek) [1566893 1566899] {CVE-2018-3639}
kernel-headers-2.6.32-696.28.1.el6.x86_64 [4.5 MiB] Changelog by Jan Stancek (2018-04-26):
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897}
- [x86] xen: do not use xen_info on HVM, set pv_info name to "Xen HVM" (Vitaly Kuznetsov) [1569141 1568241]
kernel-headers-2.6.32-696.23.1.el6.x86_64 [4.5 MiB] Changelog by Jan Stancek (2018-02-10):
- [scsi] avoid a permanent stop of the scsi device's request queue (Ewan Milne) [1519857 1513455]
- [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1543022 1535645]
- [x86] retpoline: Don't use kernel indirect thunks in vsyscalls (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1543022 1535645]
- [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1543022 1535645]
- [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1543022 1535645]
- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1543022 1535645]
- [x86] bugs: Drop one "mitigation" from dmesg (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1543022 1535645]
- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1543022 1535645]
- [x86] Use IBRS for firmware update path (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1543022 1535645]
- [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1543022 1535645]
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1543022 1535645]
- [x86] mce: Make machine check speculation protected (Waiman Long) [1543022 1535645]
- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1543022 1535645]
- [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1543022 1535645]
- [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1543022 1535645]
- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1543022 1535645]
- [x86] retpoline: Add initial retpoline support (Waiman Long) [1543022 1535645]
- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1543022 1535645]
- [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1543022 1535645]
- [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12] (Waiman Long) [1543022 1535645]
- [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1543022 1535645]
- [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1543022 1535645]
- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1543022 1535645]
- [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1543022 1535645]
- [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1543022 1535645]
- [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1543022 1535645]
- [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (Waiman Long) [1543022 1535645]
- [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1543022 1535645]
- [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1543022 1535645]
- [x86] alternatives: Document macros (Waiman Long) [1543022 1535645]
- [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1543022 1535645]
- [x86] alternatives: Add instruction padding (Waiman Long) [1543022 1535645]
- [x86] alternative: Add header guards to <asm/alternative-asm.h> (Waiman Long) [1543022 1535645]
- [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1543022 1535645]
- [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1543022 1535645]
- [x86] Make .altinstructions bit size neutral (Waiman Long) [1543022 1535645]
- [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1543022 1535645]
- [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1543022 1535645]
kernel-headers-2.6.32-696.20.1.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2018-01-12):
- [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] pti/mm: Fix XEN PV boot failure (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754}
kernel-headers-2.6.32-696.18.7.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-12-28):
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman Long) [1519799 1519802] {CVE-2017-5754}
kernel-headers-2.6.32-696.16.1.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-10-08):
- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111}
- [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111}
- [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111}
- [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1498019 1441773]
- [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1497976 1477288]
- [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1497976 1477288]
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488344 1488340] {CVE-2017-14106}
- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488344 1488340] {CVE-2017-14106}
- [scsi] lpfc: fix "integer constant too large" error on 32bit archs (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Vport creation is failing with "Link Down" error (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1487220 1441169]
- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481532 1481529] {CVE-2017-1000112}
- [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112}
- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112}
kernel-headers-2.6.32-696.13.2.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-09-22):
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251}
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
kernel-headers-2.6.32-696.10.3.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-09-21):
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
kernel-headers-2.6.32-696.10.2.el6.x86_64 [4.5 MiB] Changelog by Frantisek Hrbata (2017-09-10):
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251}
kernel-headers-2.6.32-696.6.3.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-06-30):
- [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1466667 1464237]
- [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237]
- Revert: [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237]
kernel-headers-2.6.32-696.3.2.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-06-07):
- [mm] enlarge stack guard gap (Larry Woodman) [1452729 1452730] {CVE-2017-1000364 CVE-2017-1000366}
kernel-headers-2.6.32-696.3.1.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-04-20):
- [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1442979 1436527]
- [scsi] lpfc: update for rhel6 11.0.0.6 (Maurizio Lombardi) [1439636 1429881]
- [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1439636 1429881]
- [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1443499 1146727]
- [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1443234 1434560]
- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430577 1430578] {CVE-2017-6214}
kernel-headers-2.6.32-696.1.1.el6.x86_64 [4.5 MiB] Changelog by Denys Vlasenko (2017-03-21):
- [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910}
- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749]
- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1428106 1360930]
- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429917 1429918] {CVE-2017-2636}
kernel-headers-2.6.32-696.el6.x86_64 [4.5 MiB] Changelog by Phillip Lougher (2017-02-20):
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074}
kernel-headers-2.6.32-642.15.1.el6.x86_64 [4.4 MiB] Changelog by Frantisek Hrbata (2017-02-20):
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074}
kernel-headers-2.6.32-642.13.2.el6.x86_64 [4.4 MiB] Changelog by Frantisek Hrbata (2017-02-18):
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074}
