Home Home > GIT Browse > openSUSE-42.3
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKernel Build Daemon <kbuild@suse.de>2019-05-22 07:13:32 +0200
committerKernel Build Daemon <kbuild@suse.de>2019-05-22 07:13:32 +0200
commitdfd5fd79b8d9bc8f88f30ff5d71a94f24d63e606 (patch)
treea6afc17380eab77075bc0989772cffffc2bbf5e3
parent0c2943cb227274d2d4840eca96b8397424e4137f (diff)
parent71a9773b4506bf012a1836eaec680820b1395e26 (diff)
Merge branch 'SLE12-SP3' into openSUSE-42.3openSUSE-42.3
-rw-r--r--blacklist.conf1
-rw-r--r--patches.arch/kvm-x86-report-stibp-on-get_supported_cpuid.patch2
-rw-r--r--patches.arch/locking-atomics-asm-generic-move-some-macros-from-linux-bitops-h-to-a-new-linux-bits-h-file.patch2
-rw-r--r--patches.arch/locking-static_keys-provide-declare-and-well-as-define-macros.patch2
-rw-r--r--patches.arch/x86-bugs-add-amd-s-variant-of-ssb_no.patch2
-rw-r--r--patches.arch/x86-cpu-sanitize-fam6_atom-naming.patch2
-rw-r--r--patches.arch/x86-kvm-expose-x86_feature_md_clear-to-guests.patch2
-rw-r--r--patches.arch/x86-kvm-vmx-add-mds-protection-when-l1d-flush-is-not-active.patch2
-rw-r--r--patches.arch/x86-msr-index-cleanup-bit-defines.patch2
-rw-r--r--patches.arch/x86-speculation-consolidate-cpu-whitelists.patch2
-rw-r--r--patches.arch/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-bug_msbds_only.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-mds-full-nosmt-cmdline-option.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-mds_clear_cpu_buffers.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-mitigation-control-for-mds.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-mitigation-mode-vmwerv.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-smt-warning-message.patch2
-rw-r--r--patches.arch/x86-speculation-mds-add-sysfs-reporting-for-mds.patch2
-rw-r--r--patches.arch/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch2
-rw-r--r--patches.arch/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch2
-rw-r--r--patches.arch/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations-off.patch2
-rw-r--r--patches.arch/x86-speculation-move-arch_smt_update-call-to-after-mitigation-decisions.patch2
-rw-r--r--patches.arch/x86-speculation-rework-smt-state-change.patch2
-rw-r--r--patches.arch/x86-speculation-simplify-the-cpu-bug-detection-logic.patch2
-rw-r--r--patches.arch/x86-stop-exporting-msr-index-h-to-userland.patch2
27 files changed, 27 insertions, 26 deletions
diff --git a/blacklist.conf b/blacklist.conf
index e47ad50494..8766bb1cc8 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -654,3 +654,4 @@ b68f3cc7d978943fcf85148165b00594c38db776 # We're not building 32bit x86 kernels
bd99f9a159b072be743c6681f81e06b9ebd370a4 # not needed for bsc#1126040 backport
250854eed5d45a73d81e4137dfd85180af6f2ec3 # falsely attributed
f741494363c6c90e6744117d2771bbdf0fb3c455 # our backport of 287980e49ffc0f6d911601e7e352a812ed27768e is only partial, kernel not affected
+579bebe5dd522580019e7b10b07daaf500f9fb1e # kAPI change
diff --git a/patches.arch/kvm-x86-report-stibp-on-get_supported_cpuid.patch b/patches.arch/kvm-x86-report-stibp-on-get_supported_cpuid.patch
