kernel-headers-2.6.32-754.35.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2020-09-16):
- [ata] libata: fix NULL sdev dereference race in atapi_qc_complete() (Kenneth Yin) [1876296]
|
kernel-headers-2.6.32-754.33.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2020-08-10):
- [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1824907]
|
kernel-headers-2.6.32-754.31.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2020-06-15):
- [x86] x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543}
- [netdrv] bonding/802.3ad: fix link_failure_count tracking (Patrick Talbert) [1841819]
- [mm] mm: migration: add migrate_entry_wait_huge() (Waiman Long) [1839653]
- [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1796810]
- [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Update Spectre v2 reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1796810]
- [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Gustavo Duarte) [1796810]
- [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Patch barrier_nospec in modules (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add barrier_nospec (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Add helper to check if offset is within relative branch range (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Have patch_instruction detect faults (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Introduce asm-prototypes.h (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Move local setup.h declarations to arch includes (Gustavo Duarte) [1796810]
|
kernel-headers-2.6.32-754.30.2.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2020-05-29):
- x86/speculation: Provide SRBDS late microcode loading support (Waiman Long)
- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543}
|
kernel-headers-2.6.32-754.29.2.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2020-05-07):
- [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711}
|
kernel-headers-2.6.32-754.29.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2020-03-12):
- [wireless] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775226] {CVE-2019-17666}
- [x86] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes (Denys Vlasenko) [1485759]
- [powerpc] powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB (Denys Vlasenko) [1485759]
- binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Denys Vlasenko) [1485759]
- [powerpc] powerpc: Use generic PIE randomization (Denys Vlasenko) [1485759]
|
kernel-headers-2.6.32-754.28.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2020-01-31):
- [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1795404]
- [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779473] {CVE-2019-17055}
- [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778625] {CVE-2019-17133}
- [netdrv] bonding: speed/duplex update at NETDEV_UP event (Patrick Talbert) [1772779]
- [netdrv] bonding: make speed, duplex setting consistent with link state (Patrick Talbert) [1772779]
- [netdrv] bonding: simplify / unify event handling code for 3ad mode (Patrick Talbert) [1772779]
- [netdrv] bonding: unify all places where actor-oper key needs to be updated (Patrick Talbert) [1772779]
- [netdrv] bonding: simple code refactor (Patrick Talbert) [1772779]
|
kernel-headers-2.6.32-754.25.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2019-11-20):
- [kvm] KVM: VMX: Set VMENTER_L1D_FLUSH_NOT_REQUIRED if !X86_BUG_L1TF (Waiman Long) [1733760]
- [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746799] {CVE-2019-14821}
- [virt] KVM: MMIO: Lock coalesced device when checking for available entry (Bandan Das) [1746799] {CVE-2019-14821}
- [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1749512]
- [security] KEYS: prevent creating a different user's keyrings (David Howells) [1537371]
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135}
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155}
|
kernel-headers-2.6.32-754.24.3.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2019-11-12):
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155}
|
kernel-headers-2.6.32-754.24.2.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2019-11-06):
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135}
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155}
|
kernel-headers-2.6.32-754.23.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2019-09-17):
- [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750869 1750869] {CVE-2019-14835}
|
kernel-headers-2.6.32-754.22.1.el6.i686
[4.6 MiB] |
Changelog
by Denys Vlasenko (2019-08-16):
- [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712858] {CVE-2019-11810}
- [net] net: Set sk_prot_creator when copying sockets to the right proto (Andrea Claudi) [1657117] {CVE-2018-9568}
|
kernel-headers-2.6.32-754.18.2.el6.i686
[4.6 MiB] |
Changelog
by Phillip Lougher (2019-07-25):
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125}
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125}
|
kernel-headers-2.6.32-754.17.1.el6.i686
[4.6 MiB] |
Changelog
by Phillip Lougher (2019-06-20):
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719840] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719585] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719585] {CVE-2019-11477}
- [lib] idr: free the top layer if idr tree has the maximum height (Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix top layer handling (Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix backtrack logic in idr_remove_all (Denys Vlasenko) [1698139] {CVE-2019-3896}
|
kernel-headers-2.6.32-754.15.3.el6.i686
[4.6 MiB] |
Changelog
by Phillip Lougher (2019-06-13):
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719840] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719585] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719585] {CVE-2019-11477}
|
kernel-headers-2.6.32-754.14.2.el6.i686
[4.6 MiB] |
Changelog
by Phillip Lougher (2019-04-24):
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Provide arch_smt_update() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
|
kernel-headers-2.6.32-754.12.1.el6.i686
[4.6 MiB] |
Changelog
by Phillip Lougher (2019-03-07):
- [x86] vDSO: Don't generate retpoline for indirect call (Waiman Long) [1638552]
- [fs] cifs: fix reparse point/symlink breakage (Leif Sahlberg) [1636484]
- [scsi] qla2xxx: Mask off Scope bits in retry delay (Himanshu Madhani) [1588133]
- [net] tcp: make tcp_retransmit_timer a no-op on empty write queue (Paolo Abeni) [1585892]
- [kernel] sched/sysctl: Check user input value of sysctl_sched_time_avg (Lauro Ramos Venancio) [1579128]
- [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] hugetlbfs: switch to inode_init_owner() (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] udf: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ubifs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ramfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext4: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext3: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext2: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] btrfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] vfs: Add inode uid,gid,mode init helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [s390] kernel: adapt to changed CPU vulnerabilities function prototypes (Hendrik Brueckner) [1625381]
- [s390] detect etoken facility (Hendrik Brueckner) [1625381]
- [s390] Correct register corruption in critical section cleanup (Hendrik Brueckner) [1625381]
- [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1625381]
- [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1625381]
- [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1625381]
- [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1625381]
- [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1625381]
- [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1625381]
- [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Oleksandr Natalenko) [1670328]
- [perf] Fix a race between ring_buffer_detach() and ring_buffer_attach() (Jiri Olsa) [1589340]
- [perf] Fix mmap() accounting hole (Jiri Olsa) [1627672]
- [perf] Fix perf mmap bugs (Jiri Olsa) [1627672]
|
kernel-headers-2.6.32-754.11.1.el6.i686
[4.5 MiB] |
Changelog
by Phillip Lougher (2019-01-22):
- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1644401]
- [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593083] {CVE-2018-10902}
|
kernel-headers-2.6.32-754.6.3.el6.i686
[4.5 MiB] |
Changelog
by Frantisek Hrbata (2018-09-18):
- [kvm] VMX: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1628796]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1628796]
- [x86] KVM: VMX: skip L1TF flush on VM-entry if EPT is disabled (Marcelo Tosatti) [1616397]
|
kernel-headers-2.6.32-754.3.5.el6.i686