kernel-headers-2.6.32-642.13.1.el6.x86_64 [4.4 MiB] Changelog by Denys Vlasenko (2016-11-23):
- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390805 1390046] {CVE-2016-7117}
- [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1396479 1381585]
- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379527 1379529] {CVE-2016-6828}
- [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
- [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
- [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
- [net] ipv6: Don't change dst->flags using assignments (Marcelo Leitner) [1391974 1389478]
- [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1392818 1383078]
- [netdrv] sfc: report supported link speeds on SFP connections (Jarod Wilson) [1388168 1384621]
- [drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1392875 1342114]
- [hv] avoid vfree() on crash (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: handle various crash scenarios (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: Support kexec on ws2012 r2 and above (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: Support handling messages on multiple CPUs (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: avoid wait_for_completion() on crash (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: don't loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: Force all channel messages to be delivered on CPU 0 (Vitaly Kuznetsov) [1385482 1333167]
- [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1396272 1374743]
- [fs] nfs4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done (Steve Dickson) [1385480 1376467]
- [firmware] dmi_scan: DMI information in sysfs is missing on SMBIOS 3.0 based systems (Steve Best) [1393464 1353807]
kernel-headers-2.6.32-642.11.1.el6.x86_64 [4.4 MiB] Changelog by Denys Vlasenko (2016-10-26):
- [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195}
kernel-headers-2.6.32-642.6.2.el6.x86_64 [4.4 MiB] Changelog by Frantisek Hrbata (2016-10-24):
- [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195}
kernel-headers-2.6.32-642.6.1.el6.x86_64 [4.4 MiB] Changelog by Denys Vlasenko (2016-08-25):
- [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696}
- [fs] sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott Mayhew) [1366962 1294939]
- [usbhid] hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Yauheni Kaliuta) [1359999 1360008] {CVE-2016-5829}
kernel-headers-2.6.32-642.4.2.el6.x86_64 [4.4 MiB] Changelog by Petr Holasek (2016-08-15):
- [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696}
kernel-headers-2.6.32-642.3.1.el6.x86_64 [4.4 MiB] Changelog by Petr Holasek (2016-06-26):
- [infiniband] security: Restrict use of the write interface (Don Dutile) [1332547 1332548] {CVE-2016-4565}
kernel-headers-2.6.32-642.el6.x86_64 [4.3 MiB] Changelog by Aristeu Rozanski (2016-04-12):
- [scsi] fc: revert - ensure scan_work isn't active when freeing fc_rport (Ewan Milne) [1326447]
- [netdrv] ixgbe: Update ixgbe driver to use __netdev_pick_tx in ixgbe_select_queue (John Greene) [1310749]
- [netdrv] mlx5e: Fix adding vlan rule with vid zero twice (Kamal Heib) [1322809]
kernel-headers-2.6.32-573.26.1.el6.x86_64 [3.9 MiB] Changelog by Frantisek Hrbata (2016-04-12):
- [kernel] revert "sched: core: Use hrtimer_start_expires" (Jiri Olsa) [1326043 1324318]
- [kernel] Revert "Cleanup bandwidth timers" (Jiri Olsa) [1326043 1324318]
- [kernel] revert "fair: Test list head instead of list entry in throttle_cfs_rq" (Jiri Olsa) [1326043 1324318]
- [kernel] revert "sched, perf: Fix periodic timers" (Jiri Olsa) [1326043 1324318]
- [kernel] Revert "fix KABI break" (Jiri Olsa) [1326043 1324318]
kernel-headers-2.6.32-573.22.1.el6.x86_64 [3.9 MiB] Changelog by Frantisek Hrbata (2016-03-17):
- [mm] always decrement anon_vma degree when the vma list is empty (Jerome Marchand) [1318364 1309898]
kernel-headers-2.6.32-573.12.1.el6.x86_64 [3.9 MiB] Changelog by Frantisek Hrbata (2015-11-23):
- Revert: [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551]
kernel-headers-2.6.32-573.3.1.el6.x86_64 [3.9 MiB] Changelog by Frantisek Hrbata (2015-08-10):
- [md] Revert "dm: don't schedule delayed run of the queue if nothing to do" (Mike Snitzer) [1246095 1240767]
- [md] Revert "dm: only run the queue on completion if congested or no requests pending" (Mike Snitzer) [1246095 1240767]
kernel-headers-2.6.32-573.el6.x86_64 [3.9 MiB] Changelog by Kurt Stutsman (2015-07-01):
- [security] selinux: don't waste ebitmap space when importing NetLabel categories (Paul Moore) [1130197]
- [x86] Revert "Add driver auto probing for x86 features v4" (Prarit Bhargava) [1231280]
- [net] bridge: netfilter: don't call iptables on vlan packets if sysctl is off (Florian Westphal) [1236551]
- [net] ebtables: Allow filtering of hardware accelerated vlan frames (Florian Westphal) [1236551]
kernel-headers-2.6.32-504.30.3.el6.x86_64 [3.4 MiB] Changelog by Frantisek Hrbata (2015-07-09):
- [redhat] spec: Update dracut dependency to pull in drbg module (Frantisek Hrbata) [1241517 1241338]
kernel-headers-2.6.32-504.23.4.el6.x86_64 [3.4 MiB] Changelog by Radomir Vrbovsky (2015-05-29):
- [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907]
- [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907]
kernel-headers-2.6.32-504.16.2.el6.x86_64 [3.4 MiB] Changelog by Frantisek Hrbata (2015-03-10):
- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
kernel-headers-2.6.32-504.12.2.el6.x86_64 [3.3 MiB] Changelog by Radomir Vrbovsky (2015-02-01):
- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
kernel-headers-2.6.32-504.8.1.el6.x86_64 [3.3 MiB] Changelog by Radomir Vrbovsky (2014-12-19):
- [crypto] crc32c: Kill pointless CRYPTO_CRC32C_X86_64 option (Jarod Wilson) [1175509 1036212]
- [crypto] testmgr: add larger crc32c test vector to test FPU path in crc32c_intel (Jarod Wilson) [1175509 1036212]
- [crypto] tcrypt: Added speed test in tcrypt for crc32c (Jarod Wilson) [1175509 1036212]
- [crypto] crc32c: Optimize CRC32C calculation with PCLMULQDQ instruction (Jarod Wilson) [1175509 1036212]
- [crypto] crc32c: Rename crc32c-intel.c to crc32c-intel_glue.c (Jarod Wilson) [1175509 1036212]
kernel-headers-2.6.32-504.3.3.el6.x86_64 [3.3 MiB] Changelog by Radomir Vrbovsky (2014-12-12):
- [x86] traps: stop using IST for #SS (Petr  Matousek) [1172810 1172811] {CVE-2014-9322}
kernel-headers-2.6.32-504.1.3.el6.x86_64 [3.3 MiB] Changelog by Radomir Vrbovsky (2014-10-31):
- Revert: [net] revert "bridge: Set vlan_features to allow offloads on vlans" (Vlad Yasevich) [1144442 1121991]
kernel-headers-2.6.32-504.el6.x86_64 [3.3 MiB] Changelog by Rafael Aquini (2014-09-16):
