linux-kvm (4.4.0-1076.83) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1076.83 -proposed tracker (LP: #1882762) [ Ubuntu: 4.4.0-185.215 ] * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * CVE-2020-0543 - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when not supported * Xenial update: 4.4.224 upstream stable release (LP: #1881356) - USB: serial: qcserial: Add DW5816e support - Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS" - dp83640: reverse arguments to list_add_tail - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() - sch_sfq: validate silly quantum values - sch_choke: avoid potential panic in choke_reset() - enic: do not overwrite error code - ipv6: fix cleanup ordering for ip6_mr failure - binfmt_elf: move brk out of mmap when doing direct loader exec - x86/apm: Don't access __preempt_count with zeroed fs - Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" - USB: uas: add quirk for LaCie 2Big Quadra - USB: serial: garmin_gps: add sanity checking for data length - batman-adv: fix batadv_nc_random_weight_tq - scripts/decodecode: fix trapping instruction formatting - phy: micrel: Ensure interrupts are reenabled on resume - binfmt_elf: Do not move brk for INTERP-less ET_EXEC - ext4: add cond_resched() to ext4_protect_reserved_inode - blktrace: Fix potential deadlock between delete & sysfs ops - blktrace: fix unlocked access to init/start-stop/teardown - blktrace: fix trace mutex deadlock - ptp: do not explicitly set drvdata in ptp_clock_register() - ptp: use is_visible method to hide unused attributes - ptp: create "pins" together with the rest of attributes - chardev: add helper function to register char devs with a struct device - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register - ptp: fix the race between the release of ptp_clock and cdev - ptp: free ptp device pin descriptors properly - net: handle no dst on skb in icmp6_send - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' - net: moxa: Fix a potential double 'free_irq()' - drop_monitor: work around gcc-10 stringop-overflow warning - scsi: sg: add sg_remove_request in sg_write - cifs: Check for timeout on Negotiate stage - cifs: Fix a race condition with cifs_echo_request - dmaengine: pch_dma.c: Avoid data race between probe and irq handler - dmaengine: mmp_tdma: Reset channel error on release - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index - net: openvswitch: fix csum updates for MPLS actions - gre: do not keep the GRE header around in collect medata mode - mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone() - scsi: qla2xxx: Avoid double completion of abort command - i40e: avoid NVM acquire deadlock during NVM update - net/mlx5: Fix driver load error flow when firmware is stuck - netfilter: conntrack: avoid gcc-10 zero-length-bounds warning - IB/mlx4: Test return value of calls to ib_get_cached_pkey - pnp: Use list_for_each_entry() instead of open coding - gcc-10 warnings: fix low-hanging fruit - kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig - Stop the ad-hoc games with -Wno-maybe-initialized - gcc-10: disable 'zero-length-bounds' warning for now - gcc-10: disable 'array-bounds' warning for now - gcc-10: disable 'stringop-overflow' warning for now - gcc-10: disable 'restrict' warning for now - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter - blk-mq: Allow blocking queue tag iter callbacks - x86/paravirt: Remove the unused irq_enable_sysexit pv op - gcc-10: avoid shadowing standard library 'free()' in crypto - net: fix a potential recursive NETDEV_FEAT_CHANGE - net: ipv4: really enforce backoff for redirects - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses - ALSA: rawmidi: Initialize allocated buffers - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries - x86: Fix early boot crash on gcc-10, third try - exec: Move would_dump into flush_old_exec - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' - usb: gadget: audio: Fix a missing error return value in audio_bind() - usb: gadget: legacy: fix error return code in gncm_bind() - usb: gadget: legacy: fix error return code in cdc_bind() - ARM: dts: r8a7740: Add missing extal2 to CPG node - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce - Makefile: disallow data races on gcc-10 as well - scsi: iscsi: Fix a potential deadlock in the timeout handler - Linux 4.4.224 * upgrading to 4.15.0-99-generic breaks the sound and the trackpad (LP: #1875916) // Xenial update: 4.4.224 upstream stable release (LP: #1881356) - Revert "ALSA: hda/realtek: Fix pop noise on ALC225" * CVE-2020-10711 - netlabel: cope with NULL catmap * CVE-2020-13143 - USB: gadget: fix illegal array access in binding with UDC * ext2 build failure on 4.4.0-180.210 (LP: #1880213) - ext2: fix debug reference to ext2_xattr_cache * test_bpf of ubuntu_kernel_selftests.net ADT test failure with linux 4.4.0-180.210 (LP: #1879752) - bpf, test: fix ld_abs + vlan push/pop stress test -- Sultan Alsawaf Fri, 12 Jun 2020 11:01:55 -0700 linux-kvm (4.4.0-1075.82) xenial; urgency=medium [ Ubuntu: 4.4.0-184.214 ] * CVE-2020-0543 - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id - SAUCE: x86/cpu: Add 'table' argument to cpu_matches() - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation - SAUCE: x86/speculation: Add Ivy Bridge to affected list [ Ubuntu: 4.4.0-181.211 ] * xenial/linux: 4.4.0-181.211 -proposed tracker (LP: #1881170) * CVE-2020-12769 - spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls * I2C bus on Dell Edge Gateway stops working after upgrading to Ubuntu-4.4.0-180.210 (LP: #1881124) - SAUCE: Revert: Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()" -- Thadeu Lima de Souza Cascardo Wed, 03 Jun 2020 22:07:03 -0300 linux-kvm (4.4.0-1072.79) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1072.79 -proposed tracker (LP: #1878865) [ Ubuntu: 4.4.0-180.210 ] * xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873) * Xenial update: 4.4.223 upstream stable release (LP: #1878232) - mwifiex: fix PCIe register information for 8997 chipset - drm/qxl: qxl_release use after free - drm/qxl: qxl_release leak in qxl_draw_dirty_fb() - staging: rtl8192u: Fix crash due to pointers being "confusing" - usb: gadget: f_acm: Fix configfs attr name - usb: gadged: pch_udc: get rid of redundant assignments - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock - usb: gadget: udc: core: don't starve DMA resources - MIPS: Fix macro typo - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[] - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200 - MIPS: smp-cps: Stop printing EJTAG exceptions to UART - MIPS: scall: Handle seccomp filters which redirect syscalls - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache - MIPS: BMIPS: Pretty print BMIPS5200 processor name - MIPS: Fix HTW config on XPA kernel without LPA enabled - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435 - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation - MIPS: Fix BC1{EQ,NE}Z return offset calculation - MIPS: perf: Fix I6400 event numbers - MIPS: KVM: Fix translation of MFC0 ErrCtl - MIPS: SMP: Update cpu_foreign_map on CPU disable - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA - MIPS: Octeon: Off by one in octeon_irq_gpio_map() - bpf, mips: fix off-by-one in ctx offset allocation - MIPS: RM7000: Double locking bug in rm7k_tc_disable() - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO - mips/panic: replace smp_send_stop() with kdump friendly version in panic path - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz - ARM: imx: select SRC for i.MX7 - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl - ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl - ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl - ARM: dts: kirkwood: use unique machine name for ds112 - ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile - ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence - perf/x86: Fix filter_events() bug with event mappings - x86/LDT: Print the real LDT base address - x86/apic/uv: Silence a shift wrapping warning - ALSA: fm801: explicitly free IRQ line - ALSA: fm801: propagate TUNER_ONLY bit when autodetected - ALSA: fm801: detect FM-only card earlier - netfilter: nfnetlink: use original skbuff when acking batches - xfrm: fix crash in XFRM_MSG_GETSA netlink handler - mwifiex: fix IBSS data path issue. - mwifiex: add missing check for PCIe8997 chipset - iwlwifi: set max firmware version of 7265 to 17 - Bluetooth: btmrvl: fix hung task warning dump - dccp: limit sk_filter trim to payload - net/mlx4_core: Do not BUG_ON during reset when PCI is offline - mlxsw: pci: Correctly determine if descriptor queue is full - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() - alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not IORESOURCE_IO - vfio/pci: Allow VPD short read - mlxsw: Treat local port 64 as valid - IB/mlx4: Initialize hop_limit when creating address handle - GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU - powerpc/pci/of: Parse unassigned resources - firmware: actually return NULL on failed request_firmware_nowait() - c8sectpfe: Rework firmware loading mechanism - net/mlx5: Avoid passing dma address 0 to firmware - IB/mlx5: Fix RC transport send queue overhead computation - net/mlx5: Make command timeout way shorter - IB/mlx5: Fix FW version diaplay in sysfs - net/mlx5e: Fix MLX5E_100BASE_T define - net/mlx5: Fix the size of modify QP mailbox - net/mlx5: Fix masking of reserved bits in XRCD number - net/mlx5e: Fix blue flame quota logic - net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create - net/mlx5: Avoid calling sleeping function by the health poll thread - net/mlx5: Fix wait_vital for VFs and remove fixed sleep - net/mlx5: Fix potential deadlock in command mode change - net/mlx5: Add timeout handle to commands with callback - net/mlx5: Fix pci error recovery flow - net/mlx5e: Copy all L2 headers into inline segment - net_sched: keep backlog updated with qlen - sch_drr: update backlog as well - sch_hfsc: always keep backlog updated - sch_prio: update backlog as well - sch_qfq: keep backlog updated with qlen - sch_sfb: keep backlog updated with qlen - sch_tbf: update backlog as well - btrfs: cleaner_kthread() doesn't need explicit freeze - irda: Free skb on irda_accept error path. - phy: fix device reference leaks - bonding: prevent out of bound accesses - mtd: nand: fix ONFI parameter page layout - ath10k: free cached fw bin contents when get board id fails - xprtrdma: checking for NULL instead of IS_ERR() - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock) - xprtrdma: xprt_rdma_free() must not release backchannel reqs - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len - RDMA/cxgb3: device driver frees DMA memory with different size - mlxsw: spectrum: Don't forward packets when STP state is DISABLED - mlxsw: spectrum: Disable learning according to STP state - mlxsw: spectrum: Don't count internal TX header bytes to stats - mlxsw: spectrum: Indicate support for autonegotiation - mlxsw: spectrum: Fix misuse of hard_header_len - net: tcp_memcontrol: properly detect ancestor socket pressure - tcp: do not set rtt_min to 1 - RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting t_sock - net: ipv6: tcp reset, icmp need to consider L3 domain - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove - batman-adv: replace WARN with rate limited output on non-existing VLAN - tty: serial: msm: Support more bauds - serial: samsung: Fix possible out of bounds access on non-DT platform - isa: Call isa_bus_init before dependent ISA bus drivers register - Btrfs: clean up an error code in btrfs_init_space_info() - Input: gpio-keys - fix check for disabling unsupported keys - Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree - net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key - xfrm_user: propagate sec ctx allocation errors - xfrm: Fix memory leak of aead algorithm name - mac80211: fix mgmt-tx abort cookie and leak - mac80211: TDLS: always downgrade invalid chandefs - mac80211: TDLS: change BW calculation for WIDER_BW peers - mac80211: Fix BW upgrade for TDLS peers - NFS: Fix an LOCK/OPEN race when unlinking an open file - net: get rid of an signed integer overflow in ip_idents_reserve() - mtd: nand: denali: add missing nand_release() call in denali_remove() - ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld() - ASoC: tegra_alc5632: check return value - ASoC: fsl_ssi: mark SACNT register volatile - Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()" - mmc: sdhci: restore behavior when setting VDD via external regulator - mmc: sd: limit SD card power limit according to cards capabilities - mmc: debugfs: correct wrong voltage value - mmc: block: return error on failed mmc_blk_get() - clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization" - mmc: dw_mmc: rockchip: Set the drive phase properly - mmc: moxart: fix wait_for_completion_interruptible_timeout return variable type - mmc: sdhci: Fix regression setting power on Trats2 board - perf tools: Fix perf regs mask generation - powerpc/book3s: Fix MCE console messages for unrecoverable MCE. - sctp: fix the transports round robin issue when init is retransmitted - sunrpc: Update RPCBIND_MAXNETIDLEN - NFC: nci: memory leak in nci_core_conn_create() - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS - net: phy: Fix phy_mac_interrupt() - net: phy: bcm7xxx: Fix shadow mode 2 disabling - of_mdio: fix node leak in of_phy_register_fixed_link error path - phy: micrel: Fix finding PHY properties in MAC node for KSZ9031. - net: dsa: slave: fix of-node leak and phy priority - drivers: net: cpsw: don't ignore phy-mode if phy-handle is used - iommu/dma: Respect IOMMU aperture when allocating - mdio-sun4i: oops in error handling in probe - iio:ad7797: Use correct attribute_group - selftests/ipc: Fix test failure seen after initial test run - wimax/i2400m: Fix potential urb refcnt leak - cifs: protect updating server->dstaddr with a spinlock - scripts/config: allow colons in option strings for sed - lib/mpi: Fix building for powerpc with clang - net: bcmgenet: suppress warnings on failed Rx SKB allocations - net: systemport: suppress warnings on failed Rx SKB allocations - rc: allow rc modules to be loaded if rc-main is not a module - lirc_imon: do not leave imon_probe() with mutex held - am437x-vpfe: fix an uninitialized variable bug - cx23885: uninitialized variable in cx23885_av_work_handler() - ath9k_htc: check for underflow in ath9k_htc_rx_msg() - VFIO: platform: reset: fix a warning message condition - net: moxa: fix an error code - mfd: lp8788-irq: Uninitialized variable in irq handler - ethernet: micrel: fix some error codes - power: ipaq-micro-battery: freeing the wrong variable - i40e: fix an uninitialized variable bug - qede: uninitialized variable in qede_start_xmit() - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() - target: Fix a memory leak in target_dev_lba_map_store() - memory/tegra: Add number of TLB lines for Tegra124 - pinctrl: bcm2835: Fix memory leak in error path - be2net: Don't leak iomapped memory on removal. - ipv4: Fix memory leak in exception case for splitting tries - flow_dissector: Check for IP fragmentation even if not using IPv4 address - ipv4: fix checksum annotation in udp4_csum_init - ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf() - ipv4: accept u8 in IP_TOS ancillary data - net: vrf: Fix dev refcnt leak due to IPv6 prefix route - ipv6: fix checksum annotation in udp6_csum_init - ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf() - ipv6: add missing netconf notif when 'all' is updated - net: ipv6: Fix processing of RAs in presence of VRF - netfilter: nf_tables: fix a wrong check to skip the inactive rules - netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled - netfilter: nf_tables: destroy the set if fail to add transaction - netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it - udp: restore UDPlite many-cast delivery - clk: st: avoid uninitialized variable use - clk: gpio: handle error codes for of_clk_get_parent_count() - clk: ti: omap3+: dpll: use non-locking version of clk_get_rate - clk: multiplier: Prevent the multiplier from under / over flowing - clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit - clk: xgene: Don't call __pa on ioremaped address - cls_bpf: reset class and reuse major in da - arm64: bpf: jit JMP_JSET_{X,K} - bpf, trace: check event type in bpf_perf_event_read - bpf: fix map not being uncharged during map creation failure - net/mlx4_core: Fix potential corruption in counters database - net/mlx4_core: Fix access to uninitialized index - net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill - net/mlx4_core: Check device state before unregistering it - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec - net/mlx4_en: Process all completions in RX rings after port goes up - net/mlx4_core: Do not access comm channel if it has not yet been initialized - net/mlx4_en: Fix potential deadlock in port statistics flow - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering - net/mlx4_core: Fix QUERY FUNC CAP flags - mlxsw: switchx2: Fix misuse of hard_header_len - mlxsw: switchx2: Fix ethernet port initialization - sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion - net_sched: flower: Avoid dissection of unmasked keys - pkt_sched: fq: use proper locking in fq_dump_stats() - sched/preempt: Fix preempt_count manipulations - power: bq27xxx: fix reading for bq27000 and bq27010 - power: bq27xxx: fix register numbers of bq27500 - power: test_power: correctly handle empty writes - power: bq27xxx_battery: Fix bq27541 AveragePower register address - power_supply: tps65217-charger: Fix NULL deref during property export - net: vrf: Fix dst reference counting - net: Don't delete routes in different VRFs - vti6: fix input path - ipv4: Fix table id reference in fib_sync_down_addr - mlx4: do not call napi_schedule() without care - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps - ALSA: fm801: Initialize chip after IRQ handler is registered - bonding: fix length of actor system - MIPS: perf: Remove incorrect odd/even counter handling for I6400 - Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT" - net: dsa: mv88e6xxx: unlock DSA and CPU ports - gfs2: fix flock panic issue - blk-mq: fix undefined behaviour in order_to_size() - dm: fix second blk_delay_queue() parameter to be in msec units not jiffies - dmaengine: edma: Add probe callback to edma_tptc_driver - openvswitch: update checksum in {push,pop}_mpls - cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled - net: bcmgenet: fix skb_len in bcmgenet_xmit_single() - net: bcmgenet: device stats are unsigned long - gre: do not assign header_ops in collect metadata mode - gre: build header correctly for collect metadata tunnels - gre: reject GUE and FOU in collect metadata mode - sfc: fix potential stack corruption from running past stat bitmask - sfc: clear napi_hash state when copying channels - net: bcmsysport: Device stats are unsigned long - cxgbi: fix uninitialized flowi6 - net: macb: add missing free_netdev() on error in macb_probe() - macvtap: segmented packet is consumed - tipc: fix the error handling in tipc_udp_enable() - net: icmp6_send should use dst dev to determine L3 domain - et131x: Fix logical vs bitwise check in et131x_tx_timeout() - net: ethernet: stmmac: dwmac-sti: fix probe error path - rtnl: reset calcit fptr in rtnl_unregister() - net: ethernet: stmmac: dwmac-rk: fix probe error path - fq_codel: return non zero qlen in class dumps - net: ethernet: stmmac: dwmac-generic: fix probe error path - bnxt: add a missing rcu synchronization - qdisc: fix a module refcount leak in qdisc_create_dflt() - net: axienet: Fix return value check in axienet_probe() - bnxt_en: Remove locking around txr->dev_state - net: ethernet: davinci_emac: Fix devioctl while in fixed link - net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented - net: ethernet: ti: cpsw: fix device and of_node leaks - net: ethernet: ti: cpsw: fix secondary-emac probe error path - net: hns: fix device reference leaks - net: bridge: don't increment tx_dropped in br_do_proxy_arp - net: dsa: mv88e6xxx: enable SA learning on DSA ports - net: ehea: avoid null pointer dereference - l2tp: fix use-after-free during module unload - hwrng: exynos - Disable runtime PM on driver unbind - net: icmp_route_lookup should use rt dev to determine L3 domain - net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats - net: macb: replace macb_writel() call by queue_writel() to update queue ISR - ravb: Add missing free_irq() call to ravb_close() - mvpp2: use correct size for memset - net: vxlan: lwt: Fix vxlan local traffic. - net: ethoc: Fix early error paths - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets. - regulator: core: Rely on regulator_dev_release to free constraints - net: dsa: mv88e6xxx: fix port VLAN maps - at803x: fix reset handling - cxl: Fix DAR check & use REGION_ID instead of opencoding - net: ethernet: davinci_emac: Fix platform_data overwrite - ata: sata_dwc_460ex: remove incorrect locking - pinctrl: tegra: Correctly check the supported configuration - brcmfmac: add fallback for devices that do not report per-chain values - brcmfmac: restore stopping netdev queue when bus clogs up - bridge: Fix problems around fdb entries pointing to the bridge device - bna: add missing per queue ethtool stat - net: skbuff: Remove errornous length validation in skb_vlan_pop() - net: ep93xx_eth: Do not crash unloading module - macvlan: Fix potential use-after free for broadcasts - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case - ALSA: hda: Match both PCI ID and SSID for driver blacklist - mac80211: add ieee80211_is_any_nullfunc() - Linux 4.4.223 * Xenial update: 4.4.222 upstream stable release (LP: #1878246) - ext4: fix special inode number checks in __ext4_iget() - drm/qxl: qxl_release leak in qxl_hw_surface_alloc() - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly - PM: ACPI: Output correct message on target power state - RDMA/mlx4: Initialize ib_spec on the stack - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() - ALSA: opti9xx: shut up gcc-10 range warning - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl - dmaengine: dmatest: Fix iteration non-stop logic - i2c: designware-pci: use IRQF_COND_SUSPEND flag - perf hists: Fix HISTC_MEM_DCACHELINE width setting - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8 - perf/x86: Fix uninitialized value usage - exynos4-is: fix a format string bug - ASoC: wm8960: Fix WM8960_SYSCLK_PLL mode - ASoC: imx-spdif: Fix crash on suspend - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 - selinux: properly handle multiple messages in selinux_netlink_send() - Linux 4.4.222 * Xenial update: 4.4.221 upstream stable release (LP: #1878098) - ext4: fix extent_status fragmentation for plain files - ALSA: hda - Fix incorrect usage of IS_REACHABLE() - net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() - net: ipv4: avoid unused variable warning for sysctl - crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static - vti4: removed duplicate log message. - scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login - ceph: return ceph_mdsc_do_request() errors from __get_parent() - ceph: don't skip updating wanted caps when cap is stale - pwm: rcar: Fix late Runtime PM enablement - scsi: iscsi: Report unbind session event when the target has been removed - ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() - kernel/gcov/fs.c: gcov_seq_next() should increase position index - ipc/util.c: sysvipc_find_ipc() should increase position index - s390/cio: avoid duplicated 'ADD' uevents - pwm: renesas-tpu: Fix late Runtime PM enablement - pwm: bcm2835: Dynamically allocate base - ipv6: fix restrict IPV6_ADDRFORM operation - macvlan: fix null dereference in macvlan_device_event() - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node - net/x25: Fix x25_neigh refcnt leak when receiving frame - tcp: cache line align MAX_TCP_HEADER - team: fix hang in team_mode_get() - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish - ALSA: hda: Remove ASUS ROG Zenith from the blacklist - iio: xilinx-xadc: Fix ADC-B powerdown - iio: xilinx-xadc: Fix clearing interrupt when enabling trigger - iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode - fs/namespace.c: fix mountpoint reference counter race - USB: sisusbvga: Change port variable from signed to unsigned - USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE - drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. - drivers: usb: core: Minimize irq disabling in usb_sg_cancel() - USB: core: Fix free-while-in-use bug in the USB S-Glibrary - USB: hub: Fix handling of connect changes during sleep - ALSA: usx2y: Fix potential NULL dereference - ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif - ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices - KVM: Check validity of resolved slot when searching memslots - KVM: VMX: Enable machine check support for 32bit targets - tty: hvc: fix buffer overflow during hvc_alloc(). - tty: rocket, avoid OOB access - usb-storage: Add unusual_devs entry for JMicron JMS566 - audit: check the length of userspace