[4.5 MiB] |
Changelog
by Phillip Lougher (2018-08-09):
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620}
|
kernel-headers-2.6.32-754.2.1.el6.i686
[4.5 MiB] |
Changelog
by Phillip Lougher (2018-07-03):
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1596113] {CVE-2018-10872}
- [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas Grunbacher) [1506281]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576757] {CVE-2018-10675}
- [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page() (Larry Woodman) [1381653]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Label each entry in the session slot tables with its slot number (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session pointer (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression (Benjamin Coddington) [1553423]
- [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310]
- [scsi] ipr: Wait to do async scan until scsi host is initialized (Gustavo Duarte) [1572310]
|
kernel-headers-2.6.32-754.el6.i686
[4.5 MiB] |
Changelog
by Phillip Lougher (2018-05-24):
- [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360]
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494]
- [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351]
- [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148]
- [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130}
- [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130}
|
kernel-headers-2.6.32-696.30.1.el6.i686
[4.5 MiB] |
Changelog
by Jan Stancek (2018-05-18):
- [x86] x86/kvm: fix CPUID_7_EDX (word 18) mask (Jan Stancek) [1566893 1566899] {CVE-2018-3639}
|
kernel-headers-2.6.32-696.28.1.el6.i686
[4.5 MiB] |
Changelog
by Jan Stancek (2018-04-26):
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897}
- [x86] xen: do not use xen_info on HVM, set pv_info name to "Xen HVM" (Vitaly Kuznetsov) [1569141 1568241]
|
kernel-headers-2.6.32-696.23.1.el6.i686
[4.5 MiB] |
Changelog
by Jan Stancek (2018-02-10):
- [scsi] avoid a permanent stop of the scsi device's request queue (Ewan Milne) [1519857 1513455]
- [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1543022 1535645]
- [x86] retpoline: Don't use kernel indirect thunks in vsyscalls (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1543022 1535645]
- [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1543022 1535645]
- [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1543022 1535645]
- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1543022 1535645]
- [x86] bugs: Drop one "mitigation" from dmesg (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1543022 1535645]
- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1543022 1535645]
- [x86] Use IBRS for firmware update path (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1543022 1535645]
- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1543022 1535645]
- [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1543022 1535645]
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1543022 1535645]
- [x86] mce: Make machine check speculation protected (Waiman Long) [1543022 1535645]
- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1543022 1535645]
- [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1543022 1535645]
- [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1543022 1535645]
- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1543022 1535645]
- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1543022 1535645]
- [x86] retpoline: Add initial retpoline support (Waiman Long) [1543022 1535645]
- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1543022 1535645]
- [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1543022 1535645]
- [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12] (Waiman Long) [1543022 1535645]
- [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1543022 1535645]
- [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1543022 1535645]
- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1543022 1535645]
- [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1543022 1535645]
- [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1543022 1535645]
- [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1543022 1535645]
- [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (Waiman Long) [1543022 1535645]
- [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1543022 1535645]
- [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1543022 1535645]
- [x86] alternatives: Document macros (Waiman Long) [1543022 1535645]
- [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1543022 1535645]
- [x86] alternatives: Add instruction padding (Waiman Long) [1543022 1535645]
- [x86] alternative: Add header guards to <asm/alternative-asm.h> (Waiman Long) [1543022 1535645]
- [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1543022 1535645]
- [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1543022 1535645]
- [x86] Make .altinstructions bit size neutral (Waiman Long) [1543022 1535645]
- [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1543022 1535645]
- [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1543022 1535645]
|
kernel-headers-2.6.32-696.20.1.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2018-01-12):
- [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] pti/mm: Fix XEN PV boot failure (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754}
|
kernel-headers-2.6.32-696.18.7.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-12-28):
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman Long) [1519799 1519802] {CVE-2017-5754}
|
kernel-headers-2.6.32-696.16.1.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-10-08):
- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111}
- [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111}
- [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111}
- [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1498019 1441773]
- [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1497976 1477288]
- [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1497976 1477288]
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488344 1488340] {CVE-2017-14106}
- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488344 1488340] {CVE-2017-14106}
- [scsi] lpfc: fix "integer constant too large" error on 32bit archs (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Vport creation is failing with "Link Down" error (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1487220 1441169]
- [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1487220 1441169]
- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481532 1481529] {CVE-2017-1000112}
- [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112}
- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112}
|
kernel-headers-2.6.32-696.13.2.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-09-22):
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251}
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
|
kernel-headers-2.6.32-696.10.3.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-09-21):
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
|
kernel-headers-2.6.32-696.10.2.el6.i686
[4.5 MiB] |
Changelog
by Frantisek Hrbata (2017-09-10):
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251}
|
kernel-headers-2.6.32-696.6.3.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-06-30):
- [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1466667 1464237]
- [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237]
- Revert: [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237]
|
kernel-headers-2.6.32-696.3.2.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-06-07):
- [mm] enlarge stack guard gap (Larry Woodman) [1452729 1452730] {CVE-2017-1000364 CVE-2017-1000366}
|
kernel-headers-2.6.32-696.3.1.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-04-20):
- [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1442979 1436527]
- [scsi] lpfc: update for rhel6 11.0.0.6 (Maurizio Lombardi) [1439636 1429881]
- [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1439636 1429881]
- [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1443499 1146727]
- [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1443234 1434560]
- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430577 1430578] {CVE-2017-6214}
|
kernel-headers-2.6.32-696.1.1.el6.i686
[4.5 MiB] |
Changelog
by Denys Vlasenko (2017-03-21):
- [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910}
- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749]
- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1428106 1360930]
- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429917 1429918] {CVE-2017-2636}
|
kernel-headers-2.6.32-696.el6.i686
[4.5 MiB] |
Changelog
by Phillip Lougher (2017-02-20):