index 19579911aa..f0d3ab6d6a 100644
--- a/patches.arch/kvm-x86-report-stibp-on-get_supported_cpuid.patch
+++ b/patches.arch/kvm-x86-report-stibp-on-get_supported_cpuid.patch
@@ -3,7 +3,7 @@ Date: Wed, 5 Dec 2018 17:19:56 -0200
Subject: kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
Git-commit: d7b09c827a6cf291f66637a36f46928dd1423184
Patch-mainline: v5.0-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Months ago, we have added code to allow direct access to MSR_IA32_SPEC_CTRL
to the guest, which makes STIBP available to guests. This was implemented
diff --git a/patches.arch/locking-atomics-asm-generic-move-some-macros-from-linux-bitops-h-to-a-new-linux-bits-h-file.patch b/patches.arch/locking-atomics-asm-generic-move-some-macros-from-linux-bitops-h-to-a-new-linux-bits-h-file.patch
index e431bdf60d..cec803db31 100644
--- a/patches.arch/locking-atomics-asm-generic-move-some-macros-from-linux-bitops-h-to-a-new-linux-bits-h-file.patch
+++ b/patches.arch/locking-atomics-asm-generic-move-some-macros-from-linux-bitops-h-to-a-new-linux-bits-h-file.patch
@@ -4,7 +4,7 @@ Subject: locking/atomics, asm-generic: Move some macros from <linux/bitops.h>
to a new <linux/bits.h> file
Git-commit: 8bd9cb51daac89337295b6f037b0486911e1b408
Patch-mainline: v4.19-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
In preparation for implementing the asm-generic atomic bitops in terms
of atomic_long_*(), we need to prevent <asm/atomic.h> implementations from
diff --git a/patches.arch/locking-static_keys-provide-declare-and-well-as-define-macros.patch b/patches.arch/locking-static_keys-provide-declare-and-well-as-define-macros.patch
index 2c9148245a..642a89eefb 100644
--- a/patches.arch/locking-static_keys-provide-declare-and-well-as-define-macros.patch
+++ b/patches.arch/locking-static_keys-provide-declare-and-well-as-define-macros.patch
@@ -3,7 +3,7 @@ Date: Thu, 1 Sep 2016 11:39:33 -0700
Subject: locking/static_keys: Provide DECLARE and well as DEFINE macros
Git-commit: b8fb03785d4de097507d0cf45873525e0ac4d2b2
Patch-mainline: v4.9-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
We will need to provide declarations of static keys in header
files. Provide DECLARE_STATIC_KEY_{TRUE,FALSE} macros.
diff --git a/patches.arch/x86-bugs-add-amd-s-variant-of-ssb_no.patch b/patches.arch/x86-bugs-add-amd-s-variant-of-ssb_no.patch
index 347287039e..a93b2ab89a 100644
--- a/patches.arch/x86-bugs-add-amd-s-variant-of-ssb_no.patch
+++ b/patches.arch/x86-bugs-add-amd-s-variant-of-ssb_no.patch
@@ -3,7 +3,7 @@ Date: Fri, 1 Jun 2018 10:59:19 -0400
Subject: x86/bugs: Add AMD's variant of SSB_NO
Git-commit: 24809860012e0130fbafe536709e08a22b3e959e
Patch-mainline: v4.18-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
The AMD document outlining the SSBD handling
124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
diff --git a/patches.arch/x86-cpu-sanitize-fam6_atom-naming.patch b/patches.arch/x86-cpu-sanitize-fam6_atom-naming.patch
index 65434c22c3..f39119a4e5 100644