- [netdrv] revert "cxgb4: set skb->rxhash" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use netif_set_real_num_rx/tx_queues()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Turn on delayed ACK" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use ULP_MODE_TCPDDP" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Debugfs dump_qp() updates" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Drop peer_abort when no endpoint found" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Detect DB FULL events and notify RDMA ULD" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Common platform specific changes for DB Drop Recovery" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: DB Drop Recovery for RDMA and LLD queues" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add debugfs RDMA memory stats" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add DB Overflow Avoidance" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: DB Drop Recovery for RDMA and LLD queues" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use vmalloc() for debugfs QP dump" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Remove kfifo usage" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Include vmalloc.h for vmalloc and vfree" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: set maximal number of default RSS queues" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Remove duplicate register definitions" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Update RDMA/cxgb4 due to macro definition removal in cxgb4 driver" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Move dereference below NULL test" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix incorrect values for MEMWIN*_APERTURE and MEMWIN*_BASE" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add functions to read memory via PCIE memory window" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Code cleanup to enable T4 Configuration File support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add support for T4 configuration file" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add support for T4 hardwired driver configuration settings" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Don't attempt to upgrade T4 firmware when cxgb4 will end up as a slave" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix error handling in create_qp()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Dynamically allocate memory in t4_memory_rw() and get_vpd_params()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix build error due to missing linux/vmalloc.h include" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: allocate enough data in t4_memory_rw()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Address various sparse warnings" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Remove unnecessary #ifdef condition" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't free chunk that we have failed to allocate" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix unable to get UP event from the LLD" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix initialization of SGE_CONTROL register" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: use WARN" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Chelsio FCoE offload driver submission" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove __dev* attributes" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T4 filter support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add LE hash collision bug fix path in LLD driver" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix LE hash collision bug for active open connection" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix LE hash collision bug for passive open connection" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix bug for active and passive LE hash collision path" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use netdev_<level> and pr_<level>" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix incorrect PFVF CMASK" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Abort connections that receive unexpected streaming mode data" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Abort connections when moving to ERROR state" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Display streaming mode error only if detected in RTS" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Keep QP referenced until TID released" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Always log async errors" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Only log rx_data warnings if cpl status is non-zero" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix endpoint timeout race condition" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't reconnect on abort for mpa_rev 1" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't wakeup threads for MPAv2" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Insert hwtid in pass_accept_req instead in pass_establish" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Address sparse warnings" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: "cookie" can stay in host endianness" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix cast warning" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Allow for backward compatibility with new VPD scheme" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add register definations for T5" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add macros, structures and inline functions for T5" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Initialize T5" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Dump T5 registers" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T5 write combining support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Enable doorbell drop recovery only for T4 adapter" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T5 debugfs support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T5 PCI ids" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Update driver version and description" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Disable SR-IOV support for PF4-7 for T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add Support for Chelsio T5 adapter" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Turn off db coalescing when RDMA QPs are in use" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add module_params to enable DB FC & Coalescing on T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use DSGLs for fastreg and adapter memory writes for T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Map pbl buffers for dma if using DSGL" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Bump tcam_full stat and WR reply timeout" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix onchip queue support for T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix error return code in create_qp()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix SQ allocation when on-chip SQ is disabled" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix pci_device_id structure initialization with correct PF number" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: fix error recovery when t4_fw_hello returns a positive value" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Force uninitialized state if FW_ON_ADAPTER is < FW_VERSION and we're the MASTER_PF" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Correct comparisons and calculations using skb->tail and skb-transport_header" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Do not set net_device::dev_id to VI index" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix stack info leak in c4iw_create_qp()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add routines to create and remove listening IPv6 servers" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add CLIP support to store compressed IPv6 address" (Prarit Bhargava) [1140743]