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074}
|
kernel-headers-2.6.32-642.15.1.el6.i686
[4.4 MiB] |
Changelog
by Frantisek Hrbata (2017-02-20):
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074}
|
kernel-headers-2.6.32-642.13.2.el6.i686
[4.4 MiB] |
Changelog
by Frantisek Hrbata (2017-02-18):
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074}
|
kernel-headers-2.6.32-642.13.1.el6.i686
[4.4 MiB] |
Changelog
by Denys Vlasenko (2016-11-23):
- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390805 1390046] {CVE-2016-7117}
- [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1396479 1381585]
- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379527 1379529] {CVE-2016-6828}
- [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
- [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
- [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351421 1351422] {CVE-2016-4998}
- [net] ipv6: Don't change dst->flags using assignments (Marcelo Leitner) [1391974 1389478]
- [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1392818 1383078]
- [netdrv] sfc: report supported link speeds on SFP connections (Jarod Wilson) [1388168 1384621]
- [drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1392875 1342114]
- [hv] avoid vfree() on crash (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: handle various crash scenarios (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: Support kexec on ws2012 r2 and above (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: Support handling messages on multiple CPUs (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: avoid wait_for_completion() on crash (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: don't loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1385482 1333167]
- [hv] vmbus: Force all channel messages to be delivered on CPU 0 (Vitaly Kuznetsov) [1385482 1333167]
- [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1396272 1374743]
- [fs] nfs4.1: Remove a bogus BUG_ON() in nfs4_layoutreturn_done (Steve Dickson) [1385480 1376467]
- [firmware] dmi_scan: DMI information in sysfs is missing on SMBIOS 3.0 based systems (Steve Best) [1393464 1353807]
|
kernel-headers-2.6.32-642.11.1.el6.i686
[4.4 MiB] |
Changelog
by Denys Vlasenko (2016-10-26):
- [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195}
|
kernel-headers-2.6.32-642.6.2.el6.i686
[4.4 MiB] |
Changelog
by Frantisek Hrbata (2016-10-24):
- [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195}
|
kernel-headers-2.6.32-642.6.1.el6.i686
[4.4 MiB] |
Changelog
by Denys Vlasenko (2016-08-25):
- [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696}
- [fs] sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott Mayhew) [1366962 1294939]
- [usbhid] hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Yauheni Kaliuta) [1359999 1360008] {CVE-2016-5829}
|
kernel-headers-2.6.32-642.4.2.el6.i686
[4.4 MiB] |
Changelog
by Petr Holasek (2016-08-15):
- [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696}
|
kernel-headers-2.6.32-642.3.1.el6.i686
[4.4 MiB] |
Changelog
by Petr Holasek (2016-06-26):
- [infiniband] security: Restrict use of the write interface (Don Dutile) [1332547 1332548] {CVE-2016-4565}
|
kernel-headers-2.6.32-642.el6.i686
[4.3 MiB] |
Changelog
by Aristeu Rozanski (2016-04-12):
- [scsi] fc: revert - ensure scan_work isn't active when freeing fc_rport (Ewan Milne) [1326447]
- [netdrv] ixgbe: Update ixgbe driver to use __netdev_pick_tx in ixgbe_select_queue (John Greene) [1310749]
- [netdrv] mlx5e: Fix adding vlan rule with vid zero twice (Kamal Heib) [1322809]
|
kernel-headers-2.6.32-573.26.1.el6.i686
[3.9 MiB] |
Changelog
by Frantisek Hrbata (2016-04-12):
- [kernel] revert "sched: core: Use hrtimer_start_expires" (Jiri Olsa) [1326043 1324318]
- [kernel] Revert "Cleanup bandwidth timers" (Jiri Olsa) [1326043 1324318]
- [kernel] revert "fair: Test list head instead of list entry in throttle_cfs_rq" (Jiri Olsa) [1326043 1324318]
- [kernel] revert "sched, perf: Fix periodic timers" (Jiri Olsa) [1326043 1324318]
- [kernel] Revert "fix KABI break" (Jiri Olsa) [1326043 1324318]
|
kernel-headers-2.6.32-573.22.1.el6.i686
[3.9 MiB] |
Changelog
by Frantisek Hrbata (2016-03-17):
- [mm] always decrement anon_vma degree when the vma list is empty (Jerome Marchand) [1318364 1309898]
|
kernel-headers-2.6.32-573.12.1.el6.i686
[3.9 MiB] |
Changelog
by Frantisek Hrbata (2015-11-23):
- Revert: [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551]
|
kernel-headers-2.6.32-573.3.1.el6.i686
[3.9 MiB] |
Changelog
by Frantisek Hrbata (2015-08-10):
- [md] Revert "dm: don't schedule delayed run of the queue if nothing to do" (Mike Snitzer) [1246095 1240767]
- [md] Revert "dm: only run the queue on completion if congested or no requests pending" (Mike Snitzer) [1246095 1240767]
|
kernel-headers-2.6.32-573.el6.i686
[3.9 MiB] |
Changelog
by Kurt Stutsman (2015-07-01):
- [security] selinux: don't waste ebitmap space when importing NetLabel categories (Paul Moore) [1130197]
- [x86] Revert "Add driver auto probing for x86 features v4" (Prarit Bhargava) [1231280]
- [net] bridge: netfilter: don't call iptables on vlan packets if sysctl is off (Florian Westphal) [1236551]
- [net] ebtables: Allow filtering of hardware accelerated vlan frames (Florian Westphal) [1236551]
|
kernel-headers-2.6.32-504.30.3.el6.i686
[3.4 MiB] |
Changelog
by Frantisek Hrbata (2015-07-09):
- [redhat] spec: Update dracut dependency to pull in drbg module (Frantisek Hrbata) [1241517 1241338]
|
kernel-headers-2.6.32-504.23.4.el6.i686
[3.4 MiB] |
Changelog
by Radomir Vrbovsky (2015-05-29):
- [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907]
- [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907]
|
kernel-headers-2.6.32-504.16.2.el6.i686
[3.4 MiB] |
Changelog
by Frantisek Hrbata (2015-03-10):
- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
|
kernel-headers-2.6.32-504.12.2.el6.i686
[3.3 MiB] |
Changelog
by Radomir Vrbovsky (2015-02-01):
- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
|
kernel-headers-2.6.32-504.8.1.el6.i686
[3.3 MiB] |
Changelog
by Radomir Vrbovsky (2014-12-19):
- [crypto] crc32c: Kill pointless CRYPTO_CRC32C_X86_64 option (Jarod Wilson) [1175509 1036212]
- [crypto] testmgr: add larger crc32c test vector to test FPU path in crc32c_intel (Jarod Wilson) [1175509 1036212]
- [crypto] tcrypt: Added speed test in tcrypt for crc32c (Jarod Wilson) [1175509 1036212]
- [crypto] crc32c: Optimize CRC32C calculation with PCLMULQDQ instruction (Jarod Wilson) [1175509 1036212]
- [crypto] crc32c: Rename crc32c-intel.c to crc32c-intel_glue.c (Jarod Wilson) [1175509 1036212]
|
kernel-headers-2.6.32-504.3.3.el6.i686
[3.3 MiB] |
Changelog
by Radomir Vrbovsky (2014-12-12):
- [x86] traps: stop using IST for #SS (Petr Matousek) [1172810 1172811] {CVE-2014-9322}
|
kernel-headers-2.6.32-504.1.3.el6.i686
[3.3 MiB] |
Changelog
by Radomir Vrbovsky (2014-10-31):
- Revert: [net] revert "bridge: Set vlan_features to allow offloads on vlans" (Vlad Yasevich) [1144442 1121991]
|
kernel-headers-2.6.32-504.el6.i686
[3.3 MiB] |
Changelog
by Rafael Aquini (2014-09-16):
- [netdrv] revert "cxgb4: set skb->rxhash" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use netif_set_real_num_rx/tx_queues()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Turn on delayed ACK" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use ULP_MODE_TCPDDP" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Debugfs dump_qp() updates" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Drop peer_abort when no endpoint found" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Detect DB FULL events and notify RDMA ULD" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Common platform specific changes for DB Drop Recovery" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: DB Drop Recovery for RDMA and LLD queues" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add debugfs RDMA memory stats" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add DB Overflow Avoidance" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: DB Drop Recovery for RDMA and LLD queues" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use vmalloc() for debugfs QP dump" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Remove kfifo usage" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Include vmalloc.h for vmalloc and vfree" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: set maximal number of default RSS queues" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Remove duplicate register definitions" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Update RDMA/cxgb4 due to macro definition removal in cxgb4 driver" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Move dereference below NULL test" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix incorrect