--- a/patches.arch/x86-cpu-sanitize-fam6_atom-naming.patch
+++ b/patches.arch/x86-cpu-sanitize-fam6_atom-naming.patch
@@ -3,7 +3,7 @@ Date: Tue, 7 Aug 2018 10:17:27 -0700
Subject: x86/cpu: Sanitize FAM6_ATOM naming
Git-commit: f2c4db1bd80720cd8cb2a5aa220d9bc9f374f04e
Patch-mainline: v5.1-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
commit f2c4db1bd80720cd8cb2a5aa220d9bc9f374f04e upstream
diff --git a/patches.arch/x86-kvm-expose-x86_feature_md_clear-to-guests.patch b/patches.arch/x86-kvm-expose-x86_feature_md_clear-to-guests.patch
index f9834feff3..30e0210324 100644
--- a/patches.arch/x86-kvm-expose-x86_feature_md_clear-to-guests.patch
+++ b/patches.arch/x86-kvm-expose-x86_feature_md_clear-to-guests.patch
@@ -3,7 +3,7 @@ Date: Fri, 18 Jan 2019 16:50:23 -0800
Subject: x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
Git-commit: 6c4dbbd14730c43f4ed808a9c42ca41625925c22
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
X86_FEATURE_MD_CLEAR is a new CPUID bit which is set when microcode
provides the mechanism to invoke a flush of various exploitable CPU buffers
diff --git a/patches.arch/x86-kvm-vmx-add-mds-protection-when-l1d-flush-is-not-active.patch b/patches.arch/x86-kvm-vmx-add-mds-protection-when-l1d-flush-is-not-active.patch
index 1c122d5c34..9704f0aeb3 100644
--- a/patches.arch/x86-kvm-vmx-add-mds-protection-when-l1d-flush-is-not-active.patch
+++ b/patches.arch/x86-kvm-vmx-add-mds-protection-when-l1d-flush-is-not-active.patch
@@ -3,7 +3,7 @@ Date: Wed, 27 Feb 2019 12:48:14 +0100
Subject: x86/kvm/vmx: Add MDS protection when L1D Flush is not active
Git-commit: 650b68a0622f933444a6d66936abb3103029413b
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
CPUs which are affected by L1TF and MDS mitigate MDS with the L1D Flush on
VMENTER when updated microcode is installed.
diff --git a/patches.arch/x86-msr-index-cleanup-bit-defines.patch b/patches.arch/x86-msr-index-cleanup-bit-defines.patch
index 0230508def..6a75436ce5 100644
--- a/patches.arch/x86-msr-index-cleanup-bit-defines.patch
+++ b/patches.arch/x86-msr-index-cleanup-bit-defines.patch
@@ -3,7 +3,7 @@ Date: Thu, 21 Feb 2019 12:36:50 +0100
Subject: x86/msr-index: Cleanup bit defines
Git-commit: d8eabc37310a92df40d07c5a8afc53cebf996716
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Greg pointed out that speculation related bit defines are using (1 << N)
format instead of BIT(N). Aside of that (1 << N) is wrong as it should use
diff --git a/patches.arch/x86-speculation-consolidate-cpu-whitelists.patch b/patches.arch/x86-speculation-consolidate-cpu-whitelists.patch
index 8747432b2d..ec5509ebf0 100644
--- a/patches.arch/x86-speculation-consolidate-cpu-whitelists.patch
+++ b/patches.arch/x86-speculation-consolidate-cpu-whitelists.patch
@@ -3,7 +3,7 @@ Date: Wed, 27 Feb 2019 10:10:23 +0100
Subject: x86/speculation: Consolidate CPU whitelists
Git-commit: 36ad35131adacc29b328b9c8b6277a8bf0d6fd5d
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
The CPU vulnerability whitelists have some overlap and there are more
whitelists coming along.