generated audit records - ASoC: dapm: fixup dapm kcontrol widget - ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y - staging: comedi: dt2815: fix writing hi byte of analog output - staging: comedi: Fix comedi_device refcnt leak in comedi_open - staging: vt6656: Fix drivers TBTT timing counter. - staging: vt6656: Power save stop wake_up_count wrap around. - UAS: no use logging any details in case of ENODEV - UAS: fix deadlock in error handling and PM flushing work - usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() - remoteproc: Fix wrong rvring index computation - sctp: use right member as the param of list_for_each_entry - fuse: fix possibly missed wake-up after abort - mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer - usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete - net/cxgb4: Check the return from t4_query_params properly - perf/core: fix parent pid/tid in task exit events - bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B - scsi: target: fix PR IN / READ FULL STATUS for FC - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status - ext4: convert BUG_ON's to WARN_ON's in mballoc.c - ext4: avoid declaring fs inconsistent due to invalid file handles - ext4: protect journal inode's blocks using block_validity - ext4: don't perform block validity checks on the journal inode - ext4: fix block validity checks for journal inodes using indirect blocks - ext4: unsigned int compared against zero - propagate_one(): mnt_set_mountpoint() needs mount_lock - Linux 4.4.221 * Xenial update: 4.4.220 upstream stable release (LP: #1875905) - bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads - net: vxge: fix wrong __VA_ARGS__ usage - qlcnic: Fix bad kzalloc null test - i2c: st: fix missing struct parameter description - irqchip/versatile-fpga: Handle chained IRQs properly - selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault - libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() - gfs2: Don't demote a glock until its revokes are written - x86/boot: Use unsigned comparison for addresses - locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps() - btrfs: remove a BUG_ON() from merge_reloc_roots() - btrfs: track reloc roots based on their commit root bytenr - misc: rtsx: set correct pcr_ops for rts522A - ASoC: fix regwmask - ASoC: dapm: connect virtual mux with default value - ASoC: dpcm: allow start or stop during pause for backend - ASoC: topology: use name_prefix for new kcontrol - usb: gadget: f_fs: Fix use after free issue as part of queue failure - usb: gadget: composite: Inform controller driver of self-powered - ALSA: usb-audio: Add mixer workaround for TRX40 and co - ALSA: hda: Add driver blacklist - ALSA: hda: Fix potential access overflow in beep helper - ALSA: ice1724: Fix invalid access for enumerated ctl items - ALSA: pcm: oss: Fix regression by buffer overflow fix - acpi/x86: ignore unspecified bit positions in the ACPI global lock field - thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n - irqchip/versatile-fpga: Apply clear-mask earlier - MIPS: OCTEON: irq: Fix potential NULL pointer dereference - ath9k: Handle txpower changes even when TPC is disabled - signal: Extend exec_id to 64bits - x86/entry/32: Add missing ASM_CLAC to general_protection entry - KVM: x86: Allocate new rmap and large page tracking when moving memslot - crypto: mxs-dcp - fix scatterlist linearization for hash - futex: futex_wake_op, do not fail on invalid op - xen-netfront: Rework the fix for Rx stall during OOM and network stress - ALSA: hda: Initialize power_state field properly - Btrfs: incremental send, fix invalid memory access - IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush - scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend - ext4: fix a data race at inode->i_blocks - ocfs2: no need try to truncate file beyond i_size - s390/diag: fix display of diagnose call statistics - Input: i8042 - add Acer Aspire 5738z to nomux list - kmod: make request_module() return an error when autoloading is disabled - hfsplus: fix crash and filesystem corruption when deleting files - powerpc/64/tm: Don't let userspace set regs->trap via sigreturn - Btrfs: fix crash during unmount due to race with delayed inode workers - drm/dp_mst: Fix clearing payload state on topology disable - ipmi: fix hung processes in __get_guid() - powerpc/fsl_booke: Avoid creating duplicate tlb1 entry - misc: echo: Remove unnecessary parentheses and simplify check for zero - mfd: dln2: Fix sanity checking for endpoints - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin - net: ipv6: do not consider routes via gateways for anycast address check - scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic - jbd2: improve comments about freeing data buffers whose page mapping is NULL - ext4: fix incorrect group count in ext4_fill_super error message - ext4: fix incorrect inodes per group in error message - ASoC: Intel: mrfld: fix incorrect check on p->sink - ASoC: Intel: mrfld: return error codes when an error occurs - ALSA: usb-audio: Don't override ignore_ctl_error value from the map - mac80211_hwsim: Use kstrndup() in place of kasprintf() - ext4: do not zeroout extents beyond i_disksize - dm flakey: check for null arg_name in parse_features() - kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD - x86/mitigations: Clear CPU buffers on the SYSCALL fast path - tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation - scsi: sg: add sg_remove_request in sg_common_write - ALSA: hda: Don't release card at firmware loading error - video: fbdev: sis: Remove unnecessary parentheses and commented code - drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem - wil6210: increase firmware ready timeout - wil6210: fix temperature debugfs - scsi: ufs: ufs-qcom: remove broken hci version quirk - wil6210: rate limit wil_rx_refill error - rtc: pm8xxx: Fix issue in RTC write path - soc: qcom: smem: Use le32_to_cpu for comparison - of: fix missing kobject init for !SYSFS && OF_DYNAMIC config - of: unittest: kmemleak in of_unittest_platform_populate() - clk: at91: usb: continue if clk_hw_round_rate() return zero - clk: tegra: Fix Tegra PMC clock out parents - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails - ext4: do not commit super on read-only bdev - percpu_counter: fix a data race at vm_committed_as - compiler.h: fix error in BUILD_BUG_ON() reporting - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() - ext2: fix empty body warnings when -Wextra is used - iommu/amd: Fix the configuration of GCR3 table root pointer - fbdev: potential information leak in do_fb_ioctl() - tty: evh_bytechan: Fix out of bounds accesses - locktorture: Print ratio of acquisitions, not failures - mtd: lpddr: Fix a double free in probe() - mtd: phram: fix a double free issue in error path - x86/CPU: Add native CPUID variants returning a single datum - x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax) - x86/vdso: Fix lsl operand order - Linux 4.4.220 * Panic on suspend/resume Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 (LP: #1821434) // Xenial update: 4.4.220 upstream stable release (LP: #1875905) - libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set * psock_tpacket from the net test in ubuntu_kernel_selftests failed on KVM kernels (LP: #1812176) - selftests/net: skip psock_tpacket test if KALLSYMS was not enabled * tunnels over IPv6 are unencrypted when using IPsec (LP: #1876982) // CVE-2020-1749 - net: ipv6: add net argument to ip6_dst_lookup_flow - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup * Bionic ubuntu ethtool doesn't check ring parameters boundaries (LP: #1874444) - ethtool: Ensure new ring parameters are within bounds during SRINGPARAM * Improve TSC refinement (and calibration) reliability (LP: #1877858) - x86/tsc: Make calibration refinement more robust * Do not treat unresolved test case in ftrace from ubuntu_kernel_selftests as failure (LP: #1877958) - ftrace/selftest: make unresolved cases cause failure if --fail-unresolved set -- Khalid Elmously Thu, 21 May 2020 02:18:12 -0400 linux-kvm (4.4.0-1071.78) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1071.78 -proposed tracker (LP: #1874796) [ Ubuntu: 4.4.0-179.209 ] * xenial/linux: 4.4.0-179.209 -proposed tracker (LP: #1874804) * Add debian/rules targets to compile/run kernel selftests (LP: #1874286) - [Packaging] add support to compile/run selftests * getitimer returns it_value=0 erroneously (LP: #1349028) - [Config] CONTEXT_TRACKING_FORCE policy should be unset * CVE-2020-11608 - media: ov519: add missing endpoint sanity checks * CVE-2019-19060 - iio: imu: adis16400: release allocated memory on failure * Xenial update: 4.4.219 upstream stable release (LP: #1874045) - drm/bochs: downgrade pci_request_region failure from error to warning - ipv4: fix a RCU-list lock in fib_triestat_seq_show - net, ip_tunnel: fix interface lookup with no key - sctp: fix possibly using a bad saddr with a given dst - l2tp: Correctly return -EBADF from pppol2tp_getname. - net: l2tp: Make l2tp_ip6 namespace aware - l2tp: fix race in l2tp_recv_common() - l2tp: ensure session can't get removed during pppol2tp_session_ioctl() - l2tp: fix duplicate session creation - l2tp: Refactor the codes with existing macros instead of literal number - l2tp: ensure sessions are freed after their PPPOL2TP socket - l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall() - usb: gadget: uac2: Drop unused device qualifier descriptor - usb: gadget: printer: Drop unused device qualifier descriptor - padata: always acquire cpu_hotplug_lock before pinst->lock - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED - net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting - random: always use batched entropy for get_random_u{32,64} - tools/accounting/getdelays.c: fix netlink attribute length - power: supply: axp288_charger: Fix unchecked return value - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow - clk: qcom: rcg: Return failure for RCG update - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() - Linux 4.4.219 * Xenial update: 4.4.218 upstream stable release (LP: #1873852) - spi: qup: call spi_qup_pm_resume_runtime before suspending - powerpc: Include .BTF section - ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes - spi/zynqmp: remove entry that causes a cs glitch - drm/exynos: dsi: propagate error value and silence meaningless warning - drm/exynos: dsi: fix workaround for the legacy clock name - altera-stapl: altera_get_note: prevent write beyond end of 'key' - USB: Disable LPM on WD19's Realtek Hub - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters - USB: serial: option: add ME910G1 ECM composition 0x110b - usb: host: xhci-plat: add a shutdown - USB: serial: pl2303: add device-id for HP LD381 - ALSA: line6: Fix endless MIDI read loop - ALSA: seq: virmidi: Fix running status after receiving sysex - ALSA: seq: oss: Fix running status after receiving sysex - ALSA: pcm: oss: Avoid plugin buffer overflow - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 - staging/speakup: fix get_word non-space look-ahead - intel_th: Fix user-visible error codes - rtc: max8907: add missing select REGMAP_IRQ - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event - mm: slub: be more careful about the double cmpxchg of freelist - mm, slub: prevent kmalloc_node crashes and memory leaks - x86/mm: split vmalloc_sync_all() - USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL - USB: cdc-acm: fix rounding error in TIOCSSERIAL - kbuild: Disable -Wpointer-to-enum-cast - futex: Fix inode life-time issue - futex: Unbreak futex hashing - arm64: smp: fix smp_send_stop() behaviour - Revert "drm/dp_mst: Skip validating ports during destruction, just ref" - hsr: fix general protection fault in hsr_addr_is_self() - net: dsa: Fix duplicate frames flooded by learning - net_sched: cls_route: remove the right filter from hashtable - net_sched: keep alloc_hash updated after hash allocation - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() - slcan: not call free_netdev before rtnl_unlock in slcan_open - vxlan: check return value of gro_cells_init() - hsr: use rcu_read_lock() in hsr_get_node_{list/status}() - hsr: add restart routine into hsr_get_node_list() - hsr: set .netnsok flag - vhost: Check docket sk_family instead of call getname - IB/ipoib: Do not warn if IPoIB debugfs doesn't exist - uapi glibc compat: fix outer guard of net device flags enum - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr - drivers/hwspinlock: use correct radix tree API - net: ipv4: don't let PMTU updates increase route MTU - cpupower: avoid multiple definition with gcc -fno-common - dt-bindings: net: FMan erratum A050385 - scsi: ipr: Fix softlockup when rescanning devices in petitboot - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled - sxgbe: Fix off by one in samsung driver strncpy size arg - i2c: hix5hd2: add missed clk_disable_unprepare in remove - perf probe: Do not depend on dwfl_module_addrsym() - scripts/dtc: Remove redundant YYLOC global declaration - scsi: sd: Fix optimal I/O size for devices that change reported values - mac80211: mark station unauthorized before key removal - genirq: Fix reference leaks on irq affinity notifiers - vti[6]: fix packet tx through bpf_redirect() in XinY cases - xfrm: fix uctx len check in verify_sec_ctx_len - xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire - xfrm: policy: Fix doulbe free in xfrm_policy_timer - vti6: Fix memory leak of skb if input policy check fails - tools: Let O= makes handle a relative path with -C option - USB: serial: option: add support for ASKEY WWHC050 - USB: serial: option: add BroadMobi BM806U - USB: serial: option: add Wistron Neweb D19Q1 - USB: cdc-acm: restore capability check order - USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback - usb: musb: fix crash with highmen PIO and usbmon - media: flexcop-usb: fix endpoint sanity check - media: usbtv: fix control-message timeouts - staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table - staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback - libfs: fix infoleak in simple_attr_read() - media: ov519: add missing endpoint sanity checks - media: dib0700: fix rc endpoint lookup - media: stv06xx: add missing descriptor sanity checks - media: xirlink_cit: add missing descriptor sanity checks - vt: selection, introduce vc_is_sel - vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines - vt: switch vt_dont_switch to bool - vt: vt_ioctl: remove unnecessary console allocation checks - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console - locking/atomic, kref: Add kref_read() - vt: vt_ioctl: fix use-after-free in vt_in_use() - bpf: Explicitly memset the bpf_attr structure - net: ks8851-ml: Fix IO operations, again - perf map: Fix off by one in strncpy() size argument - Linux 4.4.218 * Pop sound from build-in speaker during cold boot and resume from S3 (LP: #1866357) // Xenial update: 4.4.218 upstream stable release (LP: #1873852) - ALSA: hda/realtek: Fix pop noise on ALC225 * CVE-2020-11494 - slcan: Don't transmit uninitialized stack data in padding * add_key05 from ubuntu_ltp_syscalls failed (LP: #1869644) - KEYS: reaching the keys quotas correctly -- ian may Mon, 27 Apr 2020 15:56:22 -0500 linux-kvm (4.4.0-1070.77) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1070.77 -proposed tracker (LP: #1870652) [ Ubuntu: 4.4.0-178.208 ] * xenial/linux: 4.4.0-178.208 -proposed tracker (LP: #1870660) * CVE-2019-19768 - blktrace: Protect q->blk_trace with RCU - blktrace: fix dereference after null check * Multiple Kexec in AWS Nitro instances fail (LP: #1869948) - net: ena: Add PCI shutdown handler to allow safe kexec * Insert test_bpf module will report 4 failures for ubuntu_bpf_jit on X s390x (LP: #1768452) - test_bpf: flag tests that cannot be jited on s390 * Mounting LVM snapshots with xfs can hit kernel BUG in nvme driver (LP: #1869229) - block: fix bio_will_gap() for first bvec with offset * Xenial update: 4.4.217 upstream stable release (LP: #1868629) - NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array - r8152: check disconnect status after long sleep - net: nfc: fix bounds checking bugs on "pipe" - bnxt_en: reinitialize IRQs when MTU is modified - fib: add missing attribute validation for tun_id - nl802154: add missing attribute validation - nl802154: add missing attribute validation for dev_type - team: add missing attribute validation for port ifindex - team: add missing attribute validation for array index - nfc: add missing attribute validation for SE API - nfc: add missing attribute validation for vendor subcommand - ipvlan: add cond_resched_rcu() while processing muticast backlog - ipvlan: do not add hardware address of master to its unicast filter list - ipvlan: egress mcast packets are not exceptional - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() - ipvlan: don't deref eth hdr before checking it's set - macvlan: add cond_resched() during multicast processing - net: fec: validate the new settings in fec_enet_set_coalesce() - slip: make slhc_compress() more robust against malicious packets - bonding/alb: make sure arp header is pulled before accessing it - net: fq: add missing attribute validation for orphan mask - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint - drm/amd/display: remove duplicated assignment to grph_obj_type - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache - KVM: x86: clear stale x86_emulate_ctxt->intercept value - ARC: define __ALIGN_STR and __ALIGN symbols for ARC - efi: Fix a race and a buffer overflow while reading efivars via sysfs - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page - nl80211: add missing attribute validation for critical protocol indication - nl80211: add missing attribute validation for channel switch - netfilter: cthelper: add missing attribute validation for cthelper - iommu/vt-d: Fix the wrong printing in RHSA parsing - iommu/vt-d: Ignore devices with out-of-spec domain number - ipv6: restrict IPV6_ADDRFORM operation - efi: Add a sanity check to efivar_store_raw() - batman-adv: Fix invalid read while copying bat_iv.bcast_own - batman-adv: Only put gw_node list reference when removed - batman-adv: Only put orig_node_vlan list reference when removed - batman-adv: Avoid endless loop in bat-on-bat netdevice check - batman-adv: Fix unexpected free of bcast_own on add_if error - batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq - batman-adv: init neigh node last seen field - batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown - batman-adv: Drop reference to netdevice on last reference - batman-adv: Fix reference counting of vlan object for tt_local_entry - batman-adv: Avoid duplicate neigh_node additions - batman-adv: fix skb deref after free - batman-adv: Fix use-after-free/double-free of tt_req_node - batman-adv: Fix ICMP RR ethernet access after skb_linearize - batman-adv: Clean up untagged vlan when destroying via rtnl-link - batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag - batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag - batman-adv: Fix orig_node_vlan leak on orig_node_release - batman-adv: lock crc access in bridge loop avoidance - batman-adv: Fix non-atomic bla_claim::backbone_gw access - batman-adv: Fix reference leak in batadv_find_router - batman-adv: Free last_bonding_candidate on release of orig_node - batman-adv: Fix speedy join in gateway client mode - batman-adv: Add missing refcnt for last_candidate - batman-adv: Fix double free during fragment merge error - batman-adv: Fix transmission of final, 16th fragment - batman-adv: Fix rx packet/bytes stats on local ARP reply - batman-adv: fix TT sync flag inconsistencies - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq - batman-adv: Fix internal interface indices types - batman-adv: update data pointers after skb_cow() - batman-adv: Fix skbuff rcsum on packet reroute - batman-adv: Avoid race in TT TVLV allocator helper - batman-adv: Fix TT sync flags for intermediate TT responses - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs - batman-adv: Fix debugfs path for renamed hardif - batman-adv: Fix debugfs path for renamed softif - batman-adv: Avoid storing non-TT-sync flags on singular entries too - batman-adv: Prevent duplicated gateway_node entry - batman-adv: Prevent duplicated nc_node entry - batman-adv: Prevent duplicated global TT entry - batman-adv: Prevent duplicated tvlv handler - batman-adv: Reduce claim hash refcnt only for removed entry - batman-adv: Reduce tt_local hash refcnt only for removed entry - batman-adv: Reduce tt_global hash refcnt only for removed entry - batman-adv: Only read OGM tvlv_len after buffer len check - batman-adv: Avoid free/alloc race when handling OGM buffer - batman-adv: Don't schedule OGM for disabled interface - perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag - net: ks8851-ml: Fix IRQ handling and locking - signal: avoid double atomic counter increments for user accounting - jbd2: fix data races at struct journal_head - ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional() - ARM: 8958/1: rename missed uaccess .fixup section - mm: slub: add missing TID bump in kmem_cache_alloc_bulk() - ipv4: ensure rcu_read_lock() in cipso_v4_error() - Linux 4.4.217 * Xenial update: 4.4.216 upstream stable release (LP: #1868628) - iwlwifi: pcie: fix rb_allocator workqueue allocation - ext4: fix potential race between online resizing and write operations - ext4: fix potential race between s_flex_groups online resizing and access - ext4: fix potential race between s_group_info online resizing and access - ipmi:ssif: Handle a possible NULL pointer reference - mac80211: consider more elements in parsing CRC - cfg80211: check wiphy driver existence for drvinfo report - cifs: Fix mode output in debugging statements - cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE - sysrq: Restore original console_loglevel when sysrq disabled - sysrq: Remove duplicated sysrq message - net: fib_rules: Correctly set table field when table number exceeds 8 bits - net: phy: restore mdio regs in the iproc mdio driver - ipv6: Fix nlmsg_flags when splitting a multipath route - ipv6: Fix route replacement with dev-only route - sctp: move the format error check out of __sctp_sf_do_9_1_abort - nfc: pn544: Fix occasional HW initialization failure - net: sched: correct flower port blocking - ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() - audit: fix error handling in audit_data_to_entry() - HID: core: fix off-by-one memset in hid_report_raw_event() - HID: core: increase HID report buffer size to 8KiB - HID: hiddev: Fix race in in hiddev_disconnect() - MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()' - i2c: jz4780: silence log flood on txabrt - ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66 - net: netlink: cap max groups which will be considered in netlink_bind() - namei: only return -ECHILD from follow_dotdot_rcu() - KVM: Check for a bad hva before dropping into the ghc slow path - slip: stop double free sl->dev in slip_open - mm: make page ref count overflow check tighter and more explicit - mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages - audit: always check the netlink payload length in audit_receive_msg() - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags - usb: gadget: serial: fix Tx stall after buffer overflow - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI - drm/msm/dsi: save pll state before dsi host is powered off - net: ks8851-ml: Remove 8-bit bus accessors - net: ks8851-ml: Fix 16-bit data access - net: ks8851-ml: Fix 16-bit IO operation - watchdog: da9062: do not ping the hw during stop() - s390/cio: cio_ignore_proc_seq_next should increase position index - cifs: don't leak -EAGAIN for stat() during reconnect - usb: storage: Add quirk for Samsung Fit flash - usb: quirks: add NO_LPM quirk for Logitech Screen Share - usb: core: hub: do error out if usb_autopm_get_interface() fails - usb: core: port: do error out if usb_autopm_get_interface() fails - vgacon: Fix a UAF in vgacon_invert_region - fat: fix uninit-memory access for partial initialized inode - vt: selection, close sel_buffer race - vt: selection, push console lock down - vt: selection, push sel_lock up - dmaengine: tegra-apb: Fix use-after-free - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path - ASoC: dapm: Correct DAPM handling of active widgets during shutdown - RDMA/iwcm: Fix iwcm work deallocation - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() - ARM: imx: build v7_cpu_resume() unconditionally - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems - dm cache: fix a crash due to incorrect work item cancelling - crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async - Linux 4.4.216 * Xenial update: 4.4.215 upstream stable release (LP: #1868627) - ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs - ecryptfs: fix a memory leak bug in parse_tag_1_packet() - ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() - ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 - ubifs: Fix deadlock in concurrent bulk-read and writepage - ext4: fix checksum errors with indexed dirs - Btrfs: fix race between using extent maps and merging them - btrfs: log message when rw remount is attempted with unclean tree-log - padata: Remove broken queue flushing - s390/time: Fix clk type in get_tod_clock - hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions. - jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() - jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer - btrfs: print message when tree-log replay starts - scsi: qla2xxx: fix a potential NULL pointer dereference - Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs" - drm/gma500: Fixup fbdev stolen size usage evaluation - brcmfmac: Fix use after free in brcmf_sdio_readframes() - gianfar: Fix TX timestamping with a stacked DSA driver - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs - media: i2c: mt9v032: fix enum mbus codes and frame sizes - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() - efi/x86: Map the entire EFI vendor string before copying it - MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init() - uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() - nfs: NFS_SWAP should depend on SWAP - jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal - tracing: Fix very unlikely race of registering two stat tracers - ext4, jbd2: ensure panic when aborting with zero errno - kconfig: fix broken dependency in randconfig-generated .config - clk: qcom: rcg2: Don't crash if our parent can't be found; return an error - drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table - regulator: rk808: Lower log level on optional GPIOs being not available - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu(). - reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status - b43legacy: Fix -Wcast-function-type - ipw2x00: Fix -Wcast-function-type - iwlegacy: Fix -Wcast-function-type - rtlwifi: rtl_pci: Fix -Wcast-function-type - orinoco: avoid assertion in case of NULL pointer - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate - ARM: dts: r8a7779: Add device node for ARM global timer - x86/vdso: Provide missing include file - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs - ALSA: sh: Fix compile warning wrt const - tools lib api fs: Fix gcc9 stringop-truncation compilation error - usbip: Fix unsafe unaligned pointer usage - soc/tegra: fuse: Correct straps' address for older Tegra124 device trees - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls - Input: edt-ft5x06 - work around first register access error - wan: ixp4xx_hss: fix compile-testing on 64-bit - ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m - PCI: Don't disable bridge BARs when assigning bus resources - driver core: Print device when resources present in really_probe() - drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler - drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add - iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE - scsi: iscsi: Don't destroy session if there are outstanding connections - cmd64x: potential buffer overflow in cmd64x_program_timings() - ide: serverworks: potential overflow in svwks_set_pio_mode() - remoteproc: Initialize rproc_class before use - s390/ftrace: generate traced function stack frame - ALSA: hda - Add docking station support for Lenovo Thinkpad T420s - jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record - ARM: 8951/1: Fix Kexec compilation issue. - hostap: Adjust indentation in prism2_hostapd_add_sta - iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided - trigger_next should increase position index - radeon: insert 10ms sleep in dce5_crtc_load_lut - ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() - lib/scatterlist.c: adjust indentation in __sg_alloc_table - reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() - bcache: explicity type cast in bset_bkey_last() - irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL - microblaze: Prevent the overflow of the start - brd: check and limit max_part par - selinux: ensure we cleanup the internal AVC counters on error in avc_update() - enic: prevent waking up stopped tx queues over watchdog reset - floppy: check FDC index for errors before assigning it - staging: android: ashmem: Disallow ashmem memory from being remapped - staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi. - usb: uas: fix a plug & unplug racing - USB: Fix novation SourceControl XL after suspend - USB: hub: Don't record a connect-change event during reset-resume - staging: rtl8188eu: Fix potential security hole - staging: rtl8188eu: Fix potential overuse of kernel memory - x86/mce/amd: Fix kobject lifetime - tty: serial: imx: setup the correct sg entry for tx dma - xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms - VT_RESIZEX: get rid of field-by-field copyin - vt: vt_ioctl: fix race in VT_RESIZEX - netfilter: xt_bpf: add overflow checks - ext4: fix a data race in EXT4_I(inode)->i_disksize - ext4: add cond_resched() to __ext4_find_entry() - KVM: apic: avoid calculating pending eoi from an uninitialized val - Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents - scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout" - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" - ecryptfs: replace BUG_ON with error handling code - ALSA: rawmidi: Avoid bit fields for state flags - ALSA: seq: Avoid concurrent access to queue flags - ALSA: seq: Fix concurrent access to queue current tick/time - xen: Enable interrupts when calling _cond_resched() - Linux 4.4.215 -- Wen-chien Jesse Sung Tue, 07 Apr 2020 23:56:37 +0800 linux-kvm (4.4.0-1069.76) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1069.76 -proposed tracker (LP: #1867234) [ Ubuntu: 4.4.0-177.207 ] * xenial/linux: 4.4.0-177.207 -proposed tracker (LP: #1867243) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts * Xenial update: 4.4.214 upstream stable release (LP: #1864775) - media: iguanair: fix endpoint sanity check - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR - sparc32: fix struct ipc64_perm type definition - ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node - cls_rsvp: fix rsvp_policy - net: hsr: fix possible NULL deref in hsr_handle_frame() - net_sched: fix an OOB access in cls_tcindex - tcp: clear tp->total_retrans in tcp_disconnect() - tcp: clear tp->segs_{in|out} in tcp_disconnect() - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors - mfd: dln2: More sanity checking for endpoints - brcmfmac: Fix memory leak in brcmf_usbdev_qinit - usb: gadget: legacy: set max_speed to super-speed - usb: gadget: f_ncm: Use atomic_t to track in-flight request - usb: gadget: f_ecm: Use atomic_t to track in-flight request - ALSA: dummy: Fix PCM format loop in proc output - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() - mmc: spi: Toggle SPI polarity, do not hardcode it - PCI: keystone: Fix link training retries initiation - crypto: api - Check spawn->alg under lock in crypto_drop_spawn - scsi: qla2xxx: Fix mtcp dump collection failure - power: supply: ltc2941-battery-gauge: fix use-after-free - of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc - dm space map common: fix to ensure new block isn't already in use - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request - crypto: api - Fix race condition in crypto_spawn_alg - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill - btrfs: set trans->drity in btrfs_commit_transaction - ARM: tegra: Enable PLLP bypass during Tegra124 LP1 - mwifiex: fix unbalanced locking in mwifiex_process_country_ie() - sunrpc: expiry_time should be seconds not timeval - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type - scsi: csiostor: Adjust indentation in csio_device_reset - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free - ext2: Adjust indentation in ext2_fill_super - powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize - NFC: pn544: Adjust indentation in pn544_hci_check_presence - ppp: Adjust indentation into ppp_async_input - net: smc911x: Adjust indentation in smc911x_phy_configure - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module - mfd: da9062: Fix watchdog compatible string - mfd: rn5t618: Mark ADC control register volatile - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode - bonding/alb: properly access headers in bond_alb_xmit() - NFS: Fix memory leaks and corruption in readdir - NFS: Fix bool initialization/comparison - NFS: Directory page cache pages need to be locked when read - Btrfs: fix assertion failure on fsync with NO_HOLES enabled - btrfs: remove trivial locking wrappers of tree mod log - Btrfs: fix race between adding and putting tree mod seq elements and nodes - drm: atmel-hlcdc: enable clock before configuring timing engine - KVM: x86: drop picdev_in_range() - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks - btrfs: flush write bio if we loop in extent_write_cache_pages - KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs - KVM: nVMX: vmread should not set rflags to specify success in case of #PF - cifs: fail i/o on soft mounts if sessionsetup errors out - clocksource: Prevent double add_timer_on() for watchdog_timer - perf/core: Fix mlock accounting in perf_mmap() - ASoC: pcm: update FE/BE trigger order based on the command - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails - rtc: hym8563: Return -EINVAL if the time is known to be invalid - ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node - ARM: dts: at91: sama5d3: fix maximum peripheral clock rates - ARM: dts: at91: sama5d3: define clock rate range for tcb1 - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() - libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held - libertas: make lbs_ibss_join_existing() return error code on rates overflow - Linux 4.4.214 * 5.4.0-11 crash on cryptsetup open (LP: #1860231) // Xenial update: 4.4.214 upstream stable release (LP: #1864775) - dm: fix potential for q->make_request_fn NULL pointer * Xenial update: 4.4.213 upstream stable release (LP: #1864774) - ALSA: pcm: Add missing copy ops check before clearing buffer - orinoco_usb: fix interface sanity check - rsi_91x_usb: fix interface sanity check - USB: serial: ir-usb: add missing endpoint sanity check - USB: serial: ir-usb: fix link-speed handling - USB: serial: ir-usb: fix IrLAP framing - staging: most: net: fix buffer overflow - staging: wlan-ng: ensure error return is actually returned - staging: vt6656: correct packet types for CTS protect, mode. - staging: vt6656: use NULLFUCTION stack on mac80211 - staging: vt6656: Fix false Tx excessive retries reporting. - ath9k: fix storage endpoint lookup - brcmfmac: fix interface sanity check - rtl8xxxu: fix interface sanity check - zd1211rw: fix storage endpoint lookup - watchdog: rn5t618_wdt: fix module aliases - drivers/net/b44: Change to non-atomic bit operations on pwol_mask - net: wan: sdla: Fix cast from pointer to integer of different size - atm: eni: fix uninitialized variable warning - usb-storage: Disable UAS on JMicron SATA enclosure - net_sched: ematch: reject invalid TCF_EM_SIMPLE - crypto: af_alg - Use bh_lock_sock in sk_destruct - crypto: pcrypt - Fix user-after-free on module unload - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean' - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() - reiserfs: Fix memory leak of journal device string - media: digitv: don't continue if remote control state can't be read - media: gspca: zero usb_buf - media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 - ttyprintk: fix a potential deadlock in interrupt context issue - usb: dwc3: turn off VBUS when leaving host mode - media: si470x-i2c: Move free() past last use of 'radio' - clk: mmp2: Fix the order of timer mux parents - ixgbevf: Remove limit of 10 entries for unicast filter list - ixgbe: Fix calculation of queue with VFs and flow director on interface flap - wireless: wext: avoid gcc -O3 warning - vti[6]: fix packet tx through bpf_redirect() - scsi: fnic: do not queue commands during fwreset - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE - r8152: get default setting of WOL before initializing - qlcnic: Fix CPU soft lockup while collecting firmware dump - net/fsl: treat fsl,erratum-a011043 - net/sonic: Add mutual exclusion for accessing shared state - net/sonic: Use MMIO accessors - net/sonic: Fix receive buffer handling - net/sonic: Quiesce SONIC before re-initializing descriptor memory - seq_tab_next() should increase position index - l2t_seq_next should increase position index - net: Fix skb->csum update in inet_proto_csum_replace16(). - btrfs: fix mixed block count of available space - btrfs: do not zero f_bavail if we have available space - Linux 4.4.213 * Xenial update: 4.4.212 upstream stable release (LP: #1864773) - powerpc/archrandom: fix arch_get_random_seed_int() - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() - ALSA: hda: fix unused variable warning - ALSA: usb-audio: update quirk for B&W PX to remove microphone - staging: comedi: ni_mio_common: protect register write overflow - pcrypt: use format specifier in kobject_add - exportfs: fix 'passing zero to ERR_PTR()' warning - drm/dp_mst: Skip validating ports during destruction, just ref - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value - Input: nomadik-ske-keypad - fix a loop timeout test - clk: highbank: fix refcount leak in hb_clk_init() - clk: qoriq: fix refcount leak in clockgen_init() - clk: socfpga: fix refcount leak - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() - clk: imx6q: fix refcount leak in imx6q_clocks_init() - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() - clk: imx7d: fix refcount leak in imx7d_clocks_init() - clk: vf610: fix refcount leak in vf610_clocks_init() - clk: armada-370: fix refcount leak in a370_clk_init() - clk: kirkwood: fix refcount leak in kirkwood_clk_init() - clk: armada-xp: fix refcount leak in axp_clk_init() - IB/usnic: Fix out of bounds index check in query pkey - RDMA/ocrdma: Fix out of bounds index check in query pkey - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL - crypto: tgr192 - fix unaligned memory access - ASoC: imx-sgtl5000: put of nodes if finding codec fails - rtc: cmos: ignore bogus century byte - tty: ipwireless: Fix potential NULL pointer dereference - rtc: ds1672: fix unintended sign extension - rtc: 88pm860x: fix unintended sign extension - rtc: 88pm80x: fix unintended sign extension - rtc: pm8xxx: fix unintended sign extension - fbdev: chipsfb: remove set but not used variable 'size' - pinctrl: sh-pfc: emev2: Add missing pinmux functions - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups - block: don't use bio->bi_vcnt to figure out segment number - vfio_pci: Enable memory accesses before calling pci_map_rom - cdc-wdm: pass return value of recover_from_urb_loss - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON - drm/nouveau/pmu: don't print reply values if exec is false - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() - fs/nfs: Fix nfs_parse_devname to not modify it's argument - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable - ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA - nios2: ksyms: Add missing symbol exports - scsi: megaraid_sas: reduce module load time - xen, cpu_hotplug: Prevent an out of bounds access - net: sh_eth: fix a missing check of of_get_phy_mode - media: ivtv: update *pos correctly in ivtv_read_pos() - media: cx18: update *pos correctly in cx18_read_pos() - media: wl128x: Fix an error code in fm_download_firmware() - media: cx23885: check allocation return - jfs: fix bogus variable self-initialization - m68k: mac: Fix VIA timer counter accesses - ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset() - media: davinci-isif: avoid uninitialized variable use - spi: tegra114: clear packed bit for unpacked mode - spi: tegra114: fix for unpacked mode transfers - soc/fsl/qe: Fix an error code in qe_pin_request() - spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios - ehea: Fix a copy-paste err in ehea_init_port_res - scsi: qla2xxx: Unregister chrdev if module initialization fails - ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data" - hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses - tipc: set sysctl_tipc_rmem and named_timeout right range - powerpc: vdso: Make vdso32 installation conditional in vdso_install - media: ov2659: fix unbalanced mutex_lock/unlock - 6lowpan: Off by one handling ->nexthdr - dmaengine: axi-dmac: Don't check the number of frames for alignment - ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() - packet: in recvmsg msg_name return at least sizeof sockaddr_ll - ASoC: fix valid stream condition - IB/mlx5: Add missing XRC options to QP optional params mask - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU - media: omap_vout: potential buffer overflow in vidioc_dqbuf() - media: davinci/vpbe: array underflow in vpbe_enum_outputs() - platform/x86: alienware-wmi: printing the wrong error code - netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule - ARM: riscpc: fix lack of keyboard interrupts after irq conversion - kdb: do a sanity check on the cpu in kdb_per_cpu() - backlight: lm3630a: Return 0 on success in update_status functions - thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power - spi: spi-fsl-spi: call spi_finalize_current_message() at the end - misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa - iommu: Use right function to get group for device - signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig - inet: frags: call inet_frags_fini() after unregister_pernet_subsys() - media: vivid: fix incorrect assignment operation when setting video mode - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild - drm/msm/mdp5: Fix mdp5_cfg_init error return - net/af_iucv: always register net_device notifier - ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs - rtc: pcf8563: Clear event flags and disable interrupts before requesting irq - drm/msm/a3xx: remove TPL1 regs from snapshot - iommu/amd: Make iommu_disable safer - mfd: intel-lpss: Release IDA resources - devres: allow const resource arguments - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() - scsi: libfc: fix null pointer dereference on a null lport - libertas_tf: Use correct channel range in lbtf_geo_init - usb: host: xhci-hub: fix extra endianness conversion - mic: avoid statically declaring a 'struct device'. - x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI - ALSA: aoa: onyx: always initialize register read value - cifs: fix rmmod regression in cifs.ko caused by force_sig changes - crypto: caam - free resources in case caam_rng registration failed - ext4: set error return correctly when ext4_htree_store_dirent fails - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls - ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls - signal: Allow cifs and drbd to receive their terminating signals - dmaengine: dw: platform: Switch to acpi_dma_controller_register() - mac80211: minstrel_ht: fix per-group max throughput rate initialization - mips: avoid explicit UB in assignment of mips_io_port_base - ahci: Do not export local variable ahci_em_messages - Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" - power: supply: Init device wakeup after device_add() - x86, perf: Fix the dependency of the x86 insn decoder selftest - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA - iio: dac: ad5380: fix incorrect assignment to val - ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init - net: sonic: return NETDEV_TX_OK if failed to map buffer - Btrfs: fix hang when loading existing inode cache off disk - hwmon: (shtc1) fix shtc1 and shtw1 id mask - net: sonic: replace dev_kfree_skb in sonic_send_packet - net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names' - iommu/amd: Wait for completion of IOTLB flush in attach_device - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() - mac80211: accept deauth frames in IBSS mode - llc: fix another potential sk_buff leak in llc_ui_sendmsg() - llc: fix sk_buff refcounting in llc_conn_state_process() - net: stmmac: fix length of PTP clock's name string - drm/msm/dsi: Implement reset correctly - dmaengine: imx-sdma: fix size check for sdma script_number - net: qca_spi: Move reset_count to struct qcaspi - media: ov6650: Fix incorrect use of JPEG colorspace - media: ov6650: Fix some format attributes not under control - media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support - MIPS: Loongson: Fix return value of loongson_hwmon_init - net: neigh: use long type to store jiffies delta - packet: fix data-race in fanout_flow_is_huge() - dmaengine: ti: edma: fix missed failure handling - drm/radeon: fix bad DMA from INTERRUPT_CNTL2 - arm64: dts: juno: Fix UART frequency - m68k: Call timer_interrupt() with interrupts disabled - firestream: fix memory leaks - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM - net, ip_tunnel: fix namespaces move - net_sched: fix datalen for ematch - net: usb: lan78xx: Add .ndo_features_check - hwmon: (adt7475) Make volt2reg return same reg as reg2volt input - Input: keyspan-remote - fix control-message timeouts - ARM: 8950/1: ftrace/recordmcount: filter relocation types - mmc: sdhci: fix minimum clock rate for v3 controller - Input: sur40 - fix interface sanity checks - Input: gtco - fix endpoint sanity check - Input: aiptek - fix endpoint sanity check - hwmon: (nct7802) Fix voltage limits to wrong registers - scsi: RDMA/isert: Fix a recently introduced regression related to logout - tracing: xen: Ordered comparison of function pointers - iio: buffer: align the size of scan bytes to size of the largest element - scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func - md: Avoid namespace collision with bitmap API - bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free() - netfilter: ipset: use bitmap infrastructure completely - net/x25: fix nonblocking connect - Revert "UBUNTU: SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor" - libertas: Fix two buffer overflows at parsing bss descriptor - Linux 4.4.212 * CVE-2020-8428 - do_last(): fetch directory ->i_mode and ->i_uid before it's too late - vfs: fix do_last() regression * xfs fill_fs test in fallocate06 from ubuntu_ltp_syscalls failed (LP: #1865967) - xfs: Fix tail rounding in xfs_alloc_file_space() * ipc/sem.c : process loops infinitely in exit_sem() (LP: #1858834) - Revert "ipc, sem: remove uneeded sem_undo_list lock usage in exit_sem()" * quotactl07 from ubuntu_ltp_syscalls failed (LP: #1864092) - xfs: Sanity check flags of Q_XQUOTARM call -- Khalid Elmously Thu, 19 Mar 2020 00:15:56 -0400 linux-kvm (4.4.0-1068.75) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1068.75 -proposed tracker (LP: #1865243) [ Ubuntu: 4.4.0-176.206 ] * xenial/linux: 4.4.0-176.206 -proposed tracker (LP: #1865106) * CVE-2020-2732 - x86/vdso: Use RDPID in preference to LSL when available - KVM: x86: emulate RDPID - KVM: nVMX: Don't emulate instructions in guest mode - KVM: nVMX: Refactor IO bitmap checks into helper function - KVM: nVMX: Check IO instruction VM-exit conditions -- Khalid Elmously Sun, 01 Mar 2020 22:39:05 -0500 linux-kvm (4.4.0-1067.74) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1067.74 -proposed tracker (LP: #1863319) [ Ubuntu: 4.4.0-175.205 ] * xenial/linux: 4.4.0-175.205 -proposed tracker (LP: #1863338) * run_afpackettests in ubuntu_kernel_selftests failed with "./in_netns.sh: Permission denied" (LP: #1861973) - [Debian] autoreconstruct - add resoration of execute permissions * pty03 from pty in ubuntu_ltp failed on Eoan (LP: #1862114) - can, slip: Protect tty->disc_data in write_wakeup and close with RCU -- Khalid Elmously Wed, 19 Feb 2020 00:29:50 -0500 linux-kvm (4.4.0-1066.73) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1066.73 -proposed tracker (LP: #1861110) [ Ubuntu: 4.4.0-174.204 ] * xenial/linux: 4.4.0-174.204 -proposed tracker (LP: #1861122) * Xenial update: 4.4.211 upstream stable release (LP: #1860681) - hidraw: Return EPOLLOUT from hidraw_poll - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll - HID: hidraw, uhid: Always report EPOLLOUT - cfg80211/mac80211: make ieee80211_send_layer2_update a public function - mac80211: Do not send Layer 2 Update frame before authorization - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap - p54usb: Fix race between disconnect and firmware loading - ALSA: line6: Fix write on zero-sized buffer - ALSA: line6: Fix memory leak at line6_init_pcm() error path - xen: let alloc_xenballooned_pages() fail if not enough memory free - wimax: i2400: fix memory leak - wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle - ext4: fix use-after-free race with debug_want_extra_isize - ext4: add more paranoia checking in ext4_expand_extra_isize handling - rtc: mt6397: fix alarm register overwrite - iommu: Remove device link to group on failure - gpio: Fix error message on out-of-range GPIO in lookup table - hsr: reset network header when supervision frame is created - cifs: Adjust indentation in smb2_open_file - RDMA/srpt: Report the SCSI residual to the initiator - scsi: enclosure: Fix stale device oops with hot replug - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 - iio: imu: adis16480: assign bias value only if operation succeeded - mei: fix modalias documentation - clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume - compat_ioctl: handle SIOCOUTQNSD - tty: serial: imx: use the sg count from dma_map_sg - tty: serial: pch_uart: correct usage of dma_unmap_sg - media: exynos4-is: Fix recursive locking in isp_video_release() - spi: atmel: fix handling of cs_change set on non-last xfer - rtlwifi: Remove unnecessary NULL check in rtl_regd_init - rtc: msm6242: Fix reading of 10-hour digit - rseq/selftests: Turn off timeout setting - hexagon: work around compiler crash - ocfs2: call journal flush to mark journal as empty after journal recovery when mount - ALSA: seq: Fix racy access for queue timer in proc read - Fix built-in early-load Intel microcode alignment - block: fix an integer overflow in logical block size - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx - USB: serial: opticon: fix control-message timeouts - USB: serial: suppress driver bind attributes - USB: serial: ch341: handle unbound port at reset_resume - USB: serial: io_edgeport: add missing active-port sanity check - USB: serial: quatech2: handle unbound ports - scsi: mptfusion: Fix double fetch bug in ioctl - usb: core: hub: Improved device recognition on remote wakeup - x86/efistub: Disable paging at mixed mode entry - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() - net: stmmac: 16KB buffer must be 16 byte aligned - net: stmmac: Enable 16KB buffer size - USB: serial: io_edgeport: use irqsave() in USB's complete callback - USB: serial: io_edgeport: handle unbound ports on URB completion - USB: serial: keyspan: handle unbound ports - scsi: fnic: use kernel's '%pM' format option to print MAC - scsi: fnic: fix invalid stack access - arm64: dts: agilex/stratix10: fix pmu interrupt numbers - netfilter: fix a use-after-free in mtype_destroy() - batman-adv: Fix DAT candidate selection on little endian systems - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() - r8152: add missing endpoint sanity check - tcp: fix marked lost packets not being retransmitted - net: usb: lan78xx: limit size of local TSO packets - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk - cw1200: Fix a signedness bug in cw1200_load_firmware() - cfg80211: check for set_wiphy_params - scsi: esas2r: unlock on error in esas2r_nvram_read_direct() - scsi: qla4xxx: fix double free bug - scsi: bnx2i: fix potential use after free - scsi: target: core: Fix a pr_debug() argument - scsi: core: scsi_trace: Use get_unaligned_be*() - perf probe: Fix wrong address verification - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id - Linux 4.4.211 * Xenial update: 4.4.210 upstream stable release (LP: #1859865) - chardev: Avoid potential use-after-free in 'chrdev_open()' - usb: chipidea: host: Disable port power only if previously enabled - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 - kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined - HID: Fix slab-out-of-bounds read in hid_field_extract - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll - HID: hid-input: clear unmapped usages - Input: add safety guards to input_set_keycode() - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs - staging: vt6656: set usb_set_intfdata on driver fail. - USB: serial: option: add ZLP support for 0x1bc7/0x9010 - usb: musb: Disable pullup at init - usb: musb: dma: Correct parameter passed to IRQ handler - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 - tty: link tty and port before configuring it as console - tty: always relink the port - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf - scsi: bfa: release allocated memory in case of error - rtl8xxxu: prevent leaking urb - USB: Fix: Don't skip endpoint descriptors with maxpacket=0 - netfilter: arp_tables: init netns pointer in xt_tgchk_param struct - netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present - Linux 4.4.210 * Xenial update: 4.4.209 upstream stable release (LP: #1859640) - PM / devfreq: Don't fail devfreq_dev_release if not in list - RDMA/cma: add missed unregister_pernet_subsys in init failure - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func - scsi: qla2xxx: Don't call qlt_async_event twice - scsi: iscsi: qla4xxx: fix double free in probe - scsi: libsas: stop discovering if oob mode is disconnected - usb: gadget: fix wrong endpoint desc - md: raid1: check rdev before reference in raid1_sync_request func - s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits - s390/cpum_sf: Avoid SBD overflow condition in irq handler - xen/balloon: fix ballooned page accounting without hotplug enabled - xfs: fix mount failure crash on invalid iclog memory access - taskstats: fix data-race - ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code - MIPS: Avoid VDSO ABI breakage due to global register variable - locks: print unsigned ino in /proc/locks - dmaengine: Fix access to uninitialized dma_slave_caps - compat_ioctl: block: handle Persistent Reservations - gpiolib: fix up emulated open drain outputs - ALSA: cs4236: fix error return comparison of an unsigned integer - ftrace: Avoid potential division by zero in function profiler - Bluetooth: btusb: fix PM leak in error case of setup - Bluetooth: delete a stray unlock - tty: serial: msm_serial: Fix lockup for sysrq and oops - drm/mst: Fix MST sideband up-reply failure handling - powerpc/pseries/hvconsole: Fix stack overread via udbg - ath9k_htc: Modify byte order for an error message - ath9k_htc: Discard undersized packets - net: add annotations on hh->hh_len lockless accesses - s390/smp: fix physical to logical CPU map for SMT - locking/x86: Remove the unused atomic_inc_short() methd - pstore/ram: Write new dumps to start of recycled zones - locking/spinlock/debug: Fix various data races - netfilter: ctnetlink: netns exit must wait for callbacks - ARM: vexpress: Set-up shared OPP table instead of individual for each CPU - netfilter: uapi: Avoid undefined left-shift in xt_sctp.h - ARM: dts: am437x-gp/epos-evm: fix panel compatible - powerpc: Ensure that swiotlb buffer is allocated from low memory - bnx2x: Do not handle requests from VFs after parity - bnx2x: Fix logic to get total no. of PFs per engine - net: usb: lan78xx: Fix error message format specifier - rfkill: Fix incorrect check to avoid NULL pointer dereference - ASoC: wm8962: fix lambda value - regulator: rn5t618: fix module aliases - kconfig: don't crash on NULL expressions in expr_eq() - parisc: Fix compiler warnings in debug_core.c - llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) - net: stmmac: dwmac-sunxi: Allow all RGMII modes - net: usb: lan78xx: fix possible skb leak - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK - vlan: vlan_changelink() should propagate errors - vlan: fix memory leak in vlan_dev_set_egress_priority - vxlan: fix tos value before xmit - macvlan: do not assume mac_header is set in macvlan_broadcast() - USB: core: fix check for duplicate endpoints - USB: serial: option: add Telit ME910G1 0x110a composition - Linux 4.4.209 * overlayfs : broken access to r/w files (LP: #1851243) - SAUCE: Revert "ovl: modify ovl_permission() to do checks on two inodes" * net selftest psock_fanout fails on xenial s390x due to incorrect queue lengths (LP: #1853375) - selftests/net: cleanup unused parameter in psock_fanout - selftests/net: ignore background traffic in psock_fanout * multi-zone raid0 corruption (LP: #1850540) - md/raid0: avoid RAID0 data corruption due to layout confusion. - md: add feature flag MD_FEATURE_RAID0_LAYOUT - md/raid0: fix warning message for parameter default_layout - md/raid0: Fix an error message in raid0_make_request() - SAUCE: md/raid0: Link to wiki with guidance on multi-zone RAID0 layout migration - SAUCE: md/raid0: Use kernel specific layout * CVE-2019-20096 - dccp: Fix memleak in __feat_register_sp [ Ubuntu: 4.4.0-173.203 ] * xenial/linux: 4.4.0-173.203 -proposed tracker (LP: #1859718) * CVE-2019-14615 - drm/i915/gen9: Clear residual context state on context switch -- Stefan Bader Wed, 29 Jan 2020 16:50:32 +0100 linux-kvm (4.4.0-1065.72) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1065.72 -proposed tracker (LP: #1858584) [ Ubuntu: 4.4.0-172.202 ] * xenial/linux: 4.4.0-172.202 -proposed tracker (LP: #1858594) * tools/perf fails to build after Xenial update to 4.4.208 upstream stable release (LP: #1858798) - Revert "perf report: Add warning when libunwind not compiled in" * CVE-2019-18885 - btrfs: refactor btrfs_find_device() take fs_devices as argument - btrfs: merge btrfs_find_device and find_device * Integrate Intel SGX driver into linux-azure (LP: #1844245) - [Packaging] Add systemd service to load intel_sgx * Xenial update: 4.4.208 upstream stable release (LP: #1858462) - btrfs: do not leak reloc root if we fail to read the fs root - btrfs: handle ENOENT in btrfs_uuid_tree_iterate - ALSA: hda/ca0132 - Keep power on during processing DSP response - ALSA: hda/ca0132 - Avoid endless loop - drm: mst: Fix query_payload ack reply struct - iio: light: bh1750: Resolve compiler warning and make code more readable - spi: Add call to spi_slave_abort() function when spidev driver is released - staging: rtl8188eu: fix possible null dereference - rtlwifi: prevent memory leak in rtl_usb_probe - IB/iser: bound protection_sg size by data_sg size - media: am437x-vpfe: Setting STD to current value is not an error - media: i2c: ov2659: fix s_stream return value - media: i2c: ov2659: Fix missing 720p register config - media: ov6650: Fix stored frame format not in sync with hardware - tools/power/cpupower: Fix initializer override in hsw_ext_cstates - usb: renesas_usbhs: add suspend event support in gadget mode - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() - samples: pktgen: fix proc_cmd command result check logic - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number - media: ti-vpe: vpe: Make sure YUYV is set as default format - extcon: sm5502: Reset registers during initialization - x86/mm: Use the correct function type for native_set_fixmap() - perf report: Add warning when libunwind not compiled in - iio: adc: max1027: Reset the device at probe time - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL - drm/gma500: fix memory disclosures due to uninitialized bytes - x86/ioapic: Prevent inconsistent state when moving an interrupt - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() - libata: Ensure ata_port probe has completed before detach - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B - bnx2x: Fix PF-VF communication over multi-cos queues. - spi: img-spfi: fix potential double release - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() - perf probe: Fix to find range-only function instance - perf probe: Fix to list probe event with correct line number - perf probe: Walk function lines in lexical blocks - perf probe: Fix to probe an inline function which has no entry pc - perf probe: Fix to show ranges of variables in functions without entry_pc - perf probe: Fix to show inlined function callsite without entry_pc - perf probe: Skip overlapped location on searching variables - perf probe: Return a better scope DIE if there is no best scope - perf probe: Fix to show calling lines of inlined functions - perf probe: Skip end-of-sequence and non statement lines - perf probe: Filter out instances except for inlined subroutine and subprogram - ath10k: fix get invalid tx rate for Mesh metric - media: pvrusb2: Fix oops on tear-down when radio support is not present - media: si470x-i2c: add missed operations in remove - EDAC/ghes: Fix grain calculation - spi: pxa2xx: Add missed security checks - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile - parport: load lowlevel driver if ports not found - cpufreq: Register drivers only after CPU devices have been registered - x86/crash: Add a forward declaration of struct kimage - spi: tegra20-slink: add missed clk_unprepare - btrfs: don't prematurely free work in end_workqueue_fn() - iwlwifi: check kasprintf() return value - fbtft: Make sure string is NULL terminated - crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c - crypto: vmx - Avoid weird build failures - libtraceevent: Fix memory leakage in copy_filter_type - net: phy: initialise phydev speed and duplex sanely - Revert "mmc: sdhci: Fix incorrect switch to HS mode" - usb: xhci: Fix build warning seen with CONFIG_PM=n - btrfs: do not call synchronize_srcu() in inode_tree_del - btrfs: return error pointer from alloc_test_extent_buffer - btrfs: abort transaction after failed inode updates in create_subvol - Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues - ALSA: pcm: Avoid possible info leaks from PCM stream buffers - af_packet: set defaule value for tmo - fjes: fix missed check in fjes_acpi_add - mod_devicetable: fix PHY module format - net: hisilicon: Fix a BUG trigered by wrong bytes_compl - net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() - net: qlogic: Fix error paths in ql_alloc_large_buffers() - net: usb: lan78xx: Fix suspend/resume PHY register access error - sctp: fully initialize v4 addr in some functions - net: dst: Force 4-byte alignment of dst_metrics - usbip: Fix error path of vhci_recv_ret_submit() - USB: EHCI: Do not return -EPIPE when hub is disconnected - platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value - ext4: check for directory entries too close to block end - powerpc/irq: fix stack overflow verification - mmc: sdhci-of-esdhc: fix P2020 errata handling - perf probe: Fix to show function entry line as probe-able - scsi: mpt3sas: Fix clear pending bit in ioctl status - scsi: lpfc: Fix locking on mailbox command completion - Input: atmel_mxt_ts - disable IRQ across suspend - iommu/tegra-smmu: Fix page tables in > 4 GiB memory - scsi: target: compare full CHAP_A Algorithm strings - scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices - scsi: csiostor: Don't enable IRQs too early - powerpc/pseries: Mark accumulate_stolen_time() as notrace - dma-debug: add a schedule point in debug_dma_dump_mappings() - clocksource/drivers/asm9260: Add a check for of_clk_get - powerpc/security/book3s64: Report L1TF status in sysfs - jbd2: Fix statistics for the number of logged blocks - scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) - scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow - clk: qcom: Allow constant ratio freq tables for rcg - irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary - irqchip: ingenic: Error out if IRQ domain creation failed - fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences - scsi: ufs: fix potential bug which ends in system hang - powerpc/pseries/cmm: Implement release() function for sysfs device - powerpc/security: Fix wrong message when RFI Flush is disable - clk: pxa: fix one of the pxa RTC clocks - bcache: at least try to shrink 1 node in bch_mca_scan() - HID: Improve Windows Precision Touchpad detection. - ext4: work around deleting a file with i_nlink == 0 safely - scsi: pm80xx: Fix for SATA device discovery - scsi: target: iscsi: Wait for all commands to finish before freeing a session - gpio: mpc8xxx: Don't overwrite default irq_set_type callback - scripts/kallsyms: fix definitely-lost memory leak - cdrom: respect device capabilities during opening action - perf regs: Make perf_reg_name() return "unknown" instead of NULL - libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h - s390/cpum_sf: Check for SDBT and SDB consistency - ocfs2: fix passing zero to 'PTR_ERR' warning - kernel: sysctl: make drop_caches write-only - ALSA: hda - Downgrade error message for single-cmd fallback - Make filldir[64]() verify the directory entry filename is valid - filldir[64]: remove WARN_ON_ONCE() for bad directory entries - net: davinci_cpdma: use dma_addr_t for DMA address - netfilter: ebtables: compat: reject all padding in matches/watchers - 6pack,mkiss: fix possible deadlock - netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() - net: icmp: fix data-race in cmp_global_allow() - hrtimer: Annotate lockless access to timer->state - mmc: sdhci: Update the tuning failed messages to pr_debug level - tcp: do not send empty skb from tcp_write_xmit() - Linux 4.4.208 * Xenial update: 4.4.207 upstream stable release (LP: #1858489) - x86/apic/32: Avoid bogus LDR warnings - usb: gadget: u_serial: add missing port entry locking - tty: serial: msm_serial: Fix flow control - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect - serial: serial_core: Perform NULL checks for break_ctl ops - serial: ifx6x60: add missed pm_runtime_disable - autofs: fix a leak in autofs_expire_indirect() - NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error - Input: cyttsp4_core - fix use after free bug - ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() - rsxx: add missed destroy_workqueue calls in remove - net: ep93xx_eth: fix mismatch of request_mem_region in remove - serial: core: Allow processing sysrq at port unlock time - iwlwifi: mvm: Send non offchannel traffic via AP sta - ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ - extcon: max8997: Fix lack of path setting in USB device mode - clk: rockchip: fix rk3188 sclk_smc gate data - clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering - dlm: fix missing idr_destroy for recover_idr - MIPS: SiByte: Enable ZONE_DMA32 for LittleSur - scsi: zfcp: drop default switch case which might paper over missing case - pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues - Staging: iio: adt7316: Fix i2c data reading, set the data field - regulator: Fix return value of _set_load() stub - MIPS: OCTEON: octeon-platform: fix typing - math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning - rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' - rtc: dt-binding: abx80x: fix resistance scale - ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module - dmaengine: coh901318: Fix a double-lock bug - dmaengine: coh901318: Remove unused variable - ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() - dma-mapping: fix return type of dma_set_max_seg_size() - altera-stapl: check for a null key before strcasecmp'ing it - serial: imx: fix error handling in console_setup - i2c: imx: don't print error message on probe defer - dlm: NULL check before kmem_cache_destroy is not needed - nfsd: fix a warning in __cld_pipe_upcall() - ARM: OMAP1/2: fix SoC name printing - net/x25: fix called/calling length calculation in x25_parse_address_block - net/x25: fix null_x25_address handling - ARM: dts: mmp2: fix the gpio interrupt cell number - tcp: fix off-by-one bug on aborting window-probing socket - modpost: skip ELF local symbols during section mismatch check - kbuild: fix single target build for external module - ARM: dts: pxa: clean up USB controller nodes - dlm: fix invalid cluster name warning - powerpc/math-emu: Update macros from GCC - MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition - nfsd: Return EPERM, not EACCES, in some SETATTR cases - mlx4: Use snprintf instead of complicated strcpy - ARM: dts: sunxi: Fix PMU compatible strings - sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision - fuse: verify nlink - fuse: verify attributes - ALSA: pcm: oss: Avoid potential buffer overflows - Input: goodix - add upside-down quirk for Teclast X89 tablet - CIFS: Fix SMB2 oplock break processing - tty: vt: keyboard: reject invalid keycodes - can: slcan: Fix use-after-free Read in slcan_open - jbd2: Fix possible overflow in jbd2_log_space_left() - drm/i810: Prevent underflow in ioctl - KVM: x86: do not modify masked bits of shared MSRs - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES - crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr - spi: atmel: Fix CS high support - RDMA/qib: Validate ->show()/store() callbacks before calling them - thermal: Fix deadlock in thermal thermal_zone_device_check - Revert "KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)" - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) - appletalk: Fix potential NULL pointer dereference in unregister_snap_client - appletalk: Set error code if register_snap_client failed - ALSA: hda - Fix pending unsol events at shutdown - sched/core: Allow putting thread_info into task_struct - sched/core: Add try_get_task_stack() and put_task_stack() - sched/core, x86: Make struct thread_info arch specific again - fs/proc: Stop reporting eip and esp in /proc/PID/stat - fs/proc: Report eip/esp in /prod/PID/stat for coredumping - proc: fix coredump vs read /proc/*/stat race - fs/proc/array.c: allow reporting eip/esp for all coredumping threads - usb: gadget: configfs: Fix missing spin_lock_init() - usb: Allow USB device to be warm reset in suspended state - staging: rtl8188eu: fix interface sanity check - staging: rtl8712: fix interface sanity check - staging: gigaset: fix general protection fault on probe - staging: gigaset: fix illegal free on probe errors - staging: gigaset: add endpoint-type sanity check - xhci: Increase STS_HALT timeout in xhci_suspend() - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting - USB: atm: ueagle-atm: add missing endpoint check - USB: idmouse: fix interface sanity checks - USB: serial: io_edgeport: fix epic endpoint lookup - USB: adutux: fix interface sanity check - usb: core: urb: fix URB structure initialization function - usb: mon: Fix a deadlock in usbmon between mmap and read - mtd: spear_smi: Fix Write Burst mode - virtio-balloon: fix managed page counts when migrating pages between zones - btrfs: check page->mapping when loading free space cache - btrfs: Remove btrfs_bio::flags member - rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address - rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer - rtlwifi: rtl8192de: Fix missing enable interrupt flag - lib: raid6: fix awk build warnings - workqueue: Fix spurious sanity check failures in destroy_workqueue() - workqueue: Fix pwq ref leak in rescuer_thread() - ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report - blk-mq: avoid sysfs buffer overflow with too many CPU cores - cgroup: pids: use atomic64_t for pids->limit - ar5523: check NULL before memcpy() in ar5523_cmd() - media: bdisp: fix memleak on release - media: radio: wl1273: fix interrupt masking on release - cpuidle: Do not unset the driver if it is there already - ACPI: OSL: only free map once in osl.c - ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() - ACPI: PM: Avoid attaching ACPI PM domain to certain devices - pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init - pinctrl: samsung: Fix device node refcount leaks in init code - powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB - video/hdmi: Fix AVI bar unpack - quota: Check that quota is not dirty before release - quota: fix livelock in dquot_writeback_dquots - scsi: zfcp: trace channel log even for FCP command responses - usb: xhci: only set D3hot for pci device - xhci: Fix memory leak in xhci_add_in_port() - xhci: make sure interrupts are restored to correct state - iio: adis16480: Add debugfs_reg_access entry - Btrfs: fix negative subv_writers counter and data space leak after buffered write - scsi: lpfc: Cap NPIV vports to 256 - e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait - x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models - ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity - pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init - scsi: qla2xxx: Fix DMA unmap leak - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value - powerpc: Fix vDSO clock_getres() - mm/shmem.c: cast the type of unmap_start to u64 - blk-mq: make sure that line break can be printed - workqueue: Fix missing kfree(rescuer) in destroy_workqueue() - sunrpc: fix crash when cache_head become valid before update - kernel/module.c: wakeup processes in module_wq on module unload - net: bridge: deny dev_set_mac_address() when unregistering - tcp: md5: fix potential overestimation of TCP option space - tipc: fix ordering of tipc module init and exit routine - inet: protect against too small mtu values. - tcp: fix rejected syncookies due to stale timestamps - tcp: tighten acceptance of ACKs not matching a child socket - tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE() - net: ethernet: ti: cpsw: fix extra rx interrupt - PCI: Fix Intel ACS quirk UPDCR register address - PCI/MSI: Fix incorrect MSI-X masking on resume - xtensa: fix TLB sanity checker - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect - ARM: dts: s3c64xx: Fix init order of clock providers - ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume() - vfio/pci: call irq_bypass_unregister_producer() before freeing irq - dm btree: increase rebalance threshold in __rebalance2() - drm/radeon: fix r1xx/r2xx register checker for POT textures - xhci: fix USB3 device initiated resume race with roothub autosuspend - net: stmmac: use correct DMA buffer size in the RX descriptor - net: stmmac: don't stop NAPI processing when dropping a packet - Linux 4.4.207 * efivarfs test in ubuntu_kernel_selftest failed on the second run (LP: #1809704) - selftests: efivarfs: return Kselftest Skip code for skipped tests - selftests/efivarfs: clean up test files from test_create*() * cifs: kernel NULL pointer dereference, address: 0000000000000038 (LP: #1856949) - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks * CVE-2019-19332 - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) * CVE-2019-19062 - crypto: user - fix memory leak in crypto_report * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063) - [Packaging] bind hv_kvp_daemon startup to hv_kvp device * False positive test result in run_afpackettests from net in ubuntu_kernel_selftest (LP: #1825778) - selftests/net: correct the return value for run_afpackettests * Xenial update: 4.4.206 upstream stable release (LP: #1855313) - ASoC: compress: fix unsigned integer overflow check - ASoC: kirkwood: fix external clock probe defer - clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume - reset: fix reset_control_ops kerneldoc comment - can: peak_usb: report bus recovery as well - can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open - scripts/gdb: fix debugging modules compiled with hot/cold partitioning - block: drbd: remove a stray unlock in __drbd_send_protocol() - scsi: lpfc: Fix dif and first burst use in write commands - ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed - ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication - parisc: Fix serio address output - parisc: Fix HP SDC hpa address output - arm64: smp: Handle errors reported by the firmware - PM / AVS: SmartReflex: NULL check before some freeing functions is not needed - ARM: ks8695: fix section mismatch warning - ACPI / LPSS: Ignore acpi_device_fix_up_power() return value - crypto: user - support incremental algorithm dumps - mwifiex: fix potential NULL dereference and use after free - mwifiex: debugfs: correct histogram spacing, formatting - rtl818x: fix potential use after free - xfs: require both realtime inodes to mount - ubi: Put MTD device after it is not used - ubi: Do not drop UBI device reference before using - microblaze: adjust the help to the real behavior - microblaze: move "... is ready" messages to arch/microblaze/Makefile - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB - VSOCK: bind to random port for VMADDR_PORT_ANY - btrfs: only track ref_heads in delayed_ref_updates - xen/pciback: Check dev_data before using it - KVM: s390: unregister debug feature on failing arch init - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 - HID: doc: fix wrong data structure reference for UHID_OUTPUT - gfs2: take jdata unstuff into account in do_grow - xfs: Align compat attrlist_by_handle with native implementation. - IB/qib: Fix an error code in qib_sdma_verbs_send() - powerpc/book3s/32: fix number of bats in p/v_block_mapped() - powerpc/xmon: fix dump_segments() - drivers/regulator: fix a missing check of return value - serial: max310x: Fix tx_empty() callback - openrisc: Fix broken paths to arch/or32 - RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer - scsi: qla2xxx: deadlock by configfs_depend_item - scsi: csiostor: fix incorrect dma device in case of vport - ath6kl: Only use match sets when firmware supports it - ath6kl: Fix off by one error in scan completion - powerpc/prom: fix early DEBUG messages - powerpc/mm: Make NULL pointer deferences explicit on bad page faults. - powerpc/44x/bamboo: Fix PCI range - drbd: reject attach of unsuitable uuids even if connected - drbd: fix print_st_err()'s prototype to match the definition - regulator: tps65910: fix a missing check of return value - net/net_namespace: Check the return value of register_pernet_subsys() - um: Make GCOV depend on !KCOV - net: stmicro: fix a missing check of clk_prepare - atl1e: checking the status of atl1e_write_phy_reg - tipc: fix a missing check of genlmsg_put - ocfs2: clear journal dirty flag after shutdown journal - lib/genalloc.c: use vzalloc_node() to allocate the bitmap - lib/genalloc.c: include vmalloc.h - mtd: Check add_mtd_device() ret code - tipc: fix memory leak in tipc_nl_compat_publ_dump - net/core/neighbour: tell kmemleak about hash tables - net/core/neighbour: fix kmemleak minimal reference count for hash tables - sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe - decnet: fix DN_IFREQ_SIZE - tipc: fix skb may be leaky in tipc_link_input - sfc: initialise found bitmap in efx_ef10_mtd_probe - net: fix possible overflow in __sk_mem_raise_allocated() - net: dev: Use unsigned integer as an argument to left-shift - scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery - ACPI / APEI: Switch estatus pool to use vmalloc memory - scsi: libsas: Check SMP PHY control function result - mtd: Remove a debug trace in mtdpart.c - staging: rtl8192e: fix potential use after free - USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P - mei: bus: prefix device names on bus with the bus name - media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE - net: macb: fix error format in dev_err() - pwm: Clear chip_data in pwm_put() - macvlan: schedule bc_work even if error - openvswitch: fix flow command message size - slip: Fix use-after-free Read in slip_open - openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() - openvswitch: remove another BUG_ON() - tipc: fix link name length check - net: sched: fix `tc -s class show` no bstats on class with nolock subqueues - HID: core: check whether Usage Page item is after Usage ID items - hwrng: stm32 - fix unbalanced pm_runtime_enable - platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer - Linux 4.4.206 - [Config] updateconfigs for 4.4.206 * Xenial update: 4.4.205 upstream stable release (LP: #1854857) - Revert "sock: Reset dst when changing sk_mark via setsockopt" - Linux 4.4.205 * Xenial update: 4.4.204 upstream stable release (LP: #1854855) - net/mlx4_en: fix mlx4 ethtool -N insertion - sfc: Only cancel the PPS workqueue if it exists - net/sched: act_pedit: fix WARN() in the traffic path - net: rtnetlink: prevent underflows in do_setvfinfo() - Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" - mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() - asus-wmi: Create quirk for airplane_mode LED - asus-wmi: Add quirk_no_rfkill_wapf4 for the Asus X456UF - asus-wmi: Add quirk_no_rfkill for the Asus N552VW - asus-wmi: Add quirk_no_rfkill for the Asus U303LB - asus-wmi: Add quirk_no_rfkill for the Asus Z550MA - platform/x86: asus-wmi: Filter buggy scan codes on ASUS Q500A - platform/x86: asus-wmi: fix asus ux303ub brightness issue - platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB - asus-wmi: provide access to ALS control - platform/x86: asus-wmi: try to set als by default - platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ - platform/x86: asus-wmi: add SERIO_I8042 dependency - mwifiex: Fix NL80211_TX_POWER_LIMITED - ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback - printk: fix integer overflow in setup_log_buf() - gfs2: Fix marking bitmaps non-full - synclink_gt(): fix compat_ioctl() - powerpc: Fix signedness bug in update_flash_db() - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field - brcmsmac: AP mode: update beacon when TIM changes - spi: sh-msiof: fix deferred probing - mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail - btrfs: handle error of get_old_root - gsmi: Fix bug in append_to_eventlog sysfs handler - misc: mic: fix a DMA pool free failure - amiflop: clean up on errors during setup - scsi: ips: fix missing break in switch - KVM/x86: Fix invvpid and invept register operand size in 64-bit mode - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler - scsi: isci: Change sci_controller_start_task's return type to sci_status - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param - clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk - scsi: dc395x: fix dma API usage in srb_done - scsi: dc395x: fix DMA API usage in sg_update_list - net: fix warning in af_unix - kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack - ALSA: i2c/cs8427: Fix int to char conversion - macintosh/windfarm_smu_sat: Fix debug output - USB: misc: appledisplay: fix backlight update_status return code - SUNRPC: Fix a compile warning for cmpxchg64() - atm: zatm: Fix empty body Clang warnings - s390/perf: Return error when debug_register fails - spi: omap2-mcspi: Set FIFO DMA trigger level to word length - sparc: Fix parport build warnings. - ceph: fix dentry leak in ceph_readdir_prepopulate - rtc: s35390a: Change buf's type to u8 in s35390a_init - mISDN: Fix type of switch control variable in ctrl_teimanager - qlcnic: fix a return in qlcnic_dcb_get_capability() - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values - mfd: max8997: Enale irq-wakeup unconditionally - selftests/ftrace: Fix to test kprobe $comm arg only if available - thermal: rcar_thermal: Prevent hardware access during system suspend - sparc64: Rework xchg() definition to avoid warnings. - fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() - mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock - um: Make line/tty semantics use true write IRQ - linux/bitmap.h: handle constant zero-size bitmaps correctly - linux/bitmap.h: fix type of nbits in bitmap_shift_right() - hfsplus: fix BUG on bnode parent update - hfs: fix BUG on bnode parent update - hfsplus: prevent btree data loss on ENOSPC - hfs: prevent btree data loss on ENOSPC - hfsplus: fix return value of hfsplus_get_block() - hfs: fix return value of hfs_get_block() - fs/hfs/extent.c: fix array out of bounds read of array extent - igb: shorten maximum PHC timecounter update interval - ntb_netdev: fix sleep time mismatch - ntb: intel: fix return value for ndev_vec_mask() - ocfs2: don't put and assigning null to bh allocated outside - ocfs2: fix clusters leak in ocfs2_defrag_extent() - net: do not abort bulk send on BQL status - sched/fair: Don't increase sd->balance_interval on newidle balance - audit: print empty EXECVE args - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' - rtl8xxxu: Fix missing break in switch - brcmsmac: never log "tid x is not agg'able" by default - wireless: airo: potential buffer overflow in sprintf() - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information - scsi: mpt3sas: Fix Sync cache command failure during driver unload - scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11 - scsi: megaraid_sas: Fix msleep granularity - scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces - dlm: fix invalid free - dlm: don't leak kernel pointer to userspace - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down - sock: Reset dst when changing sk_mark via setsockopt - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues - pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD - PCI: keystone: Use quirk to limit MRRS for K2G - spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch - IB/hfi1: Ensure full Gen3 speed in a Gen4 system - Bluetooth: Fix invalid-free in bcsp_close() - ath9k_hw: fix uninitialized variable data - dm: use blk_set_queue_dying() in __dm_destroy() - arm64: fix for bad_mode() handler to always result in panic - cpufreq: Skip cpufreq resume if it's not suspended - ocfs2: remove ocfs2_is_o2cb_active() - mmc: block: Fix tag condition with packed writes - ARC: perf: Accommodate big-endian CPU - x86/insn: Fix awk regexp warnings - x86/speculation: Fix incorrect MDS/TAA mitigation status - x86/speculation: Fix redundant MDS mitigation message - media: vivid: Set vid_cap_streaming and vid_out_streaming to true - media: vivid: Fix wrong locking that causes race conditions on streaming stop - cpufreq: Add NULL checks to show() and store() methods of cpufreq - media: b2c2-flexcop-usb: add sanity checking - media: cxusb: detect cxusb_ctrl_msg error in query - media: imon: invalid dereference in imon_touch_event - virtio_console: reset on out of memory - virtio_console: don't tie bufs to a vq - virtio_console: allocate inbufs in add_port() only if it is needed - virtio_console: fix uninitialized variable use - virtio_console: drop custom control queue cleanup - virtio_console: move removal code - usb-serial: cp201x: support Mark-10 digital force gauge - appledisplay: fix error handling in the scheduled work - USB: serial: mos7840: add USB ID to support Moxa UPort 2210 - USB: serial: mos7720: fix remote wakeup - USB: serial: mos7840: fix remote wakeup - USB: serial: option: add support for DW5821e with eSIM support - USB: serial: option: add support for Foxconn T77W968 LTE modules - staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error - Linux 4.4.204 -- Khalid Elmously Fri, 10 Jan 2020 01:33:33 -0500 linux-kvm (4.4.0-1064.71) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1064.71 -proposed tracker (LP: #1854826) * backport DIMLIB (lib/dim/) to pre-5.2 kernels (LP: #1852637) - kvm: [CONFIG] updateconfigs for DIMLIB [ Ubuntu: 4.4.0-171.200 ] * xenial/linux: 4.4.0-171.200 -proposed tracker (LP: #1854835) * CVE-2019-14901 - SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() * CVE-2019-14896 // CVE-2019-14897 - SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor * CVE-2019-14895 - SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie() * CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660 - powerpc/64s: support nospectre_v2 cmdline option - powerpc/book3s64: Fix link stack flush on context switch - KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel * cloudimg: no iavf/i40evf module so no network available with SR-IOV enabled cloud (LP: #1848481) - [Packaging]: include i40evf in generic * update ENA driver for DIMLIB dynamic interrupt moderation (LP: #1853180) - net: ena: fix bug that might cause hang after consecutive open/close interface. - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it - net: ena: switch to dim algorithm for rx adaptive interrupt moderation - net: ena: reimplement set/get_coalesce() - net: ena: enable the interrupt_moderation in driver_supported_features - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() - net: ena: remove old adaptive interrupt moderation code from ena_netdev - net: ena: remove ena_restore_ethtool_params() and relevant fields - net: ena: remove all old adaptive rx interrupt moderation code from ena_com - net: ena: fix update of interrupt moderation register - net: ena: fix retrieval of nonadaptive interrupt moderation intervals - net: ena: fix incorrect update of intr_delay_resolution - net: ena: Select DIMLIB for ENA_ETHERNET - SAUCE: net: ena: fix issues in setting interrupt moderation params in ethtool - SAUCE: net: ena: fix too long default tx interrupt moderation interval * backport DIMLIB (lib/dim/) to pre-5.2 kernels (LP: #1852637) - include/linux/bitops.h: introduce BITS_PER_TYPE - linux/kernel.h: move DIV_ROUND_DOWN_ULL() macro - [Config] enable DIMLIB - linux/dim: import DIMLIB (lib/dim/) - SAUCE: linux/dim: avoid library object filename clash * Enable framebuffer fonts auto selection for HighDPI screen (LP: #1851623) - fonts: Fix coding style - fonts: Prefer a bigger font for high resolution screens * Xenial update: 4.4.203 upstream stable release (LP: #1853881) - slip: Fix memory leak in slip_open error path - ax88172a: fix information leak on short answers - ALSA: usb-audio: Fix missing error check at mixer resolution test - ALSA: usb-audio: not submit urb for stopped endpoint - Input: ff-memless - kill timer in destroy() - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() - mmc: sdhci-of-at91: fix quirk2 overwrite - iio: dac: mcp4922: fix error handling in mcp4922_write_raw - ALSA: pcm: signedness bug in snd_pcm_plug_alloc() - ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 - ALSA: seq: Do error checks at creating system ports - gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated - ASoC: dpcm: Properly initialise hw->rate_max - MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 - ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook - i40e: use correct length for strncpy - i40e: hold the rtnl lock on clearing interrupt scheme - i40e: Prevent deleting MAC address from VF when set by PF - ARM: dts: pxa: fix power i2c base address - rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument - net: lan78xx: Bail out if lan78xx_get_endpoints fails - ASoC: sgtl5000: avoid division by zero if lo_vag is zero - ath10k: wmi: disable softirq's while calling ieee80211_rx - mips: txx9: fix iounmap related issue - of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC - ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files - ARM: dts: omap3-gta04: tvout: enable as display1 alias - ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot - ARM: dts: omap3-gta04: keep vpll2 always on - dmaengine: dma-jz4780: Further residue status fix - signal: Always ignore SIGKILL and SIGSTOP sent to the global init - signal: Properly deliver SIGILL from uprobes - signal: Properly deliver SIGSEGV from x86 uprobes - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() - ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set - scsi: pm80xx: Corrected dma_unmap_sg() parameter - scsi: pm80xx: Fixed system hang issue during kexec boot - kprobes: Don't call BUG_ON() if there is a kprobe in use on free list - nvmem: core: return error code instead of NULL from nvmem_device_get - media: fix: media: pci: meye: validate offset to avoid arbitrary access - ALSA: intel8x0m: Register irq handler after register initializations - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() - llc: avoid blocking in llc_sap_close() - powerpc/vdso: Correct call frame information - ARM: dts: socfpga: Fix I2C bus unit-address error - pinctrl: at91: don't use the same irqchip with multiple gpiochips - cxgb4: Fix endianness issue in t4_fwcache() - power: supply: ab8500_fg: silence uninitialized variable warnings - power: supply: max8998-charger: Fix platform data retrieval - kernfs: Fix range checks in kernfs_get_target_path - s390/qeth: invoke softirqs after napi_schedule() - PCI/ACPI: Correct error message for ASPM disabling - serial: mxs-auart: Fix potential infinite loop - powerpc/iommu: Avoid derefence before pointer check - powerpc/64s/hash: Fix stab_rr off by one initialization - powerpc/pseries: Disable CPU hotplug across migrations - libfdt: Ensure INT_MAX is defined in libfdt_env.h - power: supply: twl4030_charger: fix charging current out-of-bounds - power: supply: twl4030_charger: disable eoc interrupt on linear charge - net: toshiba: fix return type of ndo_start_xmit function - net: xilinx: fix return type of ndo_start_xmit function - net: broadcom: fix return type of ndo_start_xmit function - net: amd: fix return type of ndo_start_xmit function - usb: chipidea: Fix otg event handler - ARM: dts: am335x-evm: fix number of cpsw - ARM: dts: ux500: Correct SCU unit address - ARM: dts: ux500: Fix LCDA clock line muxing - ARM: dts: ste: Fix SPI controller node names - cpufeature: avoid warning when compiling with clang - bnx2x: Ignore bandwidth attention in single function mode - net: micrel: fix return type of ndo_start_xmit function - x86/CPU: Use correct macros for Cyrix calls - MIPS: kexec: Relax memory restriction - media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() - media: davinci: Fix implicit enum conversion warning - usb: gadget: uvc: configfs: Drop leaked references to config items - usb: gadget: uvc: configfs: Prevent format changes after linking header - usb: gadget: uvc: Factor out video USB request queueing - usb: gadget: uvc: Only halt video streaming endpoint in bulk mode - misc: kgdbts: Fix restrict error - misc: genwqe: should return proper error value. - vfio/pci: Fix potential memory leak in vfio_msi_cap_len - scsi: libsas: always unregister the old device if going to discover new - ARM: dts: tegra30: fix xcvr-setup-use-fuses - ARM: tegra: apalis_t30: fix mmc1 cmd pull-up - net: smsc: fix return type of ndo_start_xmit function - EDAC: Raise the maximum number of memory controllers - Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS - arm64: dts: amd: Fix SPI bus warnings - fuse: use READ_ONCE on congestion_threshold and max_background - Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data - Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() - memfd: Use radix_tree_deref_slot_protected to avoid the warning. - slcan: Fix memory leak in error path - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() - x86/atomic: Fix smp_mb__{before,after}_atomic() - kprobes/x86: Prohibit probing on exception masking instructions - uprobes/x86: Prohibit probing on MOV SS instruction - [Config] Remove unused SH-Mobile HDMI driver - fbdev: Remove unused SH-Mobile HDMI driver - fbdev: Ditch fb_edid_add_monspecs - block: introduce blk_rq_is_passthrough - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests - net: ovs: fix return type of ndo_start_xmit function - f2fs: return correct errno in f2fs_gc - SUNRPC: Fix priority queue fairness - ath10k: fix vdev-start timeout on error - ath9k: fix reporting calculated new FFT upper max - usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() - nl80211: Fix a GET_KEY reply attribute - dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg - mei: samples: fix a signedness bug in amt_host_if_call() - cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update - cxgb4: Use proper enum in IEEE_FAUX_SYNC - powerpc/pseries: Fix DTL buffer registration - powerpc/pseries: Fix how we iterate over the DTL entries - mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer - ixgbe: Fix crash with VFs and flow director on interface flap - IB/mthca: Fix error return code in __mthca_init_one() - ata: ep93xx: Use proper enums for directions - ALSA: hda/sigmatel - Disable automute for Elo VuPoint - KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR - USB: serial: cypress_m8: fix interrupt-out transfer length - mtd: physmap_of: Release resources on error - brcmfmac: fix full timeout waiting for action frame on-channel tx - NFSv4.x: fix lock recovery during delegation recall - dmaengine: ioat: fix prototype of ioat_enumerate_channels - Input: st1232 - set INPUT_PROP_DIRECT property - x86/olpc: Fix build error with CONFIG_MFD_CS5535=m - crypto: mxs-dcp - Fix SHA null hashes and output length - crypto: mxs-dcp - Fix AES issues - ACPI / SBS: Fix rare oops when removing modules - fbdev: sbuslib: use checked version of put_user() - fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() - bcache: recal cached_dev_sectors on detach - proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted() - backlight: lm3639: Unconditionally call led_classdev_unregister - printk: Give error on attempt to set log buffer length to over 2G - media: isif: fix a NULL pointer dereference bug - GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads - media: cx231xx: fix potential sign-extension overflow on large shift - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error - gpio: syscon: Fix possible NULL ptr usage - spi: spidev: Fix OF tree warning logic - ARM: 8802/1: Call syscall_trace_exit even when system call skipped - hwmon: (pwm-fan) Silence error on probe deferral - mac80211: minstrel: fix CCK rate group streams value - spi: rockchip: initialize dma_slave_config properly - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Linux 4.4.203 * Xenial update: 4.4.202 upstream stable release (LP: #1853177) - kvm: mmu: Don't read PDPTEs when paging is not enabled - MIPS: BCM63XX: fix switch core reset on BCM6368 - powerpc/Makefile: Use cflags-y/aflags-y for setting endian options - powerpc: Fix compiling a BE kernel with a powerpc64le toolchain - powerpc/boot: Request no dynamic linker for boot wrapper - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs - Linux 4.4.202 * Xenial update: 4.4.201 upstream stable release (LP: #1852335) - CDC-NCM: handle incomplete transfer of MTU - net: fix data-race in neigh_event_send() - NFC: fdp: fix incorrect free object - NFC: st21nfca: fix double free - qede: fix NULL pointer deref in __qede_remove() - nfc: netlink: fix double device reference drop - ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series - ALSA: hda/ca0132 - Fix possible workqueue stall - mm, vmstat: hide /proc/pagetypeinfo from normal users - dump_stack: avoid the livelock of the dump_lock - perf tools: Fix time sorting - drm/radeon: fix si_enable_smc_cac() failed issue - ceph: fix use-after-free in __ceph_remove_cap() - iio: imu: adis16480: make sure provided frequency is positive - netfilter: nf_tables: Align nft_expr private data to 64-bit - netfilter: ipset: Fix an error code in ip_set_sockfn_get() - can: usb_8dev: fix use-after-free on disconnect - can: c_can: c_can_poll(): only read status register after status IRQ - can: peak_usb: fix a potential out-of-sync while decoding packets - can: gs_usb: gs_can_open(): prevent memory leak - can: peak_usb: fix slab info leak - drivers: usb: usbip: Add missing break statement to switch - configfs: fix a deadlock in configfs_symlink() - PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 - scsi: qla2xxx: fixup incorrect usage of host_byte - scsi: lpfc: Honor module parameter lpfc_use_adisc - ipvs: move old_secure_tcp into struct netns_ipvs - bonding: fix unexpected IFF_BONDING bit unset - usb: fsl: Check memory resource before releasing it - usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. - usb: gadget: composite: Fix possible double free memory bug - usb: gadget: configfs: fix concurrent issue between composite APIs - perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity - USB: Skip endpoints with 0 maxpacket length - scsi: qla2xxx: stop timer in shutdown path - net: hisilicon: Fix "Trying to free already-free IRQ" - NFSv4: Don't allow a cached open with a revoked delegation - igb: Fix constant media auto sense switching when no cable is connected - e1000: fix memory leaks - can: flexcan: disable completely the ECC mechanism - mm/filemap.c: don't initiate writeback if mapping has no dirty pages - cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead - net: prevent load/store tearing on sk->sk_stamp - Linux 4.4.201 -- Khalid Elmously Wed, 04 Dec 2019 00:17:02 -0500 linux-kvm (4.4.0-1063.70) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1063.70 -proposed tracker (LP: #1852298) [ Ubuntu: 4.4.0-170.199 ] * xenial/linux: 4.4.0-170.199 -proposed tracker (LP: #1852306) * update ENA driver to version 2.1.0 (LP: #1850175) - net: ena: fix: set freed objects to NULL to avoid failing future allocations - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry - net: ena: fix: Free napi resources when ena_up() fails - net: ena: fix incorrect test of supported hash function - net: ena: fix return value of ena_com_config_llq_info() - net: ena: improve latency by disabling adaptive interrupt moderation by default - net: ena: fix ena_com_fill_hash_function() implementation - net: ena: add handling of llq max tx burst size - net: ena: ethtool: add extra properties retrieval via get_priv_flags - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring - net: ena: arrange ena_probe() function variables in reverse christmas tree - net: ena: add newline at the end of pr_err prints - net: ena: allow automatic fallback to polling mode - net: ena: add support for changing max_header_size in LLQ mode - net: ena: optimise calculations for CQ doorbell - net: ena: add good checksum counter - net: ena: use dev_info_once instead of static variable - net: ena: add MAX_QUEUES_EXT get feature admin command - net: ena: enable negotiating larger Rx ring size - net: ena: make ethtool show correct current and max queue sizes - net: ena: allow queue allocation backoff when low on memory - net: ena: add ethtool function for changing io queue sizes - net: ena: remove inline keyword from functions in *.c - net: ena: update driver version from 2.0.3 to 2.1.0 - net: ena: Fix bug where ring allocation backoff stopped too late - Revert "net: ena: ethtool: add extra properties retrieval via get_priv_flags" - net: ena: don't wake up tx queue when down - net: ena: clean up indentation issue * Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700) // update ENA driver to version 2.1.0 (LP: #1850175) - net: ena: gcc 8: fix compilation warning * Skip frame when buffer overflow on UVC camera (LP: #1849871) - media: uvcvideo: Mark buffer error where overflow * CVE-2018-20784 - sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c - sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list - sched/fair: Add tmp_alone_branch assertion - sched/fair: Fix insertion in rq->leaf_cfs_rq_list - sched/fair: Optimize update_blocked_averages() - sched/fair: Fix O(nr_cgroups) in the load balancing path * Xenial update: 4.4.200 upstream stable release (LP: #1852110) - kbuild: add -fcf-protection=none when using retpoline flags - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized - ASoc: rockchip: i2s: Fix RPM imbalance - ARM: dts: logicpd-torpedo-som: Remove twl_keypad - ARM: mm: fix alignment handler faults under memory pressure - scsi: sni_53c710: fix compilation error - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE - perf kmem: Fix memory leak in compact_gfp_flags() - scsi: target: core: Do not overwrite CDB byte 1 - of: unittest: fix memory leak in unittest_data_add - MIPS: bmips: mark exception vectors as char arrays - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs - dccp: do not leak jiffies on the wire - net: fix sk_page_frag() recursion from memory reclaim - net: hisilicon: Fix ping latency when deal with high throughput - SAUCE: Revert "net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()" - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() - net: add READ_ONCE() annotation in __skb_wait_for_more_packets() - vxlan: check tun_info options_len properly - net/mlx4_core: Dynamically set guaranteed amount of counters per VF - inet: stop leaking jiffies on the wire - net/flow_dissector: switch to siphash - dmaengine: qcom: bam_dma: Fix resource leak - ARM: 8051/1: put_user: fix possible data corruption in put_user - ARM: 8478/2: arm/arm64: add arm-smccc - ARM: 8479/2: add implementation for arm-smccc - ARM: 8480/2: arm64: add implementation for arm-smccc - ARM: 8481/2: drivers: psci: replace psci firmware calls - ARM: uaccess: remove put_user() code duplication - ARM: Move system register accessors to asm/cp15.h - arm/arm64: KVM: Advertise SMCCC v1.1 - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support - firmware/psci: Expose PSCI conduit - firmware/psci: Expose SMCCC version through psci_ops - arm/arm64: smccc: Make function identifiers an unsigned quantity - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive - arm/arm64: smccc: Add SMCCC-specific return codes - arm/arm64: smccc-1.1: Make return values unsigned long - arm/arm64: smccc-1.1: Handle function result as parameters - ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs - ARM: bugs: prepare processor bug infrastructure - ARM: bugs: hook processor bug checking into SMP and suspend paths - ARM: bugs: add support for per-processor bug checking - ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre - ARM: spectre-v2: harden branch predictor on context switches - ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit - ARM: spectre-v2: harden user aborts in kernel space - ARM: spectre-v2: add firmware based hardening - ARM: spectre-v2: warn about incorrect context switching functions - ARM: spectre-v1: add speculation barrier (csdb) macros - ARM: spectre-v1: add array_index_mask_nospec() implementation - ARM: spectre-v1: fix syscall entry - ARM: signal: copy registers using __copy_from_user() - ARM: vfp: use __copy_from_user() when restoring VFP state - ARM: oabi-compat: copy semops using __copy_from_user() - ARM: use __inttype() in get_user() - ARM: spectre-v1: use get_user() for __get_user() - ARM: spectre-v1: mitigate user accesses - ARM: 8789/1: signal: copy registers using __copy_to_user() - ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state - ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() - ARM: 8793/1: signal: replace __put_user_error with __put_user - ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit - ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() - ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization - ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc - ARM: make lookup_processor_type() non-__init - ARM: split out processor lookup - ARM: clean up per-processor check_bugs method call - ARM: add PROC_VTABLE and PROC_TABLE macros - ARM: spectre-v2: per-CPU vtables to work around big.Little systems - ARM: ensure that processor vtables is not lost after boot - ARM: fix the cockup in the previous patch - alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP - fs/dcache: move security_d_instantiate() behind attaching dentry to inode - Linux 4.4.200 - updateconfigs for Linux v4.4.200 * Xenial update: 4.4.199 upstream stable release (LP: #1851549) - dm snapshot: use mutex instead of rw_semaphore - dm snapshot: introduce account_start_copy() and account_end_copy() - dm snapshot: rework COW throttling to fix deadlock - dm: Use kzalloc for all structs with embedded biosets/mempools - sc16is7xx: Fix for "Unexpected interrupt: 8" - x86/cpu: Add Atom Tremont (Jacobsville) - scripts/setlocalversion: Improve -dirty check with git-status --no-optional- locks - usb: handle warm-reset port requests on hub resume - exec: load_script: Do not exec truncated interpreter path - iio: fix center temperature of bmc150-accel-core - perf map: Fix overlapped map handling - RDMA/iwcm: Fix a lock inversion issue - fs: cifs: mute -Wunused-const-variable message - serial: mctrl_gpio: Check for NULL pointer - efi/cper: Fix endianness of PCIe class code - efi/x86: Do not clean dummy variable in kexec path - fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() - fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() - MIPS: fw: sni: Fix out of bounds init of o32 stack - NFSv4: Fix leak of clp->cl_acceptor string - tracing: Initialize iter->seq after zeroing in tracing_read_pipe() - USB: legousbtower: fix a signedness bug in tower_probe() - thunderbolt: Use 32-bit writes when writing ring producer/consumer - fuse: flush dirty data/metadata before non-truncate setattr - fuse: truncate pending writes on O_TRUNC - ALSA: bebob: Fix prototype of helper function to return negative value - UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") - USB: gadget: Reject endpoints with 0 maxpacket value - USB: ldusb: fix ring-buffer locking - USB: ldusb: fix control-message timeout - USB: serial: whiteheat: fix potential slab corruption - USB: serial: whiteheat: fix line-speed endianness - HID: Fix assumption that devices have inputs - HID: fix error message in hid_open_report() - nl80211: fix validation of mesh path nexthop - s390/cmm: fix information leak in cmm_timeout_handler() - llc: fix sk_buff leak in llc_sap_state_process() - llc: fix sk_buff leak in llc_conn_service() - bonding: fix potential NULL deref in bond_update_slave_arr - net: usb: sr9800: fix uninitialized local variable - sch_netem: fix rcu splat in netem_enqueue() - sctp: fix the issue that flags are ignored when using kernel_connect - sctp: not bind the socket in sctp_connect - xfs: Correctly invert xfs_buftarg LRU isolation logic - Revert "ALSA: hda: Flush interrupts on disabling" - Linux 4.4.199 * libmbim-proxy using 100% CPU on a Dell Edge Gateway 3002 (LP: #1851347) - USB: cdc-wdm: ignore -EPIPE from GetEncapsulatedResponse * Xenial update: v4.4.198 upstream stable release (LP: #1850454) - scsi: ufs: skip shutdown if hba is not powered - scsi: megaraid: disable device when probe failed after enabled device - scsi: qla2xxx: Fix unbound sleep in fcport delete path. - ARM: OMAP2+: Fix missing reset done flag for am3 and am43 - ARM: dts: am4372: Set memory bandwidth limit for DISPC - nl80211: fix null pointer dereference - mips: Loongson: Fix the link time qualifier of 'serial_exit()' - net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() - namespace: fix namespace.pl script to support relative paths - loop: Add LOOP_SET_DIRECT_IO to compat ioctl - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3 - net: bcmgenet: Set phydev->dev_flags only for internal PHYs - sctp: change sctp_prot .no_autobind with true - net: avoid potential infinite loop in tc_ctl_action() - ipv4: Return -ENETUNREACH if we can't create route but saddr is valid - memfd: Fix locking when tagging pins - USB: legousbtower: fix memleak on disconnect - usb: udc: lpc32xx: fix bad bit shift operation - USB: serial: ti_usb_3410_5052: fix port-close races - USB: ldusb: fix memleak on disconnect - USB: usblp: fix use-after-free on disconnect - USB: ldusb: fix read info leaks - scsi: core: try to get module before removing device - ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting - cfg80211: wext: avoid copying malformed SSIDs - mac80211: Reject malformed SSID elements - scsi: zfcp: fix reaction on bit error threshold notification - mm/slub: fix a deadlock in show_slab_objects() - xtensa: drop EXPORT_SYMBOL for outs*/ins* - parisc: Fix vmap memory leak in ioremap()/iounmap() - CIFS: avoid using MID 0xFFFF - btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group() - memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()' - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown - xen/netback: fix error path of xenvif_connect_data() - PCI: PM: Fix pci_power_up() - net: sched: Fix memory exposure from short TCA_U32_SEL - RDMA/cxgb4: Do not dma memory off of the stack - Linux 4.4.198 * Colour banding in Lenovo G50-80 laptop display (i915) (LP: #1819968) // Xenial update: v4.4.198 upstream stable release (LP: #1850454) - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 [ Ubuntu: 4.4.0-169.198 ] * Incomplete i915 fix for 64-bit x86 kernels (LP: #1852141) // CVE-2019-0155 - SAUCE: drm/i915/cmdparser: Fix jump whitelist clearing -- Connor Kuehl Thu, 14 Nov 2019 10:46:18 -0800 linux-kvm (4.4.0-1062.69) xenial; urgency=medium * CVE-2019-11135 - [Config] Disable TSX by default when possible [ Ubuntu: 4.4.0-168.197 ] * CVE-2018-12207 - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault() - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault() - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage - KVM: x86: MMU: Make mmu_set_spte() return emulate value - KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() - KVM: x86: MMU: always set accessed bit in shadow PTEs - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() - KVM: x86: simplify ept_misconfig - KVM: x86: extend usage of RET_MMIO_PF_* constants - KVM: MMU: drop vcpu param in gpte_access - kvm: Convert kvm_lock to a mutex - kvm: x86: Do not release the page inside mmu_set_spte() - KVM: x86: make FNAME(fetch) and __direct_map more similar - KVM: x86: remove now unneeded hugepage gfn adjustment - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON - KVM: x86: add tracepoints around __direct_map and FNAME(fetch) - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation - SAUCE: kvm: Add helper function for creating VM worker threads - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT * CVE-2019-11135 - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - KVM: x86: use Intel speculation bugs and features as derived in generic x86 code - x86/msr: Add the IA32_TSX_CTRL MSR - x86/cpu: Add a helper function x86_read_arch_cap_msr() - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default - x86/speculation/taa: Add mitigation for TSX Async Abort - x86/speculation/taa: Add sysfs reporting for TSX Async Abort - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled - x86/tsx: Add "auto" option to the tsx= cmdline parameter - x86/speculation/taa: Add documentation for TSX Async Abort - x86/tsx: Add config options to set tsx=on|off|auto - SAUCE: x86/speculation/taa: Call tsx_init() - SAUCE: x86/cpu: Include cpu header from bugs.c - [Config] Disable TSX by default when possible * CVE-2019-0154 - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA * CVE-2019-0155 - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+ - SAUCE: i915_bpo: drm/i915/gtt: Disable read-only support under GVT - SAUCE: i915_bpo: drm/i915: Rename gen7 cmdparser tables - SAUCE: i915_bpo: drm/i915: Disable Secure Batches for gen6+ - SAUCE: i915_bpo: drm/i915/cmdparser: Use binary search for faster register lookup - SAUCE: i915_bpo: drm/i915/cmdparser: Check reg_table_count before derefencing. - SAUCE: i915_bpo: drm/i915: Remove Master tables from cmdparser - SAUCE: i915_bpo: drm/i915: Add support for mandatory cmdparsing - SAUCE: i915_bpo: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers - SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches - SAUCE: i915_bpo: drm/i915: Add gen9 BCS cmdparsing - SAUCE: i915_bpo: drm/i915/cmdparser: Add support for backward jumps - SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command matching -- Andrea Righi Thu, 07 Nov 2019 15:29:20 +0100 linux-kvm (4.4.0-1061.68) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1061.68 -proposed tracker (LP: #1849042) [ Ubuntu: 4.4.0-167.196 ] * xenial/linux: 4.4.0-167.196 -proposed tracker (LP: #1849051) * Xenial update: 4.4.197 upstream stable release (LP: #1848780) - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP - s390/topology: avoid firing events before kobjs are created - s390/cio: avoid calling strlen on null pointer - s390/cio: exclude subchannels with no parent from pseudo check - KVM: nVMX: handle page fault in vmread fix - ASoC: Define a set of DAPM pre/post-up events - powerpc/powernv: Restrict OPAL symbol map to only be readable by root - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset - crypto: qat - Silence smp_processor_id() warning - ieee802154: atusb: fix use-after-free at disconnect - cfg80211: initialize on-stack chandefs - ima: always return negative code for error - fs: nfs: Fix possible null-pointer dereferences in encode_attrs() - 9p: avoid attaching writeback_fid on mmap with type PRIVATE - xen/pci: reserve MCFG areas earlier - ceph: fix directories inode i_blkbits initialization - drm/amdgpu: Check for valid number of registers to read - thermal: Fix use-after-free when unregistering thermal zone device - fuse: fix memleak in cuse_channel_open - kernel/elfcore.c: include proper prototypes - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure - perf stat: Fix a segmentation fault when using repeat forever - crypto: caam - fix concurrency issue in givencrypt descriptor - cfg80211: add and use strongly typed element iteration macros - cfg80211: Use const more consistently in for_each_element macros - nl80211: validate beacon head - ASoC: sgtl5000: Improve VAG power and mute control - panic: ensure preemption is disabled during panic() - [Config] updateconfigs for USB_RIO500 - USB: rio500: Remove Rio 500 kernel driver - USB: yurex: Don't retry on unexpected errors - USB: yurex: fix NULL-derefs on disconnect - USB: usb-skeleton: fix runtime PM after driver unbind - USB: usb-skeleton: fix NULL-deref on disconnect - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long - xhci: Check all endpoints for LPM timeout - usb: xhci: wait for CNR controller not ready bit in xhci resume - USB: adutux: remove redundant variable minor - USB: adutux: fix use-after-free on disconnect - USB: adutux: fix NULL-derefs on disconnect - USB: adutux: fix use-after-free on release - USB: iowarrior: fix use-after-free on disconnect - USB: iowarrior: fix use-after-free on release - USB: iowarrior: fix use-after-free after driver unbind - USB: usblp: fix runtime PM after driver unbind - USB: chaoskey: fix use-after-free on release - USB: ldusb: fix NULL-derefs on driver unbind - serial: uartlite: fix exit path null pointer - USB: serial: keyspan: fix NULL-derefs on open() and write() - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20 - USB: serial: option: add Telit FN980 compositions - USB: serial: option: add support for Cinterion CLS8 devices - USB: serial: fix runtime PM after driver unbind - USB: usblcd: fix I/O after disconnect - USB: microtek: fix info-leak at probe - USB: dummy-hcd: fix power budget for SuperSpeed mode - usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}() - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior - USB: legousbtower: fix slab info leak at probe - USB: legousbtower: fix deadlock on disconnect - USB: legousbtower: fix potential NULL-deref on disconnect - USB: legousbtower: fix open after failed reset request - USB: legousbtower: fix use-after-free on release - staging: vt6655: Fix memory leak in vt6655_probe - iio: adc: ad799x: fix probe error handling - iio: light: opt3001: fix mutex unlock race - perf llvm: Don't access out-of-scope array - CIFS: Gracefully handle QueryInfo errors during open - CIFS: Force reval dentry if LOOKUP_REVAL flag is set - kernel/sysctl.c: do not override max_threads provided by userspace - arm64: capabilities: Handle sign of the feature bit - arm64: Rename cpuid_feature field extract routines - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc - cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary - CIFS: Force revalidate inode when dentry is stale - media: stkwebcam: fix runtime PM after driver unbind - tracing: Get trace_array reference for available_tracers files - x86/asm: Fix MWAITX C-state hint value - Linux 4.4.197 - [Config] updateconfigs for USB_RIO500 * CVE-2019-17666 - SAUCE: rtlwifi: Fix potential overflow on P2P code * Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Xenial update: 4.4.197 upstream stable release (LP: #1848780) - xhci: Increase STS_SAVE timeout in xhci_suspend() * Ubuntu 16.04.6 - Shared CEX7C cards defined in z/VM guest not established by zcrypt device driver (LP: #1848173) - SAUCE: s390/zcrypt: CEX7 toleration support * Xenial update: 4.4.196 upstream stable release (LP: #1848598) - video: ssd1307fb: Start page range at page_offset - gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() - ipmi_si: Only schedule continuously in the thread in maintenance mode - clk: qoriq: Fix -Wunused-const-variable - clk: sirf: Don't reference clk_init_data after registration - powerpc/rtas: use device model APIs and serialization during LPM - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function - powerpc/pseries/mobility: use cond_resched when updating device tree - pinctrl: tegra: Fix write barrier placement in pmx_writel - vfio_pci: Restore original state on release - powerpc/64s/exception: machine check use correct cfar for late handler - powerpc/pseries: correctly track irq state in default idle - scsi: core: Reduce memory required for SCSI logging - mfd: intel-lpss: Remove D3cold delay - ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes - HID: apple: Fix stuck function keys when using FN - security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() - fat: work around race with userspace's read via blockdev while mounting - hypfs: Fix error number left in struct pointer member - ocfs2: wait for recovering done after direct unlock request - kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K - ANDROID: binder: remove waitqueue when thread exits. - ANDROID: binder: synchronize_rcu() when using POLLFREE. - hso: fix NULL-deref on tty open - ipv6: drop incoming packets having a v4mapped source address - net: ipv4: avoid mixed n_redirects and rate_tokens usage - net: qlogic: Fix memory leak in ql_alloc_large_buffers - nfc: fix memory leak in llcp_sock_bind() - sch_dsmark: fix potential NULL deref in dsmark_init() - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() - net/rds: Fix error handling in rds_ib_add_one() - sch_cbq: validate TCA_CBQ_WRROPT to avoid crash - Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set - smack: use GFP_NOFS while holding inode_smack::smk_lock - NFC: fix attrs checks in netlink interface - Linux 4.4.196 * Xenial update: 4.4.195 upstream stable release (LP: #1848589) - Revert "Bluetooth: validate BLE connection interval updates" - HID: prodikeys: Fix general protection fault during probe - HID: lg: make transfer buffers DMA capable - HID: logitech: Fix general protection fault caused by Logitech driver - HID: hidraw: Fix invalid read in hidraw_ioctl - mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() - crypto: talitos - fix missing break in switch statement - net: rds: Fix NULL ptr use in rds_tcp_kill_sock - ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt() - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop - SAUCE: Revert "mac80211: handle deauthentication/disassociation from TDLS peer" - mac80211: Print text for disassociation reason - mac80211: handle deauthentication/disassociation from TDLS peer - locking/lockdep: Add debug_locks check in __lock_downgrade() - irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices - f2fs: check all the data segments against all node ones - Revert "f2fs: avoid out-of-range memory access" - f2fs: fix to do sanity check on segment bitmap of LFS curseg - drm: Flush output polling on shutdown - Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices - arcnet: provide a buffer big enough to actually receive packets - cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize - net/phy: fix DP83865 10 Mbps HDX loopback disable function - openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC - sch_netem: fix a divide by zero in tabledist() - skge: fix checksum byte order - usbnet: ignore endpoints with invalid wMaxPacketSize - usbnet: sanity checking of packet sizes and device mtu - ALSA: hda: Flush interrupts on disabling - ASoC: sgtl5000: Fix charge pump source assignment - dmaengine: bcm2835: Print error in case setting DMA mask fails - leds: leds-lp5562 allow firmware files up to the maximum length - media: dib0700: fix link error for dibx000_i2c_set_speed - media: hdpvr: Add device num check and handling - sched/fair: Fix imbalance due to CPU affinity - sched/core: Fix CPU controller for !RT_GROUP_SCHED - x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails - x86/apic: Soft disable APIC before initializing it - ALSA: hda - Show the fatal CORB/RIRB error more clearly - ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() - media: iguanair: add sanity checks - base: soc: Export soc_device_register/unregister APIs - ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid - ia64:unwind: fix double free for mod->arch.init_unw_table - md: don't call spare_active in md_reap_sync_thread if all member devices can't work - md: don't set In_sync if array is frozen - efi: cper: print AER info of PCIe fatal error - media: gspca: zero usb_buf on error - dmaengine: iop-adma: use correct printk format strings - media: omap3isp: Don't set streaming state on random subdevs - net: lpc-enet: fix printk format strings - media: radio/si470x: kill urb on error - media: hdpvr: add terminating 0 at end of