values for MEMWIN*_APERTURE and MEMWIN*_BASE" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add functions to read memory via PCIE memory window" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Code cleanup to enable T4 Configuration File support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add support for T4 configuration file" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add support for T4 hardwired driver configuration settings" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Don't attempt to upgrade T4 firmware when cxgb4 will end up as a slave" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix error handling in create_qp()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Dynamically allocate memory in t4_memory_rw() and get_vpd_params()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix build error due to missing linux/vmalloc.h include" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: allocate enough data in t4_memory_rw()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Address various sparse warnings" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Remove unnecessary #ifdef condition" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't free chunk that we have failed to allocate" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix unable to get UP event from the LLD" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix initialization of SGE_CONTROL register" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: use WARN" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Chelsio FCoE offload driver submission" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove __dev* attributes" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T4 filter support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add LE hash collision bug fix path in LLD driver" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix LE hash collision bug for active open connection" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix LE hash collision bug for passive open connection" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix bug for active and passive LE hash collision path" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use netdev_<level> and pr_<level>" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix incorrect PFVF CMASK" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Abort connections that receive unexpected streaming mode data" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Abort connections when moving to ERROR state" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Display streaming mode error only if detected in RTS" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Keep QP referenced until TID released" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Always log async errors" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Only log rx_data warnings if cpl status is non-zero" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix endpoint timeout race condition" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't reconnect on abort for mpa_rev 1" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't wakeup threads for MPAv2" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Insert hwtid in pass_accept_req instead in pass_establish" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Address sparse warnings" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: "cookie" can stay in host endianness" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix cast warning" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Allow for backward compatibility with new VPD scheme" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add register definations for T5" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add macros, structures and inline functions for T5" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Initialize T5" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Dump T5 registers" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T5 write combining support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Enable doorbell drop recovery only for T4 adapter" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T5 debugfs support" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add T5 PCI ids" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Update driver version and description" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Disable SR-IOV support for PF4-7 for T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add Support for Chelsio T5 adapter" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Turn off db coalescing when RDMA QPs are in use" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add module_params to enable DB FC & Coalescing on T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use DSGLs for fastreg and adapter memory writes for T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Map pbl buffers for dma if using DSGL" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Bump tcam_full stat and WR reply timeout" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix onchip queue support for T5" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix error return code in create_qp()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix SQ allocation when on-chip SQ is disabled" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix pci_device_id structure initialization with correct PF number" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: fix error recovery when t4_fw_hello returns a positive value" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Force uninitialized state if FW_ON_ADAPTER is < FW_VERSION and we're the MASTER_PF" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Correct comparisons and calculations using skb->tail and skb-transport_header" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Do not set net_device::dev_id to VI index" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix stack info leak in c4iw_create_qp()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add routines to create and remove listening IPv6 servers" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add CLIP support to store compressed IPv6 address" (Prarit Bhargava) [1140743]
- [infiniband] revert "cma: Add IPv6 support for iWARP" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add support for active and passive open connection with IPv6 address" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Handle newer firmware changes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use correct bit shift macros for vlan filter tuples" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix QP flush logic" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix accounting for unsignaled SQ WRs to deal with wrap" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Set arp error handler for PASS_ACCEPT_RPL messages" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Always do GTS write if cidx_inc == CIDXINC_MASK" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Advertise ~0ULL as max MR size" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Issue RI.FINI before closing when entering TERM" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove workqueue when driver registration fails" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove unnecessary pci_set_drvdata()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cgxb4: remove duplicate include in cxgb4.h" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Much cleaner implementation of is_t4()/is_t5()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: added much cleaner implementation of is_t4()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add new scheme to update T4/T5 firmware" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix formatting of physical address" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Make _c4iw_write_mem_dma() static" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: calls skb_set_hash" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Reserve stid 0 for T4/T5 adapters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Include TCP as protocol when creating server filters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Assign filter server TIDs properly" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Account for stid entries properly in case of IPv6" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add API to correctly calculate tuple fields" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: make functions static and remove dead code" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Calculate the filter server TID properly" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Server filters are supported only for IPv4" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use