diff --git a/patches.arch/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch b/patches.arch/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
index c2cc78cf8a..012503effe 100644
--- a/patches.arch/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
+++ b/patches.arch/x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
@@ -3,7 +3,7 @@ Date: Tue, 25 Sep 2018 14:38:55 +0200
Subject: x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
Git-commit: 53c613fe6349994f023245519265999eed75957f
Patch-mainline: v4.20-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
STIBP is a feature provided by certain Intel ucodes / CPUs. This feature
(once enabled) prevents cross-hyperthread control of decisions made by
diff --git a/patches.arch/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch b/patches.arch/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch
index 5faf4ea22b..e1b36c7e10 100644
--- a/patches.arch/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch
+++ b/patches.arch/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch
@@ -3,7 +3,7 @@ Date: Fri, 18 Jan 2019 16:50:16 -0800
Subject: x86/speculation/mds: Add basic bug infrastructure for MDS
Git-commit: ed5194c2732c8084af9fd159c146ea92bf137128
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Microarchitectural Data Sampling (MDS), is a class of side channel attacks
on internal buffers in Intel CPUs. The variants are:
diff --git a/patches.arch/x86-speculation-mds-add-bug_msbds_only.patch b/patches.arch/x86-speculation-mds-add-bug_msbds_only.patch
index 46951b49f1..4f2ebb3a17 100644
--- a/patches.arch/x86-speculation-mds-add-bug_msbds_only.patch
+++ b/patches.arch/x86-speculation-mds-add-bug_msbds_only.patch
@@ -3,7 +3,7 @@ Date: Fri, 1 Mar 2019 20:21:08 +0100
Subject: x86/speculation/mds: Add BUG_MSBDS_ONLY
Git-commit: e261f209c3666e842fd645a1e31f001c3a26def9
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
This bug bit is set on CPUs which are only affected by Microarchitectural
Store Buffer Data Sampling (MSBDS) and not by any other MDS variant.
diff --git a/patches.arch/x86-speculation-mds-add-mds-full-nosmt-cmdline-option.patch b/patches.arch/x86-speculation-mds-add-mds-full-nosmt-cmdline-option.patch
index 7d546ff73f..baa12f47e5 100644
--- a/patches.arch/x86-speculation-mds-add-mds-full-nosmt-cmdline-option.patch
+++ b/patches.arch/x86-speculation-mds-add-mds-full-nosmt-cmdline-option.patch
@@ -3,7 +3,7 @@ Date: Tue, 2 Apr 2019 09:59:33 -0500
Subject: x86/speculation/mds: Add mds=full,nosmt cmdline option
Git-commit: d71eb0ce109a124b0fa714832823b9452f2762cf
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Add the mds=full,nosmt cmdline option. This is like mds=full, but with
SMT disabled if the CPU is vulnerable.
diff --git a/patches.arch/x86-speculation-mds-add-mds_clear_cpu_buffers.patch b/patches.arch/x86-speculation-mds-add-mds_clear_cpu_buffers.patch
index f33bb44fbd..147c99c173 100644
--- a/patches.arch/x86-speculation-mds-add-mds_clear_cpu_buffers.patch
+++ b/patches.arch/x86-speculation-mds-add-mds_clear_cpu_buffers.patch
@@ -3,7 +3,7 @@ Date: Mon, 18 Feb 2019 23:13:06 +0100
Subject: x86/speculation/mds: Add mds_clear_cpu_buffers()
Git-commit: 6a9e529272517755904b7afa639f6db59ddb793e
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
The Microarchitectural Data Sampling (MDS) vulernabilities are mitigated by
clearing the affected CPU buffers. The mechanism for clearing the buffers
diff --git a/patches.arch/x86-speculation-mds-add-mitigation-control-for-mds.patch b/patches.arch/x86-speculation-mds-add-mitigation-control-for-mds.patch
index 5d8c1e417b..5b0f4b088c 100644
--- a/patches.arch/x86-speculation-mds-add-mitigation-control-for-mds.patch
+++ b/patches.arch/x86-speculation-mds-add-mitigation-control-for-mds.patch
@@ -3,7 +3,7 @@ Date: Mon, 18 Feb 2019 22:04:08 +0100
Subject: x86/speculation/mds: Add mitigation control for MDS
Git-commit: bc1241700acd82ec69fde98c5763ce51086269f8
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Now that the mitigations are in place, add a command line parameter to
control the mitigation, a mitigation selector function and a SMT update
diff --git a/patches.arch/x86-speculation-mds-add-mitigation-mode-vmwerv.patch b/patches.arch/x86-speculation-mds-add-mitigation-mode-vmwerv.patch
index e49ee553f8..55c7c53b20 100644
--- a/patches.arch/x86-speculation-mds-add-mitigation-mode-vmwerv.patch
+++ b/patches.arch/x86-speculation-mds-add-mitigation-mode-vmwerv.patch
@@ -3,7 +3,7 @@ Date: Wed, 20 Feb 2019 09:40:40 +0100
Subject: x86/speculation/mds: Add mitigation mode VMWERV
Git-commit: 22dd8365088b6403630b82423cf906491859b65e
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
In virtualized environments it can happen that the host has the microcode
update which utilizes the VERW instruction to clear CPU buffers, but the
diff --git a/patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch b/patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch
index 04f5da2967..f6b39321a6 100644
--- a/patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch
+++ b/patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch
@@ -3,7 +3,7 @@ Date: Wed, 17 Apr 2019 16:39:02 -0500
Subject: x86/speculation/mds: Add 'mitigations=' support for MDS
Git-commit: 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Add MDS to the new 'mitigations=' cmdline option.
