Packages changed:
  icecream (1.1rc2 -> 1.1)
  kernel-firmware (20171221 -> 20180104)
  kernel-source (4.14.9 -> 4.14.11)
  ucode-intel

=== Details ===

==== icecream ====
Version update (1.1rc2 -> 1.1)
Subpackages: icecream-clang-wrappers

- Update dependencies to fix building on SLE
- Cleanup spec file:
  * Run spec-clener
  * Make building more verbose
- changes icecream 1.1rc3 -> 1.1
  - revert "Add load control for preprocessing"
  - better handle clang arugments with spaces
  - remove "crashme" command from scheduler
  - better logging around exception 30
- changes icecream 1.1rc2 -> 1.1rc3
  - Fix broken pipe race condition
  - Better error handling
  - Crash fixes
  - Documentation update
  - Include objcopy in environment if it exists
  - Add CI builds on travis-ci: OSX, ubuntu trusty
  - Fixed several memory errors
  - Extract enviornments with compile priority, not daemon priority
  - Handle spaces in the parameters following -MT
  - Handle -target -arch -c-isystem and -cxx-isystem (clang)
  - Handle NAT situations better
  - Add load control for preprocessing
  - Handle scheduler unable to reach remote machine
  - Make scheduler election algorithm handle multiple netnames

==== kernel-firmware ====
Version update (20171221 -> 20180104)
Subpackages: ucode-amd

- Update to version 20180104:
  * wl18xx: update firmware file 8.9.0.0.76
  * wl127x/wl128x: update firmwares
  * rtlwifi: rtl8723de: Add firmware for new driver/device
  * linux-firmware: DMC firmware for cannonlake v1.07
- Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715)

==== kernel-source ====
Version update (4.14.9 -> 4.14.11)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Refresh
  patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
- Refresh
  patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
  Fix i386 build.
- commit c36893f
- Set IBPB when running a different VCPU (bnc#1068032
  CVE-2017-5715).
- Clear the host registers after setbe (bnc#1068032
  CVE-2017-5715).
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
- Remove the code that uses MSR save/restore list (bnc#1068032
  CVE-2017-5715).
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
  CVE-2017-5715).
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
  (bnc#1068032 CVE-2017-5715).
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
  CVE-2017-5715).
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
  (bnc#1068032 CVE-2017-5715).
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
  CVE-2017-5715).
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
  CVE-2017-5715).
- x86/cpu/AMD: Add speculative control support for AMD
  (bnc#1068032 CVE-2017-5715).
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
  (bnc#1068032 CVE-2017-5715).
- x86: Move IBRS/IBPB feature detection to scattered.c
  (bnc#1068032 CVE-2017-5715).
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
  control (bnc#1068032 CVE-2017-5715).
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
  feature (bnc#1068032 CVE-2017-5715).
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
  CVE-2017-5715).
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
  (bnc#1068032 CVE-2017-5715).
- x86/syscall: Clear unused extra registers on 32-bit compatible
  syscall entrance (bnc#1068032 CVE-2017-5715).
- x86/syscall: Clear unused extra registers on syscall entrance
  (bnc#1068032 CVE-2017-5715).
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
  (bnc#1068032 CVE-2017-5715).
- x86/mm: Only set IBPB when the new thread cannot ptrace current
  thread (bnc#1068032 CVE-2017-5715).
- x86/mm: Set IBPB upon context switch (bnc#1068032
  CVE-2017-5715).
- x86/idle: Disable IBRS when offlining cpu and re-enable on
  wakeup (bnc#1068032 CVE-2017-5715).
- x86/idle: Disable IBRS entering idle and enable it on wakeup
  (bnc#1068032 CVE-2017-5715).
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
  (bnc#1068032 CVE-2017-5715).
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
  CVE-2017-5715).
- x86: Add macro that does not save rax, rcx, rdx on stack to
  disable IBRS (bnc#1068032 CVE-2017-5715).
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
  CVE-2017-5715).