cxgb4_select_ntuple to correctly calculate ntuple fields" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: allow large buffer size to have page size" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Changed FW check version to match FW binary version" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: silence shift wrapping static checker warning" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Avoid disabling PCI device for towice" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Don't retrieve stats during recovery" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix gcc warning on 32-bit arch" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix referencing freed adapter" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add missing neigh_release in LE-Workaround path" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use pci_enable_msix_range() instead of pci_enable_msix()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add support to recognize 40G links" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Print adapter VPD Part Number instead of Engineering Change field" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Allow >10G ports to have multiple queues" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: LE-Workaround is not atomic in firmware" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Query firmware for T5 ULPTX MEMWRITE DSGL capabilities" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Remove unused registers and add missing ones" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Don't assume LSO only uses SGL path in t4_eth_xmit()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add more PCI device ids" (Prarit Bhargava) [1140743]
- [netdrv] revert "cgxb4: Stop using ethtool SPEED_* constants" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: use remove handler as shutdown handler" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix some small bugs in t4_sge_init_soft() when our Page Size is 64KB" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add code to dump SGE registers when hitting idma hangs" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Rectify emitting messages about SGE Ingress DMA channels being potentially stuck" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Updates for T5 SGE's Egress Congestion Threshold" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Calculate len properly for LSO path" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Treat CPL_ERR_KEEPALV_NEG_ADVICE as negative advice" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Doorbell Drop Avoidance Bug Fixes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix underflows in c4iw_create_qp()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix four byte info leak in c4iw_create_cq()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Cap CQ size at T4_MAX_IQ_SIZE" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Allow loopback connections" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Always release neigh entry" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix incorrect BUG_ON conditions" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Mind the sq_sig_all/sq_sig_type QP attributes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Default peer2peer mode to 1" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Save the correct map length for fast_reg_page_lists" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Don't leak skb in c4iw_uld_rx_handler()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix possible memory leak in RX_PKT processing" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Ignore read reponse type 1 CQEs" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Connect_request_upcall fixes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Update snd_seq when sending MPA messages" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Call dev_kfree/consume_skb_any instead of kfree_skb" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxbg4: Remove addressof casts to same type" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Adds device ID for few more Chelsio Adapters" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: set error code on kmalloc() failure" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Lock around accept/reject downcalls" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Drop RX_DATA packets if the endpoint is gone" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: rx_data() needs to hold the ep mutex" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Disable DSGL use by default" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use the BAR2/WC path for kernel QPs and T5 devices" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Endpoint timeout fixes" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: rmb() after reading valid gen bit" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: SQ flush fix" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Max fastreg depth depends on DSGL support" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use pr_warn_ratelimited" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Initialize reserved fields in a FW work request" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add missing debug stats" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Use uninitialized_var()" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix over-dereference when terminating" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Save the correct mac addr for hw-loopback connections in the L2T" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: use the correct max size for firmware flash" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix endpoint mutex deadlocks" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Force T5 connections to use TAHOE congestion control" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Only allow kernel db ringing for T4 devs" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Update Kconfig to include Chelsio T5 adapter" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Decode PCIe Gen3 link speed" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix memory leaks in c4iw_alloc() error paths" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Fix vlan support" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: Add missing padding at end of struct c4iw_create_cq_resp" (Prarit Bhargava) [1140743]
- [infiniband] revert "cxgb4: add missing padding at end of struct c4iw_alloc_ucontext_resp" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Decode the firmware port and module type a bit more for ethtool" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Check if rx checksum offload is enabled, while reading hardware calculated checksum" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Allocate and use IQs specifically for indirect interrupts" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Choose appropriate hw mtu index and ISS for iWARP connections" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: don't truncate the recv window size" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Change default Interrupt Holdoff Packet Count Threshold" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fixes cxgb4 probe failure in VM when PF is exposed through PCI Passthrough" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Use FW interface to get BAR0 value" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Replaced the backdoor mechanism to access the HW memory with PCIe Window method" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Adds device ID for few more Chelsio T4 Adapters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: remove unnecessary null test before debugfs_remove_recursive" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Detect Ing. Padding Boundary at run-time" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: use firmware ord/ird resource limits" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: display TPTE on errors" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: work request logging feature" (Prarit Bhargava) [1140743]
- [netdrv] revert "iw_cxgb4: Move common defines to cxgb4" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Add the MC1 registers to read in the interrupt handler" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fixed incorrect check for memory operation in t4_memory_rw" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: only free allocated fls" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Fix possible race condition in cleanup" (Prarit Bhargava) [1140743]