diff --git a/patches.arch/x86-speculation-mds-add-smt-warning-message.patch b/patches.arch/x86-speculation-mds-add-smt-warning-message.patch
index 16dd7fac43..cfe1090c71 100644
--- a/patches.arch/x86-speculation-mds-add-smt-warning-message.patch
+++ b/patches.arch/x86-speculation-mds-add-smt-warning-message.patch
@@ -3,7 +3,7 @@ Date: Tue, 2 Apr 2019 10:00:51 -0500
Subject: x86/speculation/mds: Add SMT warning message
Git-commit: 39226ef02bfb43248b7db12a4fdccb39d95318e3
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
MDS is vulnerable with SMT. Make that clear with a one-time printk
whenever SMT first gets enabled.
diff --git a/patches.arch/x86-speculation-mds-add-sysfs-reporting-for-mds.patch b/patches.arch/x86-speculation-mds-add-sysfs-reporting-for-mds.patch
index 853fcf4564..2e0bd0f9ce 100644
--- a/patches.arch/x86-speculation-mds-add-sysfs-reporting-for-mds.patch
+++ b/patches.arch/x86-speculation-mds-add-sysfs-reporting-for-mds.patch
@@ -3,7 +3,7 @@ Date: Mon, 18 Feb 2019 22:51:43 +0100
Subject: x86/speculation/mds: Add sysfs reporting for MDS
Git-commit: 8a4b06d391b0a42a373808979b5028f5c84d9c6a
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Add the sysfs reporting file for MDS. It exposes the vulnerability and
mitigation state similar to the existing files for the other speculative
diff --git a/patches.arch/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch b/patches.arch/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch
index 07963f29f3..a9e4d2bd50 100644
--- a/patches.arch/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch
+++ b/patches.arch/x86-speculation-mds-clear-cpu-buffers-on-exit-to-user.patch
@@ -3,7 +3,7 @@ Date: Mon, 18 Feb 2019 23:42:51 +0100
Subject: x86/speculation/mds: Clear CPU buffers on exit to user
Git-commit: 04dcbdb8057827b043b3c71aa397c4c63e67d086
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Add a static key which controls the invocation of the CPU buffer clear
mechanism on exit to user space and add the call into
diff --git a/patches.arch/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch b/patches.arch/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch
index bbb5b23c7c..8909383985 100644
--- a/patches.arch/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch
+++ b/patches.arch/x86-speculation-mds-conditionally-clear-cpu-buffers-on-idle-entry.patch
@@ -3,7 +3,7 @@ Date: Mon, 18 Feb 2019 23:04:01 +0100
Subject: x86/speculation/mds: Conditionally clear CPU buffers on idle entry
Git-commit: 07f07f55a29cb705e221eda7894dd67ab81ef343
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Add a static key which controls the invocation of the CPU buffer clear
mechanism on idle entry. This is independent of other MDS mitigations
diff --git a/patches.arch/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations-off.patch b/patches.arch/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations-off.patch
index 8ad7e115fb..080d53e2d0 100644
--- a/patches.arch/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations-off.patch
+++ b/patches.arch/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations-off.patch
@@ -3,7 +3,7 @@ Date: Fri, 12 Apr 2019 17:50:58 -0400
Subject: x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
Git-commit: e2c3c94788b08891dcf3dbe608f9880523ecd71b
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
This code is only for CPUs which are affected by MSBDS, but are *not*
affected by the other two MDS issues.