- [infiniband] revert "cma: Add IPv6 support for iWARP" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add support for active and passive open connection with IPv6 address" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Handle newer firmware changes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use correct bit shift macros for vlan filter tuples" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix QP flush logic" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix accounting for unsignaled SQ WRs to deal with wrap" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Set arp error handler for PASS_ACCEPT_RPL messages" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Always do GTS write if cidx_inc == CIDXINC_MASK" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Advertise ~0ULL as max MR size" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Issue RI.FINI before closing when entering TERM" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove workqueue when driver registration fails" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove unnecessary pci_set_drvdata()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cgxb4: remove duplicate include in cxgb4.h" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Much cleaner implementation of is_t4()/is_t5()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: added much cleaner implementation of is_t4()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add new scheme to update T4/T5 firmware" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix formatting of physical address" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Make _c4iw_write_mem_dma() static" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: calls skb_set_hash" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Reserve stid 0 for T4/T5 adapters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Include TCP as protocol when creating server filters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Assign filter server TIDs properly" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Account for stid entries properly in case of IPv6" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add API to correctly calculate tuple fields" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: make functions static and remove dead code" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Calculate the filter server TID properly" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Server filters are supported only for IPv4" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use cxgb4_select_ntuple to correctly calculate ntuple fields" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: allow large buffer size to have page size" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Changed FW check version to match FW binary version" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: silence shift wrapping static checker warning" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Avoid disabling PCI device for towice" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Don't retrieve stats during recovery" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix gcc warning on 32-bit arch" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix referencing freed adapter" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add missing neigh_release in LE-Workaround path" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use pci_enable_msix_range() instead of pci_enable_msix()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add support to recognize 40G links" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Print adapter VPD Part Number instead of Engineering Change field" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Allow >10G ports to have multiple queues" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: LE-Workaround is not atomic in firmware" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Query firmware for T5 ULPTX MEMWRITE DSGL capabilities" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Remove unused registers and add missing ones" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Don't assume LSO only uses SGL path in t4_eth_xmit()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add more PCI device ids" (Prarit Bhargava) [1140743]
- [netdrv] revert "cgxb4: Stop using ethtool SPEED_* constants" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: use remove handler as shutdown handler" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix some small bugs in t4_sge_init_soft() when our Page Size is 64KB" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add code to dump SGE registers when hitting idma hangs" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Rectify emitting messages about SGE Ingress DMA channels being potentially stuck" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Updates for T5 SGE's Egress Congestion Threshold" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Calculate len properly for LSO path" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Treat CPL_ERR_KEEPALV_NEG_ADVICE as negative advice" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Doorbell Drop Avoidance Bug Fixes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix underflows in c4iw_create_qp()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix four byte info leak in c4iw_create_cq()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Cap CQ size at T4_MAX_IQ_SIZE" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Allow loopback connections" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Always release neigh entry" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix incorrect BUG_ON conditions" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Mind the sq_sig_all/sq_sig_type QP attributes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Default peer2peer mode to 1" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Save the correct map length for fast_reg_page_lists" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't leak skb in c4iw_uld_rx_handler()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix possible memory leak in RX_PKT processing" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Ignore read reponse type 1 CQEs" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Connect_request_upcall fixes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Update snd_seq when sending MPA messages" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Call dev_kfree/consume_skb_any instead of kfree_skb" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxbg4: Remove addressof casts to same type" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Adds device ID for few more Chelsio Adapters" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: set error code on kmalloc() failure" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Lock around accept/reject downcalls" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Drop RX_DATA packets if the endpoint is gone" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: rx_data() needs to hold the ep mutex" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Disable DSGL use by default" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use the BAR2/WC path for kernel QPs and T5 devices" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Endpoint timeout fixes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: rmb() after reading valid gen bit" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: SQ flush fix" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Max