- x86/feature: Report presence of IBPB and IBRS control
  (bnc#1068032 CVE-2017-5715).
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
  X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
- x86/feature: Enable the x86 feature to control Speculation
  (bnc#1068032 CVE-2017-5715).
- commit 816f713
- userns: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
- net: mpls: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
- Thermal/int340x: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
- cw1200: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
- qla2xxx: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
- carl9170: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
- uvcvideo: prevent speculative execution (bnc#1068032
  CVE-2017-5753).
- x86, bpf, jit: prevent speculative execution when JIT is enabled
  (bnc#1068032 CVE-2017-5753).
- bpf: prevent speculative execution in eBPF interpreter
  (bnc#1068032 CVE-2017-5753).
- locking/barriers: introduce new observable speculation barrier
  (bnc#1068032 CVE-2017-5753).
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
  feature (bnc#1068032 CVE-2017-5753).
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
  CVE-2017-5753).
- commit cf46932
- Linux 4.14.11 (bnc#1012628).
- tracing: Remove extra zeroing out of the ring buffer page
  (bnc#1012628).
- tracing: Fix possible double free on failure of allocating
  trace buffer (bnc#1012628).
- tracing: Fix crash when it fails to alloc ring buffer
  (bnc#1012628).
- x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012628).
- x86/mm/pti: Disable global pages if PAGE_TABLE_ISOLATION=y
  (bnc#1012628).
- x86/mm/pti: Prepare the x86/entry assembly code for entry/exit
  CR3 switching (bnc#1012628).
- x86/mm/pti: Add infrastructure for page table isolation
  (bnc#1012628).
- x86/pti: Add the pti= cmdline option and documentation
  (bnc#1012628).
- x86/mm/pti: Add mapping helper functions (bnc#1012628).
- x86/mm/pti: Allow NX poison to be set in p4d/pgd (bnc#1012628).
- x86/mm/pti: Allocate a separate user PGD (bnc#1012628).
- x86/mm/pti: Populate user PGD (bnc#1012628).
- x86/mm/pti: Add functions to clone kernel PMDs (bnc#1012628).
- x86/mm/pti: Force entry through trampoline when PTI active
  (bnc#1012628).
- x86/mm/pti: Share cpu_entry_area with user space page tables
  (bnc#1012628).
- x86/entry: Align entry text section to PMD boundary
  (bnc#1012628).
- x86/mm/pti: Share entry text PMD (bnc#1012628).
- x86/mm/pti: Map ESPFIX into user space (bnc#1012628).
- x86/cpu_entry_area: Add debugstore entries to cpu_entry_area
  (bnc#1012628).
- x86/events/intel/ds: Map debug buffers in cpu_entry_area
  (bnc#1012628).
- x86/mm/64: Make a full PGD-entry size hole in the memory map
  (bnc#1012628).
- x86/pti: Put the LDT in its own PGD if PTI is on (bnc#1012628).
- x86/pti: Map the vsyscall page if needed (bnc#1012628).
- x86/mm: Allow flushing for future ASID switches (bnc#1012628).
- x86/mm: Abstract switching CR3 (bnc#1012628).
- x86/mm: Use/Fix PCID to optimize user/kernel switches
  (bnc#1012628).
- x86/mm: Optimize RESTORE_CR3 (bnc#1012628).
- x86/mm: Use INVPCID for __native_flush_tlb_single()
  (bnc#1012628).
- x86/mm: Clarify the whole ASID/kernel PCID/user PCID naming
  (bnc#1012628).
- x86/dumpstack: Indicate in Oops whether PTI is configured and
  enabled (bnc#1012628).
- x86/mm/pti: Add Kconfig (bnc#1012628).
- x86/mm/dump_pagetables: Add page table directory to the debugfs
  VFS hierarchy (bnc#1012628).
- x86/mm/dump_pagetables: Check user space page table for WX pages
  (bnc#1012628).
- x86/mm/dump_pagetables: Allow dumping current pagetables
  (bnc#1012628).
- x86/ldt: Make the LDT mapping RO (bnc#1012628).