diff --git a/patches.arch/x86-speculation-move-arch_smt_update-call-to-after-mitigation-decisions.patch b/patches.arch/x86-speculation-move-arch_smt_update-call-to-after-mitigation-decisions.patch
index 6a36aef5d6..2bf15edecd 100644
--- a/patches.arch/x86-speculation-move-arch_smt_update-call-to-after-mitigation-decisions.patch
+++ b/patches.arch/x86-speculation-move-arch_smt_update-call-to-after-mitigation-decisions.patch
@@ -3,7 +3,7 @@ Date: Tue, 2 Apr 2019 10:00:14 -0500
Subject: x86/speculation: Move arch_smt_update() call to after mitigation decisions
Git-commit: 7c3658b20194a5b3209a143f63bc9c643c6a3ae2
Patch-mainline: v5.2-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
arch_smt_update() now has a dependency on both Spectre v2 and MDS
mitigations. Move its initial call to after all the mitigation decisions
diff --git a/patches.arch/x86-speculation-rework-smt-state-change.patch b/patches.arch/x86-speculation-rework-smt-state-change.patch
index 77f965b543..e1c0c521bf 100644
--- a/patches.arch/x86-speculation-rework-smt-state-change.patch
+++ b/patches.arch/x86-speculation-rework-smt-state-change.patch
@@ -3,7 +3,7 @@ Date: Sun, 25 Nov 2018 19:33:39 +0100
Subject: x86/speculation: Rework SMT state change
Git-commit: a74cfffb03b73d41e08f84c2e5c87dec0ce3db9f
Patch-mainline: v4.20-rc5
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
arch_smt_update() is only called when the sysfs SMT control knob is
changed. This means that when SMT is enabled in the sysfs control knob the
diff --git a/patches.arch/x86-speculation-simplify-the-cpu-bug-detection-logic.patch b/patches.arch/x86-speculation-simplify-the-cpu-bug-detection-logic.patch
index 2ca003db81..1182e16ed4 100644
--- a/patches.arch/x86-speculation-simplify-the-cpu-bug-detection-logic.patch
+++ b/patches.arch/x86-speculation-simplify-the-cpu-bug-detection-logic.patch
@@ -3,7 +3,7 @@ Date: Tue, 22 May 2018 11:05:39 +0200
Subject: x86/speculation: Simplify the CPU bug detection logic
Git-commit: 8ecc4979b1bd9c94168e6fc92960033b7a951336
Patch-mainline: v4.17-rc7
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Only CPUs which speculate can speculate. Therefore, it seems prudent
to test for cpu_no_speculation first and only then determine whether
diff --git a/patches.arch/x86-stop-exporting-msr-index-h-to-userland.patch b/patches.arch/x86-stop-exporting-msr-index-h-to-userland.patch
index c2e6a69e86..fdd1aef21b 100644
--- a/patches.arch/x86-stop-exporting-msr-index-h-to-userland.patch
+++ b/patches.arch/x86-stop-exporting-msr-index-h-to-userland.patch
@@ -3,7 +3,7 @@ Date: Mon, 27 Mar 2017 14:20:08 +0200
Subject: x86: stop exporting msr-index.h to userland
Git-commit: 25dc1d6cc3082aab293e5dad47623b550f7ddd2a
Patch-mainline: v4.12-rc1
-References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Even if this file was not in an uapi directory, it was exported because
it was listed in the Kbuild file.