fastreg depth depends on DSGL support" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use pr_warn_ratelimited" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Initialize reserved fields in a FW work request" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add missing debug stats" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use uninitialized_var()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix over-dereference when terminating" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Save the correct mac addr for hw-loopback connections in the L2T" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: use the correct max size for firmware flash" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix endpoint mutex deadlocks" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Force T5 connections to use TAHOE congestion control" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Only allow kernel db ringing for T4 devs" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Update Kconfig to include Chelsio T5 adapter" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Decode PCIe Gen3 link speed" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix memory leaks in c4iw_alloc() error paths" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix vlan support" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add missing padding at end of struct c4iw_create_cq_resp" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: add missing padding at end of struct c4iw_alloc_ucontext_resp" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Decode the firmware port and module type a bit more for ethtool" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Check if rx checksum offload is enabled, while reading hardware calculated checksum" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Allocate and use IQs specifically for indirect interrupts" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Choose appropriate hw mtu index and ISS for iWARP connections" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: don't truncate the recv window size" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Change default Interrupt Holdoff Packet Count Threshold" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fixes cxgb4 probe failure in VM when PF is exposed through PCI Passthrough" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use FW interface to get BAR0 value" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Replaced the backdoor mechanism to access the HW memory with PCIe Window method" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Adds device ID for few more Chelsio T4 Adapters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove unnecessary null test before debugfs_remove_recursive" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Detect Ing. Padding Boundary at run-time" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: use firmware ord/ird resource limits" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: display TPTE on errors" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: work request logging feature" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Move common defines to cxgb4" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add the MC1 registers to read in the interrupt handler" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fixed incorrect check for memory operation in t4_memory_rw" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: only free allocated fls" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix possible race condition in cleanup" (Prarit Bhargava) [1140743]
- [infiniband] revert "iw_cxgb4: fix for 64-bit integer division" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add core T4 PCI-E SR-IOV Virtual Function hardware definitions and device communication code" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add T4 Virtual Function Scatter-Gather Engine DMA code" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add main T4 PCI-E SR-IOV Virtual Function driver for cxgb4vf" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add new Makefile for T4 PCI-E SR-IOV Virtual Function driver cxgb4vf" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Stitch new T4 PCI-E SR-IOV Virtual Function driver into the build" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Remove obsolete comment about the lack of a TX Timer Callback" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Use correct shift factor for extracting the SGE DMA Ingress Padding Boundary" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: remove obsolete DECLARE_PCI_UNMAP_ADDR usage" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Implement "Unhandled Interrupts" statistic" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix TX Queue restart" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix SGE resource resource deallocation bug" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix off-by-one error checking for the end of the mailbox delay array" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix bug where we were only allocating one queue in MSI mode" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: do not use PCI resources before pci_enable_device()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Use netif_set_real_num_rx/tx_queues()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: make single bit signed bitfields unsigned" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: remove call to stop TX queues at load time" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: don't implement trivial (and incorrect) ndo_select_queue()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix bug in Generic Receive Offload" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix some errors in Gather List to skb conversion" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: flesh out PCI Device ID Table" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fail open if link_start() fails" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: add call to Firmware to reset VF State" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: minor comment/symbolic name cleanup" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: add ethtool statistics for GRO" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix up "Section Mismatch" compiler warning" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Advertise NETIF_F_TSO_ECN" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix setting unicast/multicast addresses" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Ingress Queue Entry Size needs to be 64 bytes" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix mailbox data/control coherency domain race" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: recover from failure in cxgb4vf_open()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Check driver parameters in the right place" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Behave properly when CONFIG_DEBUG_FS isn't defined" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Quiesce Virtual Interfaces on shutdown" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Use defined Mailbox Timeout" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: improve Kconfig dependencies" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: do vlan cleanup" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: remove __dev* attributes" (Prarit Bhargava) [1140743]