- [infiniband] revert "iw_cxgb4: fix for 64-bit integer division" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add core T4 PCI-E SR-IOV Virtual Function hardware definitions and device communication code" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add T4 Virtual Function Scatter-Gather Engine DMA code" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add main T4 PCI-E SR-IOV Virtual Function driver for cxgb4vf" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add new Makefile for T4 PCI-E SR-IOV Virtual Function driver cxgb4vf" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Stitch new T4 PCI-E SR-IOV Virtual Function driver into the build" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Remove obsolete comment about the lack of a TX Timer Callback" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Use correct shift factor for extracting the SGE DMA Ingress Padding Boundary" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: remove obsolete DECLARE_PCI_UNMAP_ADDR usage" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Implement "Unhandled Interrupts" statistic" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix TX Queue restart" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix SGE resource resource deallocation bug" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix off-by-one error checking for the end of the mailbox delay array" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix bug where we were only allocating one queue in MSI mode" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: do not use PCI resources before pci_enable_device()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Use netif_set_real_num_rx/tx_queues()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: make single bit signed bitfields unsigned" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: remove call to stop TX queues at load time" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: don't implement trivial (and incorrect) ndo_select_queue()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix bug in Generic Receive Offload" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix some errors in Gather List to skb conversion" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: flesh out PCI Device ID Table" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fail open if link_start() fails" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: add call to Firmware to reset VF State" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: minor comment/symbolic name cleanup" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: add ethtool statistics for GRO" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix up "Section Mismatch" compiler warning" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Advertise NETIF_F_TSO_ECN" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix setting unicast/multicast addresses" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Ingress Queue Entry Size needs to be 64 bytes" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: fix mailbox data/control coherency domain race" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: recover from failure in cxgb4vf_open()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Check driver parameters in the right place" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Behave properly when CONFIG_DEBUG_FS isn't defined" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Quiesce Virtual Interfaces on shutdown" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Use defined Mailbox Timeout" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: improve Kconfig dependencies" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: do vlan cleanup" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: remove __dev* attributes" (Prarit Bhargava) [1140743]
- [netdrv] revert "chelsio: Use netdev_<level> and pr_<level>" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix extraction of cpl_rx_pkt from the response queue descriptor" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Fix VLAN extraction counter increment" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Add support for Chelsio T5 adapter" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Support CPL_SGE_EGR_UPDATEs encapsulated in a CPL_FW4_MSG" (Prarit Bhargava) [1140743]
- [netdrv] revert "net: cxgb4vf: Staticize local symbols" (Prarit Bhargava) [1140743]
- [netdrv] revert "net: cxgb4vf: remove unnecessary pci_set_drvdata()" (Prarit Bhargava) [1140743]
- [netdrv] revert "net: cxgb4vf: use DEFINE_PCI_DEVICE_TABLE" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: added much cleaner implementation of is_t4()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: make functions static and remove dead code" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Remove superfluous call to pci_disable_msix()" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4vf: Adds device Id for few more Chelsio adapters" (Prarit Bhargava) [1140743]
- [netdrv] revert "cxgb4: Export symbols required by cxgb4i for ipv6 support and required defines" (Prarit Bhargava) [1140743]
- [scsi] revert "libcxgbi: Add ipv6 api to driver" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: Add ipv6 code to driver, call into libcxgbi ipv6 api" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: Fix ipv6 build failure caught with randconfig" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: remove spurious use of rcu" (Prarit Bhargava) [1140743]
- [scsi] revert "cxgb4i: Guard ipv6 code with a config check" (Prarit Bhargava) [1140743]
|
kernel-headers-2.6.32-431.29.2.el6.i686
[2.9 MiB] |
Changelog
by Petr Holasek (2014-07-27):
- [kernel] futex: Fix errors in nested key ref-counting (Denys Vlasenko) [1094457 1094458] {CVE-2014-0205}
- [net] vxlan: fix NULL pointer dereference (Jiri Benc) [1114549 1096351] {CVE-2014-3535}
|
kernel-headers-2.6.32-431.23.3.el6.i686
[2.9 MiB] |
Changelog
by Petr Holasek (2014-07-16):
- [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943}
|
kernel-headers-2.6.32-431.20.5.el6.i686
[2.9 MiB] |
Changelog
by Petr Holasek (2014-07-16):
- [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943}
|
kernel-headers-2.6.32-431.20.3.el6.i686
[2.9 MiB] |
Changelog
by Petr Holasek (2014-06-06):
- [kernel] futex: Make lookup_pi_state more robust (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [kernel] futex: Always cleanup owner tid in unlock_pi (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [kernel] futex: prevent requeue pi on same futex (Jerome Marchand) [1104516 1104517] {CVE-2014-3153}
- [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]
- [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]
- [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]
- [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]
- [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: allow umount to handle mountpoints without revalidating them (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: massage umount_lookup_last() a bit to reduce nesting (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: rename user_path_umountat() to user_path_mountpoint_at() (Ian Kent) [1069630 999708]
- Revert: [fs] vfs: introduce kern_path_mountpoint() (Ian Kent) [1069630 999708]
- Revert: [fs] autofs4: fix device ioctl mount lookup (Ian Kent) [1069630 999708]
|
kernel-headers-2.6.32-431.17.1.el6.i686
[2.9 MiB] |
Changelog
by Petr Holasek (2014-04-11):
- [scsi] qla2xxx: Fixup looking for a space in the outstanding_cmds array in qla2x00_alloc_iocbs() (Chad Dupuis) [1085660 1070856]
- [scsi] isci: fix reset timeout handling (David Milburn) [1080600 1040393]
- [scsi] isci: correct erroneous for_each_isci_host macro (David Milburn) [1074855 1059325]
- [kernel] sched: Fix small race where child->se.parent, cfs_rq might point to invalid ones (Naoya Horiguchi) [1081907 1032350]
- [kernel] sched: suppress RCU lockdep splat in task_fork_fair (Naoya Horiguchi) [1081907 1032350]
- [kernel] sched: add local variable to store task_group() to avoid kernel stall (Naoya Horiguchi) [1081908 1043733]
- [fs] cifs: mask off top byte in get_rfc1002_length() (Sachin Prabhu) [1085358 1069737]
- [kernel] Prevent deadlock when post_schedule_rt() results in calling wakeup_kswapd() on multiple CPUs (Larry Woodman) [1086095 1009626]
- [scsi] AACRAID Driver compat IOCTL missing capability check (Jacob Tanenbaum) [1033533 1033534] {CVE-2013-6383}
- [md] dm-thin: fix rcu_read_lock being held in code that can sleep (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: irqsave must always be used with the pool->lock spinlock (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: sort the per thin deferred bios using an rb_tree (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: use per thin device deferred bio lists (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: simplify pool_is_congested (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix dangling bio in process_deferred_bios error path (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: take care to copy the space map root before locking the superblock (Mike Snitzer) [1086007 1060381]