- ring-buffer: Mask out the info bits when returning buffer page
  length (bnc#1012628).
- ring-buffer: Do no reuse reader page if still in use
  (bnc#1012628).
- iw_cxgb4: Only validate the MSN for successful completions
  (bnc#1012628).
- ASoC: codecs: msm8916-wcd: Fix supported formats (bnc#1012628).
- ASoC: wm_adsp: Fix validation of firmware and coeff lengths
  (bnc#1012628).
- ASoC: da7218: fix fix child-node lookup (bnc#1012628).
- ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up
  on failure (bnc#1012628).
- ASoC: twl4030: fix child-node lookup (bnc#1012628).
- ASoC: tlv320aic31xx: Fix GPIO1 register definition
  (bnc#1012628).
- gpio: fix "gpio-line-names" property retrieval (bnc#1012628).
- IB/hfi: Only read capability registers if the capability exists
  (bnc#1012628).
- IB/mlx5: Serialize access to the VMA list (bnc#1012628).
- IB/uverbs: Fix command checking as part of
  ib_uverbs_ex_modify_qp() (bnc#1012628).
- IB/core: Verify that QP is security enabled in create and
  destroy (bnc#1012628).
- ALSA: hda: Drop useless WARN_ON() (bnc#1012628).
- ALSA: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines
  (bnc#1012628).
- ALSA: hda - change the location for one mic on a Lenovo machine
  (bnc#1012628).
- ALSA: hda - fix headset mic detection issue on a Dell machine
  (bnc#1012628).
- ALSA: hda - Fix missing COEF init for ALC225/295/299
  (bnc#1012628).
- cpufreq: schedutil: Use idle_calls counter of the remote CPU
  (bnc#1012628).
- block: fix blk_rq_append_bio (bnc#1012628).
- block: don't let passthrough IO go into .make_request_fn()
  (bnc#1012628).
- kbuild: add '-fno-stack-check' to kernel build options
  (bnc#1012628).
- ipv4: igmp: guard against silly MTU values (bnc#1012628).
- ipv6: mcast: better catch silly mtu values (bnc#1012628).
- net: fec: unmap the xmit buffer that are not transferred by DMA
  (bnc#1012628).
- net: igmp: Use correct source address on IGMPv3 reports
  (bnc#1012628).
- net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012628).
- net: reevalulate autoflowlabel setting after sysctl setting
  (bnc#1012628).
- ptr_ring: add barriers (bnc#1012628).
- RDS: Check cmsg_len before dereferencing CMSG_DATA
  (bnc#1012628).
- tcp_bbr: record "full bw reached" decision in new
  full_bw_reached bit (bnc#1012628).
- tcp md5sig: Use skb's saddr when replying to an incoming segment
  (bnc#1012628).
- tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012628).
- tcp_bbr: reset full pipe detection on loss recovery undo
  (bnc#1012628).
- tcp_bbr: reset long-term bandwidth sampling on loss recovery
  undo (bnc#1012628).
- s390/qeth: apply takeover changes when mode is toggled
  (bnc#1012628).
- s390/qeth: don't apply takeover changes to RXIP (bnc#1012628).
- s390/qeth: lock IP table while applying takeover changes
  (bnc#1012628).
- s390/qeth: update takeover IPs after configuration change
  (bnc#1012628).
- net: ipv4: fix for a race condition in raw_sendmsg
  (bnc#1012628).
- net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
  (bnc#1012628).
- sctp: Replace use of sockets_allocated with specified macro
  (bnc#1012628).
- adding missing rcu_read_unlock in ipxip6_rcv (bnc#1012628).
- ip6_gre: fix device features for ioctl setup (bnc#1012628).
- ipv4: Fix use-after-free when flushing FIB tables (bnc#1012628).
- net: bridge: fix early call to br_stp_change_bridge_id and
  plug newlink leaks (bnc#1012628).
- net: Fix double free and memory corruption in get_net_ns_by_id()
  (bnc#1012628).