- [netdrv] revert "chelsio: Use netdev_<level> and pr_<level>" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix extraction of cpl_rx_pkt from the response queue descriptor" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix VLAN extraction counter increment" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add support for Chelsio T5 adapter" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG" (Prarit Bhargava) [1140743]
- [netdrv] revert "net: cxgb4vf: Staticize local symbols" (Prarit Bhargava) [1140743]
- [netdrv] revert "net: cxgb4vf: remove unnecessary pci_set_drvdata()" (Prarit Bhargava) [1140743]
- [netdrv] revert "net: cxgb4vf: use DEFINE_PCI_DEVICE_TABLE" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: added much cleaner implementation of is_t4()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: make functions static and remove dead code" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Remove superfluous call to pci_disable_msix()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Adds device Id for few more Chelsio adapters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Export symbols required by cxgb4i for ipv6 support and required defines" (Prarit Bhargava) [1140743]
- [scsi] revert "libcxgbi: Add ipv6 api to driver" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: Add ipv6 code to driver, call into libcxgbi ipv6 api" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: Fix ipv6 build failure caught with randconfig" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: remove spurious use of rcu" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: Guard ipv6 code with a config check" (Prarit Bhargava) [1140743]
kernel-headers-2.6.32-431.29.2.el6.x86_64 [2.9 MiB] Changelog by Petr Holasek (2014-07-27):
- [kernel] futex: Fix errors in nested key ref-counting (Denys Vlasenko) [1094457 1094458] {CVE-2014-0205}
- [net] vxlan: fix NULL pointer dereference (Jiri Benc) [1114549 1096351] {CVE-2014-3535}
kernel-headers-2.6.32-431.23.3.el6.x86_64 [2.9 MiB] Changelog by Petr Holasek (2014-07-16):
- [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943}
kernel-headers-2.6.32-431.20.5.el6.x86_64 [2.9 MiB] Changelog by Petr Holasek (2014-07-16):
- [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943}
kernel-headers-2.6.32-431.20.3.el6.x86_64 [2.9 MiB] Changelog by Petr Holasek (2014-06-06):
- [kernel] futex: Make lookup_pi_state more robust (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [kernel] futex: Always cleanup owner tid in unlock_pi (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [kernel] futex: prevent requeue pi on same futex (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]
- [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]
- [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]
- [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]
- [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]
- Revert: [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]
kernel-headers-2.6.32-431.17.1.el6.x86_64 [2.9 MiB] Changelog by Petr Holasek (2014-04-11):
- [scsi] qla2xxx: Fixup looking for a space in the outstanding_cmds array in qla2x00_alloc_iocbs() (Chad Dupuis) [1085660 1070856]
- [scsi] isci: fix reset timeout handling (David Milburn) [1080600 1040393]
- [scsi] isci: correct erroneous for_each_isci_host macro (David Milburn) [1074855 1059325]
- [kernel] sched: Fix small race where child->se.parent, cfs_rq might point to invalid ones (Naoya Horiguchi) [1081907 1032350]
- [kernel] sched: suppress RCU lockdep splat in task_fork_fair (Naoya Horiguchi) [1081907 1032350]
- [kernel] sched: add local variable to store task_group() to avoid kernel stall (Naoya Horiguchi) [1081908 1043733]
- [fs] cifs: mask off top byte in get_rfc1002_length() (Sachin Prabhu) [1085358 1069737]
- [kernel] Prevent deadlock when post_schedule_rt() results in calling wakeup_kswapd() on multiple CPUs (Larry Woodman) [1086095 1009626]
- [scsi] AACRAID Driver compat IOCTL missing capability check (Jacob Tanenbaum) [1033533 1033534] {CVE-2013-6383}
- [md] dm-thin: fix rcu_read_lock being held in code that can sleep (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: irqsave must always be used with the pool->lock spinlock (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: sort the per thin deferred bios using an rb_tree (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: use per thin device deferred bio lists (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: simplify pool_is_congested (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix dangling bio in process_deferred_bios error path (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: take care to copy the space map root before locking the superblock (Mike Snitzer) [1086007 1060381]
- [md] dm-transaction-manager: fix corruption due to non-atomic transaction commit (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: fix refcount decrement below 0 which caused corruption (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix Documentation for held metadata root feature (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix noflush suspend IO queueing (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix deadlock in __requeue_bio_list (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix out of data space handling (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: ensure user takes action to validate data and metadata consistency (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: synchronize the pool mode during suspend (Mike Snitzer) [1086007 1060381]
- [md] fix Kconfig indentation (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: allow metadata space larger than supported to go unused (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix the error path for the thin device constructor (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: avoid metadata commit if a pool's thin devices haven't changed (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: fix bug in resizing of thin metadata (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix pool feature parsing (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: fix extending the space map (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-common: make sure new space is used during extend (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix set_pool_mode exposed pool operation races (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: eliminate the no_free_space flag (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: add error_if_no_space feature (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: requeue bios to DM core if no_free_space and in read-only mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: cleanup and improve no space handling (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: log info when growing the data or metadata device (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: handle metadata failures more consistently (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: factor out check_low_water_mark and use bools (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: add mappings to end of prepared_* lists (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: return error from alloc_data_block if pool is not in write mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: use bool rather than unsigned for flags in structures (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-data: cleanup dm-thin specific references in text (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: limit errors in sm_metadata_new_block (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix discard support to a previously shared block (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: initialize dm_thin_new_mapping returned by get_next_mapping (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map: disallow decrementing a reference count below zero (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: allow pool in read-only mode to transition to read-write mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: re-establish read-only state when switching to fail mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: always fallback the pool mode if commit fails (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: switch to read-only mode if metadata space is exhausted (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: switch to read only mode if a mapping insert fails (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: return on failure in sm_metadata_new_block (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-disk: optimise sm_disk_dec_block (Mike Snitzer) [1086007 1060381]
- [md] dm-table: print error on preresume failure (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: do not expose non-zero discard limits if discards disabled (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: always return -ENOSPC if no_free_space is set (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: set pool read-only if breaking_sharing fails block allocation (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: prefix pool error messages with pool device name (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map: optimise sm_ll_dec and sm_ll_inc (Mike Snitzer) [1086007 1060381]
- [md] dm-btree: prefetch child nodes when walking tree for a dm_btree_del (Mike Snitzer) [1086007 1060381]
- [md] dm-btree: use pop_frame in dm_btree_del to cleanup code (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix stacking of geometry limits (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: add data block size limits to Documentation (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix metadata dev resize detection (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: generate event when metadata threshold passed (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-metadata: add space map threshold callback (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-data: add threshold callback to space map (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: detect metadata device resizing (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-data: support space map resizing (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: refactor data dev resize (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: initialize read-only module parameters (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: submit writes outside lock (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: add recursive IO request BUG_ON (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: prefetch (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: fix slow IO latency issue specific to RHEL6 (Mike Snitzer) [1086490 1058528]
- [netdrv] mlx4_en: Fixed crash when port type is changed (Amir Vadai) [1085658 1059586]
- [netdrv] vmxnet3: fix netpoll race condition (Neil Horman) [1083175 1073218]
- [net] netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Jiri Pirko) [1077345 1077346] {CVE-2014-2523}
- [scsi] megaraid_sas: fix a small problem when reading state value from hw (Tomas Henzl) [1078641 1065187]
- [fs] gfs2: Increase the max number of ACLs (Robert S Peterson) [1078874 1075713]
- [net] filter: let bpf_tell_extensions return SKF_AD_MAX (Daniel Borkmann) [1079872 960275]
- [net] introduce SO_BPF_EXTENSIONS (Daniel Borkmann) [1079872 960275]
- [scsi] scsi_dh: cosmetic change to sizeof() (Ewan Milne) [1075554 1062494]
- [acpi] thermal: Check for thermal zone requirement (Nigel Croxon) [1075651 1021044]
- [acpi] thermal: Don't invalidate thermal zone if critical trip point is bad (Nigel Croxon) [1075651 1021044]
- [mm] flush pages from pagevec of offlined CPU (Naoya Horiguchi) [1078007 1037467]
- [fs] xfs: deprecate nodelaylog option (Eric Sandeen) [1076056 1055644]
- [fs] Fix mountpoint reference leakage in linkat (Jeff Layton) [1069848 1059943]
- [net] sock: Fix release_cb kABI brekage (Thomas Graf) [1066535 1039723]
- [vhost] fix total length when packets are too short (Michael S. Tsirkin) [1064442 1064444] {CVE-2014-0077}
- [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101}
- [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055}
kernel-headers-2.6.32-431.11.2.el6.x86_64 [2.8 MiB] Changelog by Petr Holasek (2014-03-03):
- [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101}
- [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055}
kernel-headers-2.6.32-431.5.1.el6.x86_64 [2.8 MiB] Changelog by Petr Holasek (2014-01-10):
- [net] sctp: fix checksum marking for outgoing packets (Daniel Borkmann) [1046041 1040385]
- [kernel] ptrace: Cleanup useless header (Aaron Tomlin) [1046043 1036312]
- [kernel] ptrace: kill BKL in ptrace syscall (Aaron Tomlin) [1046043 1036312]
- [fs] nfs: Prevent a 3-way deadlock between layoutreturn, open and state recovery (Steve Dickson) [1045094 1034487]
- [fs] nfs: Ensure that rmdir() waits for sillyrenames to complete (Steve Dickson) [1051395 1034348]
- [fs] nfs: wait on recovery for async session errors (Steve Dickson) [1051393 1030049]
- [fs] nfs: Re-use exit code in nfs4_async_handle_error() (Steve Dickson) [1051393 1030049]
- [fs] nfs: Update list of irrecoverable errors on DELEGRETURN (Steve Dickson) [1051393 1030049]
- [exec] ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039486 1039487] {CVE-2013-2929}
- [net] ipv6: router reachability probing (Jiri Benc) [1043779 1029585]
- [net] ipv6: remove the unnecessary statement in find_match() (Jiri Benc) [1043779 1029585]
- [net] ipv6: fix route selection if kernel is not compiled with CONFIG_IPV6_ROUTER_PREF (Jiri Benc) [1043779 1029585]
- [net] ipv6: Fix default route failover when CONFIG_IPV6_ROUTER_PREF=n (Jiri Benc) [1043779 1029585]
- [net] ipv6: probe routes asynchronous in rt6_probe (Jiri Benc) [1040826 1030094]
- [net] ndisc: Update neigh->updated with write lock (Jiri Benc) [1040826 1030094]
- [net] ipv6: prevent fib6_run_gc() contention (Jiri Benc) [1040826 1030094]
- [net] netfilter: push reasm skb through instead of original frag skbs (Jiri Pirko) [1049590 1011214]
- [net] ip6_output: fragment outgoing reassembled skb properly (Jiri Pirko) [1049590 1011214]
- [net] netfilter: nf_conntrack_ipv6: improve fragmentation handling (Jiri Pirko) [1049590 1011214]
- [net] ipv4: fix path MTU discovery with connection tracking (Jiri Pirko) [1049590 1011214]
- [net] ipv6: Make IP6CB(skb)->nhoff 16-bit (Jiri Pirko) [1049590 1011214]
- [edac] Add error decoding support for AMD Fam16h processors (Prarit Bhargava) [1051394 1020290]
- [netdrv] bnx2x: correct VF-PF channel locking scheme (Michal Schmidt) [1040498 1029203]