- [md] dm-transaction-manager: fix corruption due to non-atomic transaction commit (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: fix refcount decrement below 0 which caused corruption (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix Documentation for held metadata root feature (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix noflush suspend IO queueing (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix deadlock in __requeue_bio_list (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix out of data space handling (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: ensure user takes action to validate data and metadata consistency (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: synchronize the pool mode during suspend (Mike Snitzer) [1086007 1060381]
- [md] fix Kconfig indentation (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: allow metadata space larger than supported to go unused (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix the error path for the thin device constructor (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: avoid metadata commit if a pool's thin devices haven't changed (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: fix bug in resizing of thin metadata (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix pool feature parsing (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: fix extending the space map (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-common: make sure new space is used during extend (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix set_pool_mode exposed pool operation races (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: eliminate the no_free_space flag (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: add error_if_no_space feature (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: requeue bios to DM core if no_free_space and in read-only mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: cleanup and improve no space handling (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: log info when growing the data or metadata device (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: handle metadata failures more consistently (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: factor out check_low_water_mark and use bools (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: add mappings to end of prepared_* lists (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: return error from alloc_data_block if pool is not in write mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: use bool rather than unsigned for flags in structures (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-data: cleanup dm-thin specific references in text (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: limit errors in sm_metadata_new_block (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix discard support to a previously shared block (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: initialize dm_thin_new_mapping returned by get_next_mapping (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map: disallow decrementing a reference count below zero (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: allow pool in read-only mode to transition to read-write mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: re-establish read-only state when switching to fail mode (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: always fallback the pool mode if commit fails (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: switch to read-only mode if metadata space is exhausted (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: switch to read only mode if a mapping insert fails (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-metadata: return on failure in sm_metadata_new_block (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map-disk: optimise sm_disk_dec_block (Mike Snitzer) [1086007 1060381]
- [md] dm-table: print error on preresume failure (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: do not expose non-zero discard limits if discards disabled (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: always return -ENOSPC if no_free_space is set (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: set pool read-only if breaking_sharing fails block allocation (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: prefix pool error messages with pool device name (Mike Snitzer) [1086007 1060381]
- [md] dm-space-map: optimise sm_ll_dec and sm_ll_inc (Mike Snitzer) [1086007 1060381]
- [md] dm-btree: prefetch child nodes when walking tree for a dm_btree_del (Mike Snitzer) [1086007 1060381]
- [md] dm-btree: use pop_frame in dm_btree_del to cleanup code (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix stacking of geometry limits (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: add data block size limits to Documentation (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: fix metadata dev resize detection (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: generate event when metadata threshold passed (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-metadata: add space map threshold callback (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-data: add threshold callback to space map (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: detect metadata device resizing (Mike Snitzer) [1086007 1060381]
- [md] dm-persistent-data: support space map resizing (Mike Snitzer) [1086007 1060381]
- [md] dm-thin: refactor data dev resize (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: initialize read-only module parameters (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: submit writes outside lock (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: add recursive IO request BUG_ON (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: prefetch (Mike Snitzer) [1086007 1060381]
- [md] dm-bufio: fix slow IO latency issue specific to RHEL6 (Mike Snitzer) [1086490 1058528]
- [netdrv] mlx4_en: Fixed crash when port type is changed (Amir Vadai) [1085658 1059586]
- [netdrv] vmxnet3: fix netpoll race condition (Neil Horman) [1083175 1073218]
- [net] netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (Jiri Pirko) [1077345 1077346] {CVE-2014-2523}
- [scsi] megaraid_sas: fix a small problem when reading state value from hw (Tomas Henzl) [1078641 1065187]
- [fs] gfs2: Increase the max number of ACLs (Robert S Peterson) [1078874 1075713]
- [net] filter: let bpf_tell_extensions return SKF_AD_MAX (Daniel Borkmann) [1079872 960275]
- [net] introduce SO_BPF_EXTENSIONS (Daniel Borkmann) [1079872 960275]
- [scsi] scsi_dh: cosmetic change to sizeof() (Ewan Milne) [1075554 1062494]
- [acpi] thermal: Check for thermal zone requirement (Nigel Croxon) [1075651 1021044]
- [acpi] thermal: Don't invalidate thermal zone if critical trip point is bad (Nigel Croxon) [1075651 1021044]
- [mm] flush pages from pagevec of offlined CPU (Naoya Horiguchi) [1078007 1037467]
- [fs] xfs: deprecate nodelaylog option (Eric Sandeen) [1076056 1055644]
- [fs] Fix mountpoint reference leakage in linkat (Jeff Layton) [1069848 1059943]
- [net] sock: Fix release_cb kABI brekage (Thomas Graf) [1066535 1039723]
- [vhost] fix total length when packets are too short (Michael S. Tsirkin) [1064442 1064444] {CVE-2014-0077}
- [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101}
- [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055}
|
kernel-headers-2.6.32-431.11.2.el6.i686
[2.8 MiB] |
Changelog
by Petr Holasek (2014-03-03):
- [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101}
- [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055}
|
kernel-headers-2.6.32-431.5.1.el6.i686
[2.8 MiB] |
Changelog
by Petr Holasek (2014-01-10):
- [net] sctp: fix checksum marking for outgoing packets (Daniel Borkmann) [1046041 1040385]
- [kernel] ptrace: Cleanup useless header (Aaron Tomlin) [1046043 1036312]
- [kernel] ptrace: kill BKL in ptrace syscall (Aaron Tomlin) [1046043 1036312]
- [fs] nfs: Prevent a 3-way deadlock between layoutreturn, open and state recovery (Steve Dickson) [1045094 1034487]
- [fs] nfs: Ensure that rmdir() waits for sillyrenames to complete (Steve Dickson) [1051395 1034348]
- [fs] nfs: wait on recovery for async session errors (Steve Dickson) [1051393 1030049]
- [fs] nfs: Re-use exit code in nfs4_async_handle_error() (Steve Dickson) [1051393 1030049]
- [fs] nfs: Update list of irrecoverable errors on DELEGRETURN (Steve Dickson) [1051393 1030049]
- [exec] ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039486 1039487] {CVE-2013-2929}