- net: phy: micrel: ksz9031: reconfigure autoneg after phy
  autoneg workaround (bnc#1012628).
- sock: free skb in skb_complete_tx_timestamp on error
  (bnc#1012628).
- tcp: invalidate rate samples during SACK reneging (bnc#1012628).
- net/mlx5: Fix rate limit packet pacing naming and struct
  (bnc#1012628).
- net/mlx5e: Fix possible deadlock of VXLAN lock (bnc#1012628).
- net/mlx5e: Fix features check of IPv6 traffic (bnc#1012628).
- net/mlx5e: Add refcount to VXLAN structure (bnc#1012628).
- net/mlx5e: Prevent possible races in VXLAN control flow
  (bnc#1012628).
- net/mlx5: Fix error flow in CREATE_QP command (bnc#1012628).
- openvswitch: Fix pop_vlan action for double tagged frames
  (bnc#1012628).
- sfc: pass valid pointers from efx_enqueue_unwind (bnc#1012628).
- net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY
  (bnc#1012628).
- s390/qeth: fix error handling in checksum cmd callback
  (bnc#1012628).
- sctp: make sure stream nums can match optlen in
  sctp_setsockopt_reset_streams (bnc#1012628).
- tipc: fix hanging poll() for stream sockets (bnc#1012628).
- mlxsw: spectrum: Disable MAC learning for ovs port
  (bnc#1012628).
- tcp: fix potential underestimation on rcv_rtt (bnc#1012628).
- net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as
  well (bnc#1012628).
- ipv6: Honor specified parameters in fibmatch lookup
  (bnc#1012628).
- tcp: refresh tcp_mstamp from timers callbacks (bnc#1012628).
- net/mlx5: FPGA, return -EINVAL if size is zero (bnc#1012628).
- vxlan: restore dev->mtu setting based on lower device
  (bnc#1012628).
- net: sched: fix static key imbalance in case of
  ingress/clsact_init error (bnc#1012628).
- bnxt_en: Fix sources of spurious netpoll warnings (bnc#1012628).
- phylink: ensure the PHY interface mode is appropriately set
  (bnc#1012628).
- phylink: ensure AN is enabled (bnc#1012628).
- ipv4: fib: Fix metrics match when deleting a route
  (bnc#1012628).
- ipv6: set all.accept_dad to 0 by default (bnc#1012628).
- Revert "mlx5: move affinity hints assignments to generic code"
  (bnc#1012628).
- skbuff: orphan frags before zerocopy clone (bnc#1012628).
- skbuff: skb_copy_ubufs must release uarg even without user frags
  (bnc#1012628).
- skbuff: in skb_copy_ubufs unclone before releasing zerocopy
  (bnc#1012628).
- sparc64: repair calling incorrect hweight function from stubs
  (bnc#1012628).
- usbip: fix usbip bind writing random string after command in
  match_busid (bnc#1012628).
- usbip: prevent leaking socket pointer address in messages
  (bnc#1012628).
- usbip: stub: stop printing kernel pointer addresses in messages
  (bnc#1012628).
- usbip: vhci: stop printing kernel pointer addresses in messages
  (bnc#1012628).
- USB: chipidea: msm: fix ulpi-node lookup (bnc#1012628).
- USB: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012628).
- USB: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012628).
- USB: serial: option: add support for Telit ME910 PID 0x1101
  (bnc#1012628).
- USB: serial: option: adding support for YUGA CLM920-NC5
  (bnc#1012628).
- usb: Add device quirk for Logitech HD Pro Webcam C925e
  (bnc#1012628).
- usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012628).
- USB: Fix off by one in type-specific length check of BOS SSP
  capability (bnc#1012628).
- usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
  (bnc#1012628).
- timers: Use deferrable base independent of base::nohz_active
  (bnc#1012628).
- timers: Invoke timer_start_debug() where it makes sense
  (bnc#1012628).
- timers: Reinitialize per cpu bases on hotplug (bnc#1012628).
- binder: fix proc->files use-after-free (bnc#1012628).