- [netdrv] bnx2x: handle known but unsupported VF messages (Michal Schmidt) [1040498 1029203]
- [netdrv] bnx2x: Lock DMAE when used by statistic flow (Michal Schmidt) [1040497 1029200]
- [net] ipv6: fix leaking uninitialized port number of offender sockaddr (Florian Westphal) [1035882 1035883] {CVE-2013-6405}
- [net] inet: fix addr_len/msg->msg_namelen assignment in recv_error functions (Florian Westphal) [1035882 1035883] {CVE-2013-6405}
- [net] inet: prevent leakage of uninitialized memory to user in recv syscalls (Florian Westphal) [1035882 1035883] {CVE-2013-6405}
- [net] ipvs: Add boundary check on ioctl arguments (Denys Vlasenko) [1030817 1030818] {CVE-2013-4588}
- [s390] qeth: avoid buffer overflow in snmp ioctl (Hendrik Brueckner) [1038935 1034266]
- [md] fix calculation of stacking limits on level change (Jes Sorensen) [1035347 1026864]
- [ata] ahci: fix turning on LEDs in ahci_start_port() (David Milburn) [1035339 1017105]
- [ata] libata: implement cross-port EH exclusion (David Milburn) [1035339 1017105]
- [ata] libata add ap to ata_wait_register and intro ata_msleep (David Milburn) [1035339 1017105]
- [netdrv] igb: Update link modes display in ethtool (Stefan Assmann) [1032389 1019578]
kernel-headers-2.6.32-431.1.2.el6.x86_64 [2.8 MiB] Changelog by Petr Holasek (2013-11-24):
- [x86] kvm: fix cross page vapic_addr access (Paolo Bonzini) [1032214 1032215] {CVE-2013-6368}
- [x86] kvm: fix division by zero in apic_get_tmcct (Paolo Bonzini) [1032212 1032213] {CVE-2013-6367}
kernel-headers-2.6.32-431.el6.x86_64 [2.8 MiB] Changelog by Rafael Aquini (2013-11-10):
- [md] Disabling of TRIM on RAID5 for RHEL6.5 was too aggressive (Jes Sorensen) [1028426]
kernel-headers-2.6.32-358.23.2.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-09-14):
- [md] dm-snapshot: fix data corruption (Mikulas Patocka) [1004252 1004233] {CVE-2013-4299}
kernel-headers-2.6.32-358.18.1.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-08-02):
- [x86] perf/x86: Fix offcore_rsp valid mask for SNB/IVB (Nikola Pajkovsky) [971314 971315] {CVE-2013-2146}
- [net] br: fix schedule while atomic issue in br_features_recompute() (Jiri Pirko) [990464 980876]
- [scsi] isci: Fix a race condition in the SSP task management path (David Milburn) [990470 978609]
- [bluetooth] L2CAP - Fix info leak via getsockname() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544}
- [bluetooth] HCI - Fix info leak in getsockopt() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544}
- [net] tuntap: initialize vlan_features (Vlad Yasevich) [984524 951458]
- [net] af_key: initialize satype in key_notify_policy_flush() (Thomas Graf) [981225 981227] {CVE-2013-2237}
- [usb] uhci: fix for suspend of virtual HP controller (Gopal) [982697 960026]
- [usb] uhci: Remove PCI dependencies from uhci-hub (Gopal) [982697 960026]
- [netdrv] bnx2x: Change MDIO clock settings (Michal Schmidt) [982116 901747]
- [scsi] st: Take additional queue ref in st_probe (Tomas Henzl) [979293 927988]
- [kernel] audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE (Oleg Nesterov) [982472 962976]
- [kernel] audit: avoid negative sleep durations (Oleg Nesterov) [982472 962976]
- [fs] ext4/jbd2: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807]
- [fs] jbd: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807]
- [fs] ext4: fix waiting and sending of a barrier in ext4_sync_file() (Eric Sandeen) [963557 955807]
- [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Eric Sandeen) [963557 955807]
- [fs] jbd2: fix sending of data flush on journal commit (Eric Sandeen) [963557 955807]
- [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [963557 955807]
- [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [963557 955807]
- [fs] ext4: Rewrite __jbd2_log_start_commit logic to match upstream (Eric Sandeen) [963557 955807]
- [net] bridge: Set vlan_features to allow offloads on vlans (Vlad Yasevich) [984524 951458]
- [virt] virtio-net: initialize vlan_features (Vlad Yasevich) [984524 951458]
- [mm] swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [977668 827548]
- [dma] ioat: Fix excessive CPU utilization (John Feeney) [982758 883575]
- [fs] vfs: revert most of dcache remove d_mounted (Ian Kent) [974597 907512]
- [fs] xfs: don't free EFIs before the EFDs are committed (Carlos Maiolino) [975578 947582]
- [fs] xfs: pass shutdown method into xfs_trans_ail_delete_bulk (Carlos Maiolino) [975576 805407]
- [net] ipv6: bind() use stronger condition for bind_conflict (Flavio Leitner) [989923 917872]
- [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [977680 894683]
- [x86] remove BUG_ON(TS_USEDFPU) in __sanitize_i387_state() (Oleg Nesterov) [956054 920445]
- [fs] coredump: ensure the fpu state is flushed for proper multi-threaded core dump (Oleg Nesterov) [956054 920445]
kernel-headers-2.6.32-358.14.1.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-06-17):
- [x86] apic: Add probe() for apic_flat (Prarit Bhargava) [975086 953342]
kernel-headers-2.6.32-358.11.1.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-05-15):
- [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094}
kernel-headers-2.6.32-358.6.2.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-05-14):
- [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094}
kernel-headers-2.6.32-358.6.1.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-03-29):
- [virt] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes (Petr Matousek) [917020 917021] {CVE-2013-1796}
- [char] tty: hold lock across tty buffer finding and buffer filling (Prarit Bhargava) [928686 901780]
- [net] tcp: fix for zero packets_in_flight was too broad (Thomas Graf) [927309 920794]
- [net] tcp: frto should not set snd_cwnd to 0 (Thomas Graf) [927309 920794]
- [net] tcp: fix an infinite loop in tcp_slow_start() (Thomas Graf) [927309 920794]
- [net] tcp: fix ABC in tcp_slow_start() (Thomas Graf) [927309 920794]
- [netdrv] ehea: avoid accessing a NULL vgrp (Steve Best) [921535 911359]
- [net] sunrpc: Get rid of the redundant xprt->shutdown bit field (J. Bruce Fields) [915579 893584]
- [virt] kvm: do not #GP on unaligned MSR_KVM_SYSTEM_TIME write (Gleb Natapov) [917020 917021] {CVE-2013-1796}
- [drm] i915: bounds check execbuffer relocation count (Nikola Pajkovsky) [920523 920525] {CVE-2013-0913}
- [x86] irq: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [911267 887006]
- [kvm] Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (Gleb Natapov) [917024 917025] {CVE-2013-1797}
- [kvm] Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (Gleb Natapov) [917020 917021] {CVE-2013-1796}
- [kvm] Fix bounds checking in ioapic indirect register reads (Gleb Natapov) [917030 917032] {CVE-2013-1798}
- [kvm] x86: release kvmclock page on reset (Gleb Natapov) [917024 917025] {CVE-2013-1797}
- [security] keys: Fix race with concurrent install_user_keyrings() (David Howells) [916681 913258] {CVE-2013-1792}
- [virt] hv_balloon: Make adjustments to the pressure report (Jason Wang) [909156 902232]
kernel-headers-2.6.32-358.2.1.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-02-20):
- [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871}
kernel-headers-2.6.32-358.0.1.el6.x86_64 [2.3 MiB] Changelog by Nikola Pajkovsky (2013-02-20):
- [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871}

Listing created by Repoview-0.6.6-4.el7