- [net] ipv6: router reachability probing (Jiri Benc) [1043779 1029585]
- [net] ipv6: remove the unnecessary statement in find_match() (Jiri Benc) [1043779 1029585]
- [net] ipv6: fix route selection if kernel is not compiled with CONFIG_IPV6_ROUTER_PREF (Jiri Benc) [1043779 1029585]
- [net] ipv6: Fix default route failover when CONFIG_IPV6_ROUTER_PREF=n (Jiri Benc) [1043779 1029585]
- [net] ipv6: probe routes asynchronous in rt6_probe (Jiri Benc) [1040826 1030094]
- [net] ndisc: Update neigh->updated with write lock (Jiri Benc) [1040826 1030094]
- [net] ipv6: prevent fib6_run_gc() contention (Jiri Benc) [1040826 1030094]
- [net] netfilter: push reasm skb through instead of original frag skbs (Jiri Pirko) [1049590 1011214]
- [net] ip6_output: fragment outgoing reassembled skb properly (Jiri Pirko) [1049590 1011214]
- [net] netfilter: nf_conntrack_ipv6: improve fragmentation handling (Jiri Pirko) [1049590 1011214]
- [net] ipv4: fix path MTU discovery with connection tracking (Jiri Pirko) [1049590 1011214]
- [net] ipv6: Make IP6CB(skb)->nhoff 16-bit (Jiri Pirko) [1049590 1011214]
- [edac] Add error decoding support for AMD Fam16h processors (Prarit Bhargava) [1051394 1020290]
- [netdrv] bnx2x: correct VF-PF channel locking scheme (Michal Schmidt) [1040498 1029203]
- [netdrv] bnx2x: handle known but unsupported VF messages (Michal Schmidt) [1040498 1029203]
- [netdrv] bnx2x: Lock DMAE when used by statistic flow (Michal Schmidt) [1040497 1029200]
- [net] ipv6: fix leaking uninitialized port number of offender sockaddr (Florian Westphal) [1035882 1035883] {CVE-2013-6405}
- [net] inet: fix addr_len/msg->msg_namelen assignment in recv_error functions (Florian Westphal) [1035882 1035883] {CVE-2013-6405}
- [net] inet: prevent leakage of uninitialized memory to user in recv syscalls (Florian Westphal) [1035882 1035883] {CVE-2013-6405}
- [net] ipvs: Add boundary check on ioctl arguments (Denys Vlasenko) [1030817 1030818] {CVE-2013-4588}
- [s390] qeth: avoid buffer overflow in snmp ioctl (Hendrik Brueckner) [1038935 1034266]
- [md] fix calculation of stacking limits on level change (Jes Sorensen) [1035347 1026864]
- [ata] ahci: fix turning on LEDs in ahci_start_port() (David Milburn) [1035339 1017105]
- [ata] libata: implement cross-port EH exclusion (David Milburn) [1035339 1017105]
- [ata] libata add ap to ata_wait_register and intro ata_msleep (David Milburn) [1035339 1017105]
- [netdrv] igb: Update link modes display in ethtool (Stefan Assmann) [1032389 1019578]
|
kernel-headers-2.6.32-431.1.2.el6.i686
[2.8 MiB] |
Changelog
by Petr Holasek (2013-11-24):
- [x86] kvm: fix cross page vapic_addr access (Paolo Bonzini) [1032214 1032215] {CVE-2013-6368}
- [x86] kvm: fix division by zero in apic_get_tmcct (Paolo Bonzini) [1032212 1032213] {CVE-2013-6367}
|
kernel-headers-2.6.32-431.el6.i686
[2.8 MiB] |
Changelog
by Rafael Aquini (2013-11-10):
- [md] Disabling of TRIM on RAID5 for RHEL6.5 was too aggressive (Jes Sorensen) [1028426]
|
kernel-headers-2.6.32-358.23.2.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-09-14):
- [md] dm-snapshot: fix data corruption (Mikulas Patocka) [1004252 1004233] {CVE-2013-4299}
|
kernel-headers-2.6.32-358.18.1.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-08-02):
- [x86] perf/x86: Fix offcore_rsp valid mask for SNB/IVB (Nikola Pajkovsky) [971314 971315] {CVE-2013-2146}
- [net] br: fix schedule while atomic issue in br_features_recompute() (Jiri Pirko) [990464 980876]
- [scsi] isci: Fix a race condition in the SSP task management path (David Milburn) [990470 978609]
- [bluetooth] L2CAP - Fix info leak via getsockname() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544}
- [bluetooth] HCI - Fix info leak in getsockopt() (Jacob Tanenbaum) [922417 922418] {CVE-2012-6544}
- [net] tuntap: initialize vlan_features (Vlad Yasevich) [984524 951458]
- [net] af_key: initialize satype in key_notify_policy_flush() (Thomas Graf) [981225 981227] {CVE-2013-2237}
- [usb] uhci: fix for suspend of virtual HP controller (Gopal) [982697 960026]
- [usb] uhci: Remove PCI dependencies from uhci-hub (Gopal) [982697 960026]
- [netdrv] bnx2x: Change MDIO clock settings (Michal Schmidt) [982116 901747]
- [scsi] st: Take additional queue ref in st_probe (Tomas Henzl) [979293 927988]
- [kernel] audit: wait_for_auditd() should use TASK_UNINTERRUPTIBLE (Oleg Nesterov) [982472 962976]
- [kernel] audit: avoid negative sleep durations (Oleg Nesterov) [982472 962976]
- [fs] ext4/jbd2: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807]
- [fs] jbd: dont wait (forever) for stale tid caused by wraparound (Eric Sandeen) [963557 955807]
- [fs] ext4: fix waiting and sending of a barrier in ext4_sync_file() (Eric Sandeen) [963557 955807]
- [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Eric Sandeen) [963557 955807]
- [fs] jbd2: fix sending of data flush on journal commit (Eric Sandeen) [963557 955807]
- [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [963557 955807]
- [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [963557 955807]
- [fs] ext4: Rewrite __jbd2_log_start_commit logic to match upstream (Eric Sandeen) [963557 955807]
- [net] bridge: Set vlan_features to allow offloads on vlans (Vlad Yasevich) [984524 951458]
- [virt] virtio-net: initialize vlan_features (Vlad Yasevich) [984524 951458]
- [mm] swap: avoid read_swap_cache_async() race to deadlock while waiting on discard I/O completion (Rafael Aquini) [977668 827548]
- [dma] ioat: Fix excessive CPU utilization (John Feeney) [982758 883575]
- [fs] vfs: revert most of dcache remove d_mounted (Ian Kent) [974597 907512]
- [fs] xfs: don't free EFIs before the EFDs are committed (Carlos Maiolino) [975578 947582]
- [fs] xfs: pass shutdown method into xfs_trans_ail_delete_bulk (Carlos Maiolino) [975576 805407]
- [net] ipv6: bind() use stronger condition for bind_conflict (Flavio Leitner) [989923 917872]
- [net] tcp: bind() use stronger condition for bind_conflict (Flavio Leitner) [977680 894683]
- [x86] remove BUG_ON(TS_USEDFPU) in __sanitize_i387_state() (Oleg Nesterov) [956054 920445]
- [fs] coredump: ensure the fpu state is flushed for proper multi-threaded core dump (Oleg Nesterov) [956054 920445]
|
kernel-headers-2.6.32-358.14.1.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-06-17):
- [x86] apic: Add probe() for apic_flat (Prarit Bhargava) [975086 953342]
|
kernel-headers-2.6.32-358.11.1.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-05-15):
- [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094}
|
kernel-headers-2.6.32-358.6.2.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-05-14):
- [kernel] perf: fix perf_swevent_enabled array out-of-bound access (Petr Matousek) [962793 962794] {CVE-2013-2094}
|
kernel-headers-2.6.32-358.6.1.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-03-29):
- [virt] kvm: accept unaligned MSR_KVM_SYSTEM_TIME writes (Petr Matousek) [917020 917021] {CVE-2013-1796}
- [char] tty: hold lock across tty buffer finding and buffer filling (Prarit Bhargava) [928686 901780]
- [net] tcp: fix for zero packets_in_flight was too broad (Thomas Graf) [927309 920794]
- [net] tcp: frto should not set snd_cwnd to 0 (Thomas Graf) [927309 920794]
- [net] tcp: fix an infinite loop in tcp_slow_start() (Thomas Graf) [927309 920794]
- [net] tcp: fix ABC in tcp_slow_start() (Thomas Graf) [927309 920794]
- [netdrv] ehea: avoid accessing a NULL vgrp (Steve Best) [921535 911359]
- [net] sunrpc: Get rid of the redundant xprt->shutdown bit field (J. Bruce Fields) [915579 893584]
- [virt] kvm: do not #GP on unaligned MSR_KVM_SYSTEM_TIME write (Gleb Natapov) [917020 917021] {CVE-2013-1796}
- [drm] i915: bounds check execbuffer relocation count (Nikola Pajkovsky) [920523 920525] {CVE-2013-0913}
- [x86] irq: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [911267 887006]
- [kvm] Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache functions (Gleb Natapov) [917024 917025] {CVE-2013-1797}
- [kvm] Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (Gleb Natapov) [917020 917021] {CVE-2013-1796}
- [kvm] Fix bounds checking in ioapic indirect register reads (Gleb Natapov) [917030 917032] {CVE-2013-1798}
- [kvm] x86: release kvmclock page on reset (Gleb Natapov) [917024 917025] {CVE-2013-1797}
- [security] keys: Fix race with concurrent install_user_keyrings() (David Howells) [916681 913258] {CVE-2013-1792}
- [virt] hv_balloon: Make adjustments to the pressure report (Jason Wang) [909156 902232]
|
kernel-headers-2.6.32-358.2.1.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-02-20):
- [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871}
|
kernel-headers-2.6.32-358.0.1.el6.i686
[2.3 MiB] |
Changelog
by Nikola Pajkovsky (2013-02-20):
- [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871}
|