- phy: tegra: fix device-tree node lookups (bnc#1012628).
- drivers: base: cacheinfo: fix cache type for non-architected
  system cache (bnc#1012628).
- staging: android: ion: Fix dma direction for
  dma_sync_sg_for_cpu/device (bnc#1012628).
- nohz: Prevent a timer interrupt storm in
  tick_nohz_stop_sched_tick() (bnc#1012628).
- x86/smpboot: Remove stale TLB flush invocations (bnc#1012628).
- x86/mm: Remove preempt_disable/enable() from
  __native_flush_tlb() (bnc#1012628).
- x86-32: Fix kexec with stack canary (CONFIG_CC_STACKPROTECTOR)
  (bnc#1012628).
- x86/espfix/64: Fix espfix double-fault handling on 5-level
  systems (bnc#1012628).
- x86/ldt: Plug memory leak in error path (bnc#1012628).
- x86/ldt: Make LDT pgtable free conditional (bnc#1012628).
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka
  FIONREAD) (bnc#1012628).
- tty: fix tty_ldisc_receive_buf() documentation (bnc#1012628).
- Update config files.
- commit 58fec0f
- Update config files.
- i386: NR_CPUS 128->64
  - 7bbcbd3d1cd (x86/Kconfig: Limit NR_CPUS on 32-bit to a sane
    amount)
- commit 69201cf
- Linux 4.14.10 (bnc#1012628).
- Revert "ipmi_si: fix memory leak on new_smi" (bnc#1012628).
- net: mvneta: eliminate wrong call to handle rx descriptor error
  (bnc#1012628).
- net: mvneta: use proper rxq_number in loop on rx queues
  (bnc#1012628).
- net: mvneta: clear interface link status on port disable
  (bnc#1012628).
- libnvdimm, pfn: fix start_pad handling for aligned namespaces
  (bnc#1012628).
- libnvdimm, btt: Fix an incompatibility in the log layout
  (bnc#1012628).
- libnvdimm, dax: fix 1GB-aligned namespaces vs physical
  misalignment (bnc#1012628).
- drm/sun4i: Fix error path handling (bnc#1012628).
- drm/i915: Flush pending GTT writes before unbinding
  (bnc#1012628).
- powerpc/perf: Dereference BHRB entries safely (bnc#1012628).
- clk: sunxi: sun9i-mmc: Implement reset callback for reset
  controls (bnc#1012628).
- kvm: x86: fix RSM when PCID is non-zero (bnc#1012628).
- KVM: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012628).
- KVM: MMU: Fix infinite loop when there is no available mmu page
  (bnc#1012628).
- KVM: PPC: Book3S HV: Fix pending_pri value in
  kvmppc_xive_get_icp() (bnc#1012628).
- KVM: PPC: Book3S: fix XIVE migration of pending interrupts
  (bnc#1012628).
- KVM: arm/arm64: Fix HYP unmapping going off limits
  (bnc#1012628).
- arm64: kvm: Prevent restoring stale PMSCR_EL1 for vcpu
  (bnc#1012628).
- pinctrl: cherryview: Mask all interrupts on Intel_Strago based
  systems (bnc#1012628).
- spi: a3700: Fix clk prescaling for coefficient over 15
  (bnc#1012628).
- spi: xilinx: Detect stall with Unknown commands (bnc#1012628).
- Revert "parisc: Re-enable interrupts early" (bnc#1012628).
- parisc: Hide Diva-built-in serial aux and graphics card
  (bnc#1012628).
- parisc: Fix indenting in puts() (bnc#1012628).
- parisc: Align os_hpmc_size on word boundary (bnc#1012628).
- block-throttle: avoid double charge (bnc#1012628).
- block: unalign call_single_data in struct request (bnc#1012628).
- PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
  (bnc#1012628).
- ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
  (bnc#1012628).
- ALSA: usb-audio: Add native DSD support for Esoteric D-05X
  (bnc#1012628).
- ALSA: hda - Add vendor id for Cannonlake HDMI codec
  (bnc#1012628).
- ALSA: hda/realtek - Fix Dell AIO LineOut issue (bnc#1012628).
- ALSA: rawmidi: Avoid racy info ioctl via ctl device
  (bnc#1012628).
- mfd: twl6040: Fix child-node lookup (bnc#1012628).
- mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012628).
- mfd: cros ec: spi: Don't send first message too soon
  (bnc#1012628).
- crypto: af_alg - fix race accessing cipher request
  (bnc#1012628).
- crypto: af_alg - wait for data at beginning of recvmsg
  (bnc#1012628).
- crypto: mcryptd - protect the per-CPU queue with a lock
  (bnc#1012628).
- crypto: skcipher - set walk.iv for zero-length inputs
  (bnc#1012628).
- acpi, nfit: fix health event notification (bnc#1012628).
- ACPI: APEI / ERST: Fix missing error handling in erst_reader()
  (bnc#1012628).
- x86/cpu_entry_area: Prevent wraparound in
  setup_cpu_entry_area_ptes() on 32bit (bnc#1012628).
- init: Invoke init_espfix_bsp() from mm_init() (bnc#1012628).
- x86/cpu_entry_area: Move it out of the fixmap (bnc#1012628).
- x86/cpu_entry_area: Move it to a separate unit (bnc#1012628).
- x86/mm: Create asm/invpcid.h (bnc#1012628).
- x86/mm: Put MMU to hardware ASID translation in one place
  (bnc#1012628).
- x86/mm: Remove hard-coded ASID limit checks (bnc#1012628).
- x86/mm: Move the CR3 construction functions to tlbflush.h
  (bnc#1012628).
- x86/mm: Add comments to clarify which TLB-flush functions are
  supposed to flush what (bnc#1012628).
- x86/mm: Remove superfluous barriers (bnc#1012628).
- x86/mm: Use __flush_tlb_one() for kernel memory (bnc#1012628).
- x86/microcode: Dont abuse the TLB-flush interface (bnc#1012628).
- x86/uv: Use the right TLB-flush API (bnc#1012628).
- x86/entry: Rename SYSENTER_stack to CPU_ENTRY_AREA_entry_stack
  (bnc#1012628).
- x86/doc: Remove obvious weirdnesses from the x86 MM layout
  documentation (bnc#1012628).
- x86/mm/64: Improve the memory map documentation (bnc#1012628).
- x86/ldt: Prevent LDT inheritance on exec (bnc#1012628).
- x86/ldt: Rework locking (bnc#1012628).
- arch, mm: Allow arch_dup_mmap() to fail (bnc#1012628).
- x86/vsyscall/64: Warn and fail vsyscall emulation in NATIVE mode
  (bnc#1012628).
- x86/vsyscall/64: Explicitly set _PAGE_USER in the pagetable
  hierarchy (bnc#1012628).
- x86/mm/dump_pagetables: Make the address hints correct and
  readable (bnc#1012628).
- x86/mm/dump_pagetables: Check PAGE_PRESENT for real
  (bnc#1012628).
- x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount
  (bnc#1012628).
- x86/insn-eval: Add utility functions to get segment selector
  (bnc#1012628).
- x86/decoder: Fix and update the opcodes map (bnc#1012628).
- objtool: Fix 64-bit build on 32-bit host (bnc#1012628).
- tools/headers: Sync objtool UAPI header (bnc#1012628).
- objtool: Fix cross-build (bnc#1012628).
- objtool: Move kernel headers/code sync check to a script
  (bnc#1012628).
- objtool: Move synced files to their original relative locations
  (bnc#1012628).
- Revert "ipv6: grab rt->rt6i_ref before allocating pcpu rt"
  (bnc#1012628).
- commit a9b9f85

==== ucode-intel ====

- firmware-CVE-2017-5715.tar.gz: updates for:
  HSX EP 000306F2
  BDX E EP EP4S EX 000406F1
  SKX H0 00050654
  (bsc#1068032 CVE-2017-5715)