string - media: saa7146: add cleanup in hexium_attach() - media: cpia2_usb: fix memory leaks - media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() - media: ov9650: add a sanity check - ACPI / CPPC: do not require the _PSD method - libtraceevent: Change users plugin directory - ACPI: custom_method: fix memory leaks - hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' - md/raid1: fail run raid1 array when active disk less than one - dmaengine: ti: edma: Do not reset reserved paRAM slots - kprobes: Prohibit probing on BUG() and WARN() address - ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set - mmc: sdhci: Fix incorrect switch to HS mode - libertas: Add missing sentinel at end of if_usb.c fw_table - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 - btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type - media: omap3isp: Set device on omap3isp subdevs - ALSA: firewire-tascam: handle error code when getting current source of clock - ALSA: firewire-tascam: check intermediate state of clock status and retry - printk: Do not lose last line in kmsg buffer dump - fuse: fix missing unlock_page in fuse_writepage() - parisc: Disable HP HSC-PCI Cards to prevent kernel crash - KVM: x86: always stop emulation on page fault - KVM: x86: set ctxt->have_exception in x86_decode_insn() - KVM: x86: Manually calculate reserved bits when loading PDPTRS - media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table - ASoC: Intel: Fix use of potentially uninitialized variable - ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP - md/raid6: Set R5_ReadError when there is read failure on parity disk - cfg80211: Purge frame registrations on iftype change - /dev/mem: Bail out upon SIGKILL. - ext4: fix punch hole for inline_data file systems - quota: fix wrong condition in is_quota_modification() - hwrng: core - don't wait on add_early_randomness() - i2c: riic: Clear NACK in tend isr - CIFS: Fix oplock handling for SMB 2.1+ protocols - ovl: filter of trusted xattr results in audit - Btrfs: fix use-after-free when using the tree modification log - btrfs: Relinquish CPUs in btrfs_compare_trees - Btrfs: fix race setting up and completing qgroup rescan workers - Linux 4.4.195 * [Packaging] Support building Flattened Image Tree (FIT) kernels (LP: #1847969) - [Packaging] add rules to build FIT image - [Packaging] force creation of headers directory * bcache: Performance degradation when querying priority_stats (LP: #1840043) - bcache: add cond_resched() in __bch_cache_cmp() * Add installer support for iwlmvm adapters (LP: #1848236) - d-i: Add iwlmvm to nic-modules * Bad posix clock speculation mitigation backport (LP: #1847189) - SAUCE: Fix posix clock speculation mitigation backport * PM / hibernate: fix potential memory corruption (LP: #1847118) - PM / hibernate: memory_bm_find_bit -- tighten node optimisation * CVE-2019-17056 - nfc: enforce CAP_NET_RAW for raw sockets * CVE-2019-17055 - mISDN: enforce CAP_NET_RAW for raw sockets * CVE-2019-17054 - appletalk: enforce CAP_NET_RAW for raw sockets * CVE-2019-17053 - ieee802154: enforce CAP_NET_RAW for raw sockets * CVE-2019-17052 - ax25: enforce CAP_NET_RAW for raw sockets * CVE-2019-15098 - ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() * arm64: sigaltstack fails with MINSIGSTKSZ for 32-bit processes (LP: #1844155) - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ -- Khalid Elmously Tue, 22 Oct 2019 03:35:31 -0400 linux-kvm (4.4.0-1060.67) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1060.67 -proposed tracker (LP: #1846060) * Xenial update: 4.4.190 upstream stable release (LP: #1845038) - [config] Update CONFIG_ISCSI_IBFT_FIND option name * ubuntu_quota_smoke_test failed with KVM kernel (LP: #1784535) - [Config] Enable quota module support [ Ubuntu: 4.4.0-166.195 ] * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * CVE-2017-18232 - scsi: libsas: direct call probe and destruct * CVE-2018-21008 - rsi: add fix for crash during assertions * Xenial update: 4.4.194 upstream stable release (LP: #1845405) - bridge/mdb: remove wrong use of NLM_F_MULTI - cdc_ether: fix rndis support for Mediatek based smartphones - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' - isdn/capi: check message length in capi_write() - net: Fix null de-reference of device refcount - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR - tipc: add NULL pointer check before calling kfree_rcu - tun: fix use-after-free when register netdev failed - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur" - Btrfs: fix assertion failure during fsync and use of stale transaction - genirq: Prevent NULL pointer dereference in resend_irqs() - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl - KVM: x86: work around leak of uninitialized stack contents - KVM: nVMX: handle page fault in vmread - MIPS: VDSO: Prevent use of smp_processor_id() - MIPS: VDSO: Use same -m%-float cflag as the kernel proper - clk: rockchip: Don't yell about bad mmc phases when getting - driver core: Fix use-after-free and double free on glue directory - crypto: talitos - check AES key size - crypto: talitos - check data blocksize in ablkcipher. - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send() - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs - USB: usbcore: Fix slab-out-of-bounds bug during device reset - media: tm6000: double free if usb disconnect while streaming - x86/boot: Add missing bootparam that breaks boot on some platforms - xen-netfront: do not assume sk_buff_head list is empty in error handling - serial: sprd: correct the wrong sequence of arguments - tty/serial: atmel: reschedule TX after RX was started - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings - s390/bpf: fix lcgr instruction encoding - ARM: OMAP2+: Fix omap4 errata warning on other SoCs - s390/bpf: use 32-bit index for tail calls - NFSv4: Fix return values for nfs4_file_open() - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 - ARM: 8874/1: mm: only adjust sections of valid mm structures - r8152: Set memory to all 0xFFs on failed reg reads - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines - netfilter: nf_conntrack_ftp: Fix debug output - NFSv2: Fix eof handling - NFSv2: Fix write regression - cifs: set domainName when a domain-key is used in multiuser - cifs: Use kzfree() to zero out the password - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) - tools/power turbostat: fix buffer overrun - net: seeq: Fix the function used to release some memory in an error handling path - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe() - keys: Fix missing null pointer check in request_key_auth_describe() - floppy: fix usercopy direction - media: technisat-usb2: break out of loop at end of buffer - ARC: export "abort" for modules - net_sched: let qdisc_put() accept NULL pointer - Linux 4.4.194 * CVE-2019-14821 - KVM: coalesced_mmio: add bounds checking * Xenial update: 4.4.193 upstream stable release (LP: #1845395) - ALSA: hda - Fix potential endless loop at applying quirks - ALSA: hda/realtek - Fix overridden device-specific initialization - xfrm: clean up xfrm protocol checks - vhost/test: fix build for vhost test - scripts/decode_stacktrace: match basepath using shell prefix operator, not regex - clk: s2mps11: Add used attribute to s2mps11_dt_match - x86, boot: Remove multiple copy of static function sanitize_boot_params() - af_packet: tone down the Tx-ring unsupported spew. - Linux 4.4.193 * Xenial update: 4.4.192 upstream stable release (LP: #1845374) - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx - Bluetooth: btqca: Add a short delay before downloading the NVM - ibmveth: Convert multicast list size for little-endian system - gpio: Fix build error of function redefinition - cxgb4: fix a memory leak bug - net: myri10ge: fix memory leaks - cx82310_eth: fix a memory leak bug - net: kalmia: fix memory leaks - wimax/i2400m: fix a memory leak bug - ravb: Fix use-after-free ravb_tstamp_skb - Tools: hv: kvp: eliminate 'may be used uninitialized' warning - IB/mlx4: Fix memory leaks - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() - KVM: arm/arm64: Only skip MMIO insn once - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer - spi: bcm2835aux: ensure interrupts are enabled for shared handler - spi: bcm2835aux: unifying code between polling and interrupt driven code - spi: bcm2835aux: remove dangerous uncontrolled read of fifo - spi: bcm2835aux: fix corruptions for longer spi transfers - Revert "x86/apic: Include the LDR when clearing out APIC registers" - net: fix skb use after free in netpoll - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent - Linux 4.4.192 * Xenial update: 4.4.191 upstream stable release (LP: #1845036) - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT - MIPS: kernel: only use i8253 clocksource with periodic clockevent - netfilter: ebtables: fix a memory leak bug in compat - bonding: Force slave speed check after link state recovery for 802.3ad - can: dev: call netif_carrier_off() in register_candev() - st21nfca_connectivity_event_received: null check the allocation - st_nci_hci_connectivity_event_received: null check the allocation - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint - net: usb: qmi_wwan: Add the BroadMobi BM818 card - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack - perf bench numa: Fix cpu0 binding - can: sja1000: force the string buffer NULL-terminated - can: peak_usb: force the string buffer NULL-terminated - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' - net: hisilicon: make hip04_tx_reclaim non-reentrant - net: hisilicon: fix hip04-xmit never return TX_BUSY - net: hisilicon: Fix dma_map_single failed on arm64 - libata: add SG safety checks in SFF pio transfers - selftests: kvm: Adding config fragments - HID: wacom: correct misreported EKR ring values - Revert "dm bufio: fix deadlock with loop device" - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386 - x86/apic: Handle missing global clockevent gracefully - x86/boot: Save fields explicitly, zero out everything else - x86/boot: Fix boot regression caused by bootparam sanitizing - dm btree: fix order of block initialization in btree_split_beneath - dm space map metadata: fix missing store of apply_bops() return value - dm table: fix invalid memory accesses with too high sector number - cgroup: Disable IRQs while holding css_set_lock - net: arc_emac: fix koops caused by sk_buff free - siphash: implement HalfSipHash1-3 for hash tables - netfilter: ctnetlink: don't use conntrack/expect object addresses as id - netfilter: conntrack: Use consistent ct id hash calculation - x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h - scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm() - dmaengine: ste_dma40: fix unneeded variable warning - usb: gadget: composite: Clear "suspended" on reset/disconnect - usb: host: fotg2: restart hcd after port reset - tools: hv: fix KVP and VSS daemons exit code - watchdog: bcm2835_wdt: Fix module autoload - tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue - ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term - ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit - tcp: make sure EPOLLOUT wont be missed - ALSA: seq: Fix potential concurrent access to the deleted pool - KVM: x86: Don't update RIP or do single-step on faulting emulation - x86/apic: Do not initialize LDR and DFR for bigsmp - x86/apic: Include the LDR when clearing out APIC registers - usb-storage: Add new JMS567 revision to unusual_devs - USB: cdc-wdm: fix race between write and disconnect due to flag abuse - usb: host: ohci: fix a race condition between shutdown and irq - USB: storage: ums-realtek: Update module parameter description for auto_delink_en - ptrace,x86: Make user_64bit_mode() available to 32-bit builds - uprobes/x86: Fix detection of 32-bit user mode - mmc: sdhci-of-at91: add quirk for broken HS200 - mmc: core: Fix init of SD cards reporting an invalid VDD range - stm class: Fix a double free of stm_source_device - VMCI: Release resource if the work is already queued - Revert "cfg80211: fix processing world regdomain when non modular" - mac80211: fix possible sta leak - x86/ptrace: fix up botched merge of spectrev1 fix - Linux 4.4.191 * New ID in ums-realtek module breaks cardreader (LP: #1838886) // Xenial update: 4.4.191 upstream stable release (LP: #1845036) - USB: storage: ums-realtek: Whitelist auto-delink support * Xenial update: 4.4.190 upstream stable release (LP: #1845038) - usb: iowarrior: fix deadlock on disconnect - sound: fix a memory leak bug - x86/mm: Check for pfn instead of page in vmalloc_sync_one() - x86/mm: Sync also unmappings in vmalloc_sync_all() - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() - perf db-export: Fix thread__exec_comm() - usb: yurex: Fix use-after-free in yurex_delete - can: peak_usb: fix potential double kfree_skb() - netfilter: nfnetlink: avoid deadlock due to synchronous request_module - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND - mac80211: don't warn about CW params when not using them - hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 - cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() - s390/qdio: add sanity checks to the fast-requeue path - ALSA: compress: Fix regression on compressed capture streams - ALSA: compress: Prevent bypasses of set_params - ALSA: compress: Be more restrictive about when a drain is allowed - perf probe: Avoid calling freeing routine multiple times for same pointer - ARM: davinci: fix sleep.S build error on ARMv4 - scsi: megaraid_sas: fix panic on loading firmware crashdump - scsi: ibmvfc: fix WARN_ON during event pool release - tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop - perf/core: Fix creating kernel counters for PMUs that override event->cpu - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices - hwmon: (nct7802) Fix wrong detection of in4 presence - ALSA: firewire: fix a memory leak bug - mac80211: don't WARN on short WMM parameters from AP - SMB3: Fix deadlock in validate negotiate hits reconnect - smb3: send CAP_DFS capability during session setup - mwifiex: fix 802.11n/WPA detection - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA - sh: kernel: hw_breakpoint: Fix missing break in switch statement - mm/memcontrol.c: fix use after free in mem_cgroup_iter() - ALSA: hda - Fix a memory leak bug - HID: holtek: test for sanity of intfdata - HID: hiddev: avoid opening a disconnected device - HID: hiddev: do cleanup in failure of opening a device - Input: kbtab - sanity check for endpoint type - Input: iforce - add sanity checks - net: usb: pegasus: fix improper read if get_registers() fail - xen/pciback: remove set but not used variable 'old_state' - irqchip/irq-imx-gpcv2: Forward irq type to parent - perf header: Fix divide by zero error if f_header.attr_size==0 - perf header: Fix use of unitialized value warning - libata: zpodd: Fix small read overflow in zpodd_get_mech_type() - scsi: hpsa: correct scsi command status issue after reset - ata: libahci: do not complain in case of deferred probe - kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules - IB/core: Add mitigation for Spectre V1 - ocfs2: remove set but not used variable 'last_hash' - asm-generic: fix -Wtype-limits compiler warnings - staging: comedi: dt3000: Fix signed integer overflow 'divider * base' - staging: comedi: dt3000: Fix rounding up of timer divisor - USB: core: Fix races in character device registration and deregistraion - usb: cdc-acm: make sure a refcount is taken early enough - USB: serial: option: add D-Link DWM-222 device ID - USB: serial: option: Add support for ZTE MF871A - USB: serial: option: add the BroadMobi BM818 card - USB: serial: option: Add Motorola modem UARTs - Backport minimal compiler_attributes.h to support GCC 9 - include/linux/module.h: copy __init/__exit attrs to init/cleanup_module - arm64: compat: Allow single-byte watchpoints on all addresses - Input: psmouse - fix build error of multiple definition - asm-generic: default BUG_ON(x) to if(x)BUG() - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure - RDMA: Directly cast the sockaddr union to sockaddr - IB/mlx5: Make coding style more consistent - x86/vdso: Remove direct HPET access through the vDSO - iommu/amd: Move iommu_init_pci() to .init section - x86/boot: Disable the address-of-packed-member compiler warning - net/packet: fix race in tpacket_snd() - xen/netback: Reset nr_frags before freeing skb - net/mlx5e: Only support tx/rx pause setting for port owner - sctp: fix the transport error_count check - bonding: Add vlan tx offload to hw_enc_features - Linux 4.4.190 -- Khalid Elmously Tue, 01 Oct 2019 22:20:33 -0400 linux-kvm (4.4.0-1059.66) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1059.66 -proposed tracker (LP: #1844407) [ Ubuntu: 4.4.0-165.193 ] * xenial/linux: 4.4.0-165.193 -proposed tracker (LP: #1844416) * Xenial update: 4.4.187 upstream stable release (LP: #1840081) - MIPS: ath79: fix ar933x uart parity mode - MIPS: fix build on non-linux hosts - dmaengine: imx-sdma: fix use-after-free on probe error path - ath10k: Do not send probe response template for mesh - ath9k: Check for errors when reading SREV register - ath6kl: add some bounds checking - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection - batman-adv: fix for leaked TVLV handler. - media: dvb: usb: fix use after free in dvb_usb_device_exit - crypto: talitos - fix skcipher failure due to wrong output IV - media: marvell-ccic: fix DMA s/g desc number calculation - media: vpss: fix a potential NULL pointer dereference - net: stmmac: dwmac1000: Clear unused address entries - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig - af_key: fix leaks in key_pol_get_resp and dump_sp. - xfrm: Fix xfrm sel prefix length validation - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails. - net: phy: Check against net_device being NULL - tua6100: Avoid build warnings. - locking/lockdep: Fix merging of hlocks with non-zero references - media: wl128x: Fix some error handling in fm_v4l2_init_video_device() - cpupower : frequency-set -r option misses the last cpu in related cpu list - net: fec: Do not use netdev messages too early - net: axienet: Fix race condition causing TX hang - s390/qdio: handle PENDING state for QEBSM devices - perf test 6: Fix missing kvm module load for s390 - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 - gpio: omap: ensure irq is enabled before wakeup - regmap: fix bulk writes on paged registers - bpf: silence warning messages in core - rcu: Force inlining of rcu_read_lock() - xfrm: fix sa selector validation - perf evsel: Make perf_evsel__name() accept a NULL argument - vhost_net: disable zerocopy by default - EDAC/sysfs: Fix memory leak when creating a csrow object - media: i2c: fix warning same module names - ntp: Limit TAI-UTC offset - timer_list: Guard procfs specific code - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 - media: coda: fix mpeg2 sequence number handling - media: coda: increment sequence offset for the last returned frame - mt7601u: do not schedule rx_tasklet when the device has been disconnected - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c - mt7601u: fix possible memory leak when the device is disconnected - ath10k: fix PCIE device wake up failed - rslib: Fix decoding of shortened codes - rslib: Fix handling of of caller provided syndrome - ixgbe: Check DDM existence in transceiver before access - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() - Bluetooth: hci_bcsp: Fix memory leak in rx_skb - Bluetooth: 6lowpan: search for destination address in all peers - Bluetooth: Check state in l2cap_disconnect_rsp - Bluetooth: validate BLE connection interval updates - crypto: ghash - fix unaligned memory access in ghash_setkey() - crypto: arm64/sha1-ce - correct digest for empty data in finup - crypto: arm64/sha2-ce - correct digest for empty data in finup - Input: gtco - bounds check collection indent level - regulator: s2mps11: Fix buck7 and buck8 wrong voltages - tracing/snapshot: Resize spare buffer if size changed - NFSv4: Handle the special Linux file open access mode - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE - ALSA: seq: Break too long mutex context in the write loop - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() - media: coda: Remove unbalanced and unneeded mutex unlock - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed - drm/nouveau/i2c: Enable i2c pads & busses during preinit - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs - 9p/virtio: Add cleanup path in p9_virtio_init - PCI: Do not poll for PME if the device is in D3cold - take floppy compat ioctls to sodding floppy.c - floppy: fix out-of-bounds read in next_valid_format - floppy: fix invalid pointer dereference in drive_name - coda: pass the host file in vma->vm_file on mmap - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1 - powerpc/32s: fix suspend/resume when IBATs 4-7 are used - powerpc/watchpoint: Restore NV GPRs while returning from exception - eCryptfs: fix a couple type promotion bugs - intel_th: msu: Fix single mode with disabled IOMMU - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug - usb: Handle USB3 remote wakeup for LPM enabled devices correctly - dm bufio: fix deadlock with loop device - bnx2x: Prevent load reordering in tx completion processing - caif-hsi: fix possible deadlock in cfhsi_exit_module() - ipv4: don't set IPv6 only flags to IPv4 addresses - net: bcmgenet: use promisc for unsupported filters - net: neigh: fix multiple neigh timer scheduling - nfc: fix potential illegal memory access - sky2: Disable MSI on ASUS P6T - netrom: fix a memory leak in nr_rx_frame() - netrom: hold sock when setting skb->destructor - tcp: Reset bytes_acked and bytes_received when disconnecting - bonding: validate ip header before check IPPROTO_IGMP - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query - net: bridge: stp: don't cache eth dest pointer before skb pull - elevator: fix truncation of icq_cache_name - NFSv4: Fix open create exclusive when the server reboots - nfsd: increase DRC cache limit - nfsd: give out fewer session slots as limit approaches - nfsd: fix performance-limiting session calculation - nfsd: Fix overflow causing non-working mounts on 1 TB machines - drm/panel: simple: Fix panel_simple_dsi_probe - usb: core: hub: Disable hub-initiated U1/U2 - tty: max310x: Fix invalid baudrate divisors calculator - pinctrl: rockchip: fix leaked of_node references - tty: serial: cpm_uart - fix init when SMC is relocated - memstick: Fix error cleanup path of memstick_init - tty/serial: digicolor: Fix digicolor-usart already registered warning - tty: serial: msm_serial: avoid system lockup condition - drm/virtio: Add memory barriers for capset cache. - phy: renesas: rcar-gen2: Fix memory leak at error paths - usb: gadget: Zero ffs_io_data - powerpc/pci/of: Fix OF flags parsing for 64bit BARs - PCI: sysfs: Ignore lockdep for remove attribute - iio: iio-utils: Fix possible incorrect mask calculation - recordmcount: Fix spurious mcount entries on powerpc - mfd: core: Set fwnode for created devices - mfd: arizona: Fix undefined behavior - um: Silence lockdep complaint about mmap_sem - powerpc/4xx/uic: clear pending interrupt after irq type/pol change - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races - kallsyms: exclude kasan local symbols on s390 - perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning - f2fs: avoid out-of-range memory access - mailbox: handle failed named mailbox channel request - powerpc/eeh: Handle hugepages in ioremap space - sh: prevent warnings when using iounmap - mm/kmemleak.c: fix check for softirq context - 9p: pass the correct prototype to read_cache_page - mm/mmu_notifier: use hlist_add_head_rcu() - locking/lockdep: Fix lock used or unused stats error - locking/lockdep: Hide unused 'class' variable - usb: wusbcore: fix unbalanced get/put cluster_id - usb: pci-quirks: Correct AMD PLL quirk detection - x86/sysfb_efi: Add quirks for some devices with swapped width and height - x86/speculation/mds: Apply more accurate check on hypervisor platform - hpet: Fix division by zero in hpet_time_div() - ALSA: hda - Add a conexant codec entry to let mute led work - access: avoid the RCU grace period for the temporary subjective credentials - vmstat: Remove BUG_ON from vmstat_update - mm, vmstat: make quiet_vmstat lighter - ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt - tcp: reset sk_send_head in tcp_write_queue_purge - ISDN: hfcsusb: checking idx of ep configuration - media: cpia2_usb: first wake up, then free in disconnect - media: radio-raremono: change devm_k*alloc to k*alloc - Bluetooth: hci_uart: check for missing tty operations - sched/fair: Don't free p->numa_faults with concurrent readers - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl - ceph: hold i_ceph_lock when removing caps for freeing inode - Linux 4.4.187 - perf tests: Add valid callback for parse-events test - SAUCE: Fix perf test 6: Fix missing kvm module load for s390 * CVE-2018-20976 - xfs: clear sb->s_fs_info on mount failure * Xenial update: 4.4.189 upstream stable release (LP: #1840335) - arm64: cpufeature: Fix CTR_EL0 field definitions - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} - netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter - HID: Add quirk for HP X1200 PIXART OEM mouse - tcp: be more careful in tcp_fragment() - atm: iphase: Fix Spectre v1 vulnerability - net: bridge: delete local fdb on device init failure - net: fix ifindex collision during namespace removal - tipc: compat: allow tipc commands without arguments - net: sched: Fix a possible null-pointer dereference in dequeue_func() - net/mlx5: Use reversed order when unregister devices - bnx2x: Disable multi-cos feature. - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling - spi: bcm2835: Fix 3-wire mode if DMA is enabled - x86: cpufeatures: Sort feature word 7 - x86/entry/64: Fix context tracking state warning when load_gs_index fails - Linux 4.4.189 * CVE-2019-0136 - mac80211: handle deauthentication/disassociation from TDLS peer * skb_warn_bad_offload kernel splat due to CHECKSUM target not compatible with GSO skbs (LP: #1840619) - netfilter: xt_checksum: ignore gso skbs * CVE-2018-20961 - usb: gadget: f_midi: fail if set_alt fails to allocate requests - USB: gadget: f_midi: fixing a possible double-free in f_midi * CVE-2019-11487 - pipe: add pipe_buf_get() helper - mm: add 'try_get_page()' helper function - fs: prevent page refcount overflow in pipe_buf_get - mm: make page ref count overflow check tighter and more explicit - mm, gup: ensure real head page is ref-counted when using hugepages - mm: prevent get_user_pages() from overflowing page refcount * Xenial update: 4.4.188 upstream stable release (LP: #1840289) - ARM: riscpc: fix DMA - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend - kernel/module.c: Only return -EEXIST for modules that have finished loading - MIPS: lantiq: Fix bitfield masking - dmaengine: rcar-dmac: Reject zero-length slave DMA requests - fs/adfs: super: fix use-after-free bug - btrfs: fix minimum number of chunk errors for DUP - ceph: fix improper use of smp_mb__before_atomic() - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized - ACPI: fix false-positive -Wuninitialized warning - be2net: Signal that the device cannot transmit during reconfiguration - x86/apic: Silence -Wtype-limits compiler warnings - x86: math-emu: Hide clang warnings for 16-bit overflow - mm/cma.c: fail if fixed declaration can't be honored - coda: add error handling for fget - coda: fix build using bare-metal toolchain - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers - ipc/mqueue.c: only perform resource calculation if user valid - x86/kvm: Don't call kvm_spurious_fault() from .fixup - selinux: fix memory leak in policydb_init() - s390/dasd: fix endless loop after read unit address configuration - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() - Linux 4.4.188 * Line 6 POD HD500 driver fault (LP: #1790595) // Xenial update: 4.4.187 upstream stable release (LP: #1840081) - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 * CVE-2016-10905 - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree -- Khalid Elmously Wed, 18 Sep 2019 10:59:30 -0400 linux-kvm (4.4.0-1058.65) xenial; urgency=medium [ Ubuntu: 4.4.0-164.192 ] * CVE-2019-14835 - SAUCE: vhost: make sure log_num < in_num -- Kleber Sacilotto de Souza Mon, 16 Sep 2019 13:44:21 +0200 linux-kvm (4.4.0-1056.63) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1056.63 -proposed tracker (LP: #1841534) [ Ubuntu: 4.4.0-161.189 ] * xenial/linux: 4.4.0-161.189 -proposed tracker (LP: #1841544) * flock not mediated by 'k' (LP: 1658219) - Revert "UBUNTU: SAUCE: apparmor: flock mediation is not being, enforced on cache check" * Packaging resync (LP: #1786013) - [Packaging] resync getabis -- Kleber Sacilotto de Souza Tue, 27 Aug 2019 14:11:44 +0200 linux-kvm (4.4.0-1055.62) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1055.62 -proposed tracker (LP: #1840012) * CVE-2019-10638 - [Config] kvm: CONFIG_TEST_HASH=n [ Ubuntu: 4.4.0-160.188 ] * xenial/linux: 4.4.0-160.188 -proposed tracker (LP: #1840021) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * EeePC 1005px laptop backlight is off after system boot up (LP: #1837117) - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi * CVE-2019-10638 - [Config] CONFIG_TEST_HASH=n - siphash: add cryptographically secure PRF - inet: switch IP ID generator to siphash * Stacked onexec transitions fail when under NO NEW PRIVS restrictions (LP: #1839037) - SAUCE: apparmor: fix nnp subset check failure, when stacking * AppArmor onexec transition causes WARN kernel stack trace (LP: #1838627) - SAUCE: apparmor: fix audit failures when performing profile transitions * flock not mediated by 'k' (LP: #1658219) // Ubuntu 16.04: read access incorrectly implies 'm' rule (LP: #1838090) - SAUCE: apparmor: flock mediation is not being, enforced on cache check * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight timeout for bcache removal causes spurious failures (LP: #1796292) - SAUCE: bcache: fix deadlock in bcache_allocator * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) - bcache: improve bcache_reboot() - bcache: add journal statistic - bcache: fix high CPU occupancy during journal - bcache: fix incorrect sysfs output value of strip size - bcache: fix error return value in memory shrink - bcache: fix using of loop variable in memory shrink - bcache: Fix indentation - bcache: Add __printf annotation to __bch_check_keys() - bcache: Annotate switch fall-through - bcache: Fix kernel-doc warnings - bcache: Remove an unused variable - bcache: Suppress more warnings about set-but-not-used variables - bcache: Reduce the number of sparse complaints about lock imbalances - bcache: Move couple of functions to sysfs.c * CVE-2019-3900 - vhost: introduce vhost_vq_avail_empty() - vhost_net: tx batching - vhost_net: do not stall on zerocopy depletion - vhost-net: set packet weight of tx polling to 2 * vq size - vhost_net: use packet weight for rx handler, too - vhost_net: introduce vhost_exceeds_weight() - vhost: introduce vhost_exceeds_weight() - vhost_net: fix possible infinite loop - vhost: scsi: add weight support * Xenial: ZFS deadlock in shrinker path with xattrs (LP: #1839521) - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu28 * CVE-2019-13648 - powerpc/tm: Fix oops on sigreturn on systems without TM * CVE-2018-20856 - block: blk_init_allocated_queue() set q->fq as NULL in the fail case * CVE-2019-14283 - floppy: fix out-of-bounds read in copy_buffer * CVE-2019-14284 - floppy: fix div-by-zero in setup_format_params * Xenial update: 4.4.186 upstream stable release (LP: #1838467) - Input: elantech - enable middle button support on 2 ThinkPads - samples, bpf: fix to change the buffer size for read() - mac80211: mesh: fix RCU warning - dt-bindings: can: mcp251x: add mcp25625 support - can: mcp251x: add support for mcp25625 - Input: imx_keypad - make sure keyboard can always wake up system - ARM: davinci: da850-evm: call regulator_has_full_constraints() - ARM: davinci: da8xx: specify dma_coherent_mask for lcdc - md: fix for divide error in status_resync - bnx2x: Check if transceiver implements DDM before access - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length - x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() - x86/tls: Fix possible spectre-v1 in do_get_thread_area() - mwifiex: Abort at too short BSS descriptor element - fscrypt: don't set policy for a dead directory - mwifiex: Don't abort on small, spec-compliant vendor IEs - USB: serial: ftdi_sio: add ID for isodebug v1 - USB: serial: option: add support for GosunCn ME3630 RNDIS mode - usb: gadget: ether: Fix race between gether_disconnect and rx_submit - usb: renesas_usbhs: add a workaround for a race condition of workqueue - staging: comedi: dt282x: fix a null pointer deref on interrupt - staging: comedi: amplc_pci230: fix null pointer deref on interrupt - carl9170: fix misuse of device driver API - VMCI: Fix integer overflow in VMCI handle arrays - MIPS: Remove superfluous check for __linux__ - e1000e: start network tx queue only when link is up - perf/core: Fix perf_sample_regs_user() mm check - ARM: omap2: remove incorrect __init annotation - be2net: fix link failure after ethtool offline test - ppp: mppe: Add softdep to arc4 - sis900: fix TX completion - dm verity: use message limit for data block corruption message - kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR - ARC: hide unused function unw_hdr_alloc - s390: fix stfle zero padding - s390/qdio: (re-)initialize tiqdio list entries - s390/qdio: don't touch the dsci in tiqdio_add_input_queues() - KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock - Linux 4.4.186 -- Stefan Bader Wed, 14 Aug 2019 17:57:10 +0200 linux-kvm (4.4.0-1054.61) xenial; urgency=medium [ Ubuntu: 4.4.0-159.187 ] * CVE-2019-1125 - x86/cpufeatures: Carve out CQM features retrieval - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations - x86/speculation: Enable Spectre v1 swapgs mitigations - x86/entry/64: Use JMP instead of JMPQ - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS -- Kleber Sacilotto de Souza Fri, 02 Aug 2019 11:10:03 +0200 linux-kvm (4.4.0-1053.60) xenial; urgency=medium * xenial/linux-kvm: 4.4.0-1053.60 -proposed tracker (LP: #1837591) * CVE-2018-5383 - kvm: [Config]: CRYPTO_ECDH=m * linux-kvm: please support kexec (LP: #1799791) - [Config]: enable KEXEC and KEXEC_FILE [ Ubuntu: 4.4.0-158.186 ] * xenial/linux: 4.4.0-158.186 -proposed tracker (LP: #1837609) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log - [Packaging] update helper scripts * ixgbe{vf} - Physical Function gets IRQ when VF checks link state (LP: #1836760) - ixgbevf: Use cached link state instead of re-reading the value for ethtool * CVE-2018-5383 - crypto: kpp - Key-agreement Protocol Primitives API (KPP) - crypto: dh - Add DH software implementation - crypto: ecdh - Add ECDH software support - crypto: ecdh - make ecdh_shared_secret unique - crypto: doc - add KPP documentation - crypto: kpp, (ec)dh - fix typos - crypto: ecc - remove unused function arguments - crypto: ecc - remove unnecessary casts - crypto: ecc - rename ecdh_make_pub_key() - crypto: ecdh - add privkey generation support - crypto: ecc - Fix NULL pointer deref. on no default_rng - [Config] CRYPTO_ECDH=m - Bluetooth: convert smp and selftest to crypto kpp API - crypto: ecdh - add public key verification test * Xenial update: 4.4.185 upstream stable release (LP: #1836668) - fs/binfmt_flat.c: make load_flat_shared_library() work - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() - tracing: Silence GCC 9 array bounds warning - gcc-9: silence 'address-of-packed-member' warning - usb: chipidea: udc: workaround for endpoint conflict issue - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD - apparmor: enforce nullbyte at end of tag string - parport: Fix mem leak in parport_register_dev_model - parisc: Fix compiler warnings in float emulation code - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown - MIPS: uprobes: remove set but not used variable 'epc' - net: hns: Fix loopback test failed at copper ports - sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture - scsi: ufs: Check that space was properly alloced in copy_query_response - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages - Btrfs: fix race between readahead and device replace/removal - btrfs: start readahead also in seed devices - can: flexcan: fix timeout when set small bitrate - can: purge socket error queue on sock destruct - ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections - Bluetooth: Fix regression with minimum encryption key size alignment - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write - cfg80211: fix memory leak of wiphy device name - mac80211: drop robust management frames from unknown TA - perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul - perf help: Remove needless use of strncpy() - 9p/rdma: do not disconnect on down_interruptible EAGAIN - 9p: acl: fix uninitialized iattr access - 9p/rdma: remove useless check in cm_event_handler - 9p: p9dirent_read: check network-provided name length - net/9p: include trans_common.h to fix missing prototype warning. - ovl: modify ovl_permission() to do checks on two inodes - x86/speculation: Allow guests to use SSBD even if host does not - cpu/speculation: Warn on unsupported mitigations= parameter - sctp: change to hold sk after auth shkey is created successfully - tipc: change to use register_pernet_device - tipc: check msg->req data len in tipc_nl_compat_bearer_disable - team: Always enable vlan tx offload - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop - bonding: Always enable vlan tx offload - net: check before dereferencing netdev_ops during busy poll - Bluetooth: Fix faulty expression for minimum encryption key size check - um: Compile with modern headers - ASoC : cs4265 : readable register too low - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master - ASoC: max98090: remove 24-bit format support if RJ is 0 - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC - scsi: hpsa: correct ioaccel2 chaining - ARC: Assume multiplier is always present - ARC: fix build warning in elf.h - MIPS: math-emu: do not use bools for arithmetic - mfd: omap-usb-tll: Fix register offsets - swiotlb: Make linux/swiotlb.h standalone includible - bug.h: work around GCC PR82365 in BUG() - MIPS: Workaround GCC __builtin_unreachable reordering bug - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME - crypto: user - prevent operating on larval algorithms - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages - ALSA: usb-audio: fix sign unintended sign extension on left shifts - lib/mpi: Fix karactx leak in mpi_powm - btrfs: Ensure replaced device doesn't have pending chunk allocation - tty: rocket: fix incorrect forward declaration of 'rp_init()' - ARC: handle gcc generated __builtin_trap for older compiler - arm64, vdso: Define vdso_{start,end} as array - KVM: x86: degrade WARN to pr_warn_ratelimited - dmaengine: imx-sdma: remove BD_INTR for channel0 - Linux 4.4.185 * Xenial update: 4.4.184 upstream stable release (LP: #1836667) - Linux 4.4.184 * Xenial update: 4.4.183 upstream stable release (LP: #1836666) - fs/fat/file.c: issue flush after the writeback of FAT - sysctl: return -EINVAL if val violates minmax - ipc: prevent lockup on alloc_msg and free_msg - hugetlbfs: on restore reserve error path retain subpool reservation - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails - mm/cma_debug.c: fix the break condition in cma_maxchunk_get() - kernel/sys.c: prctl: fix false positive in validate_prctl_map() - mfd: intel-lpss: Set the device in reset state when init - mfd: twl6040: Fix device init errors for ACCCTL register - perf/x86/intel: Allow PEBS multi-entry in watermark mode - drm/bridge: adv7511: Fix low refresh rate selection - ntp: Allow TAI-UTC offset to be set to zero - f2fs: fix to avoid panic in do_recover_data() - f2fs: fix to do sanity check on valid block count of segment - iommu/vt-d: Set intel_iommu_gfx_mapped correctly - ALSA: hda - Register irq handler after the chip initialization - nvmem: core: fix read buffer in place - fuse: retrieve: cap requested size to negotiated max_write - nfsd: allow fh_want_write to be called twice - x86/PCI: Fix PCI IRQ routing table memory leak - platform/chrome: cros_ec_proto: check for NULL transfer function - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA - PCI: rpadlpar: Fix leaked device_node references in add/remove paths - PCI: rcar: Fix a potential NULL pointer dereference - video: hgafb: fix potential NULL pointer dereference - video: imsttfb: fix potential NULL pointer dereferences - PCI: xilinx: Check for __get_free_pages() failure - gpio: gpio-omap: add check for off wake capable gpios - dmaengine: idma64: Use actual device for DMA transfers - pwm: tiehrpwm: Update shadow register for disabling PWMs - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa - pwm: Fix deadlock warning when removing PWM device - ARM: exynos: Fix undefined instruction during Exynos5422 resume - futex: Fix futex lock the wrong page - ALSA: seq: Cover unsubscribe_port() in list_mutex - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO - ptrace: restore smp_rmb() in __ptrace_may_access() - i2c: acorn: fix i2c warning - bcache: fix stack corruption by PRECEDING_KEY() - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() - ASoC: cs42xx8: Add regcache mask dirty - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var - scsi: lpfc: add check for loss of ndlp when sending RRQ - scsi: bnx2fc: fix incorrect cast to u64 on shift operation - usbnet: ipheth: fix racing condition - KVM: x86/pmu: do not mask the value that is written to fixed PMUs - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. - USB: usb-storage: Add new ID to ums-realtek - USB: serial: pl2303: add Allied Telesis VT-Kit3 - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode - USB: serial: option: add Telit 0x1260 and 0x1261 compositions - ax25: fix inconsistent lock state in ax25_destroy_timer - be2net: Fix number of Rx queues used for flow hashing - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero - lapb: fixed leak of control-blocks. - neigh: fix use-after-free read in pneigh_get_next - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg - mISDN: make sure device name is NUL terminated - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor - perf/ring_buffer: Fix exposing a temporarily decreased data_head - perf/ring_buffer: Add ordering to rb->nest increment - gpio: fix gpio-adp5588 build errors - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr - configfs: Fix use-after-free when accessing sd->s_dentry - ia64: fix build errors by exporting paddr_to_nid() - KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list - net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() - scsi: libsas: delete sas port if expander discover failed - Revert "crypto: crypto4xx - properly set IV after de- and encrypt" - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping - Abort file_remove_privs() for non-reg. files - Linux 4.4.183 * CVE-2019-12614 - powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() * bnx2x driver causes 100% CPU load (LP: #1832082) - bnx2x: Prevent ptp_task to be rescheduled indefinitely * Xenial update: 4.4.182 upstream stable release (LP: #1836665) - Linux 4.4.182 * Xenial kernel 4.4.0-155.182 fails to build perf with libnuma (LP: #1836585) - Revert "UBUNTU: SAUCE: perf/bench: Drop definition of BIT in numa.c" * CVE-2019-10126 - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() * CVE-2019-3846 - mwifiex: Fix possible buffer overflows at parsing bss descriptor [ Ubuntu: 4.4.0-157.185 ] * linux: 4.4.0-157.185 -proposed tracker (LP: #1837476) * systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage) (LP: #1837235) - Revert "block/bio: Do not zero user pages" - Revert "block: Clear kernel memory before copying to user" - Revert "bio_copy_from_iter(): get rid of copying iov_iter" [ Ubuntu: 4.4.0-156.183 ] * linux: 4.4.0-156.183 -proposed tracker (LP: #1836880) * BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801) - brcmfmac: add eth_type_trans back for PCIe full dongle -- Connor Kuehl Mon, 29 Jul 2019 14:47:36 -0700 linux-kvm (4.4.0-1052.59) xenial; urgency=medium * linux-kvm: 4.4.0-1052.59 -proposed tracker (LP: #1834909) * Xenial update: 4.4.180 upstream stable release (LP: #1830176) - [Config]: enable CONFIG_SCHED_SMT * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels (LP: #1812159) - [Config]: enable SCHED_STACK_END_CHECK [ Ubuntu: 4.4.0-155.182 ] * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918) * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232) - geneve: correctly handle ipv6.disable module parameter * Kernel modules generated incorrectly when system is localized to a non- English language (LP: #1828084) - scripts: override locale from environment when running recordmcount.pl * Handle overflow in proc_get_long of sysctl (LP: #1833935) - sysctl: handle overflow in proc_get_long * Xenial update: 4.4.181 upstream stable release (LP: #1832661) - x86/speculation/mds: Revert CPU buffer clear on double fault exit - x86/speculation/mds: Improve CPU buffer clear documentation - ARM: exynos: Fix a leaked reference by adding missing of_node_put - crypto: vmx - fix copy-paste error in CTR mode - crypto: crct10dif-generic - fix use via crypto_shash_digest() - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() - ALSA: usb-audio: Fix a memory leak bug - ALSA: hda/hdmi - Consider eld_valid when reporting jack event - ALSA: hda/realtek - EAPD turn on later - ASoC: max98090: Fix restore of DAPM Muxes - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers - mm/mincore.c: make mincore() more conservative - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler - ext4: actually request zeroing of inode table after grow - ext4: fix ext4_show_options for file systems w/o journal - Btrfs: do not start a transaction at iterate_extent_inodes() - bcache: fix a race between cache register and cacheset unregister - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() - ipmi:ssif: compare block number correctly for multi-part return messages - crypto: gcm - Fix error return code in crypto_gcm_create_common() - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" - crypto: chacha20poly1305 - set cra_name correctly - crypto: salsa20 - don't access already-freed walk.iv - crypto: arm/aes-neonbs - don't access already-freed walk.iv - writeback: synchronize sync(2) against cgroup writeback membership switches - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes - net: avoid weird emergency message - net/mlx4_core: Change the error print to info print - ppp: deflate: Fix possible crash in deflate_init - tipc: switch order of device registration to fix a crash - tipc: fix modprobe tipc failed after switch order of device registration - stm class: Fix channel free in stm output free path - md: add mddev->pers to avoid potential NULL pointer dereference - intel_th: msu: Fix single mode with IOMMU - of: fix clang -Wunsequenced for be32_to_cpu() - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() - media: ov6650: Fix sensor possibly not detected on probe - NFS4: Fix v4.0 client state corruption when mount - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider - fuse: fix writepages on 32bit - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 - ceph: flush dirty inodes before proceeding with remount - tracing: Fix partial reading of trace event's id file - memory: tegra: Fix integer overflow on tick value calculation - perf intel-pt: Fix instructions sampling rate - perf intel-pt: Fix improved sample timestamp - perf intel-pt: Fix sample timestamp wrt non-taken branches - fbdev: sm712fb: fix brightness control on reboot, don't set SR30 - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM - fbdev: sm712fb: fix support for 1024x768-16 mode - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting - PCI: Mark Atheros AR9462 to avoid bus reset - dm delay: fix a crash when invalid device is specified - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module - vti4: ipip tunnel deregistration fixes. - xfrm4: Fix uninitialized memory read in _decode_session4 - KVM: arm/arm64: Ensure vcpu target is unset on reset failure - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour - perf bench numa: Add define for RUSAGE_THREAD if not present - Revert "Don't jump to compute_result state from check_result state" - md/raid: raid5 preserve the writeback action after the parity check - btrfs: Honour FITRIM range constraints during free space trim - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough - ext4: do not delete unlinked inode from orphan list on failed truncate - KVM: x86: fix return value for reserved EFER - bio: fix improper use of smp_mb__before_atomic() - Revert "scsi: sd: Keep disk read-only when re-reading partition" - crypto: vmx - CTR: always increment IV as quadword - gfs2: Fix sign extension bug in gfs2_update_stats - Btrfs: fix race between ranged fsync and writeback of adjacent ranges - btrfs: sysfs: don't leak memory when failing add fsid - fbdev: fix divide error in fb_var_to_videomode - hugetlb: use same fault hash key for shared and private mappings - fbdev: fix WARNING in __alloc_pages_nodemask bug - media: cpia2: Fix use-after-free in cpia2_exit - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit - at76c50x-usb: Don't register led_trigger if usb_register_driver failed - perf tools: No need to include bitops.h in util.h - gfs2: Fix lru_count going negative - cxgb4: Fix error path in cxgb4_init_module - mmc: core: Verify SD bus width - powerpc/boot: Fix missing check of lseek() return value - ASoC: imx: fix fiq dependencies - spi: pxa2xx: fix SCR (divisor) calculation - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() - rtc: 88pm860x: prevent use-after-free on device remove - w1: fix the resume command API - dmaengine: pl330: _stop: clear interrupt status - mac80211/cfg80211: update bss channel on channel switch - ASoC: fsl_sai: Update is_slave_mode with correct value - mwifiex: prevent an array overflow - net: cw1200: fix a NULL pointer dereference - bcache: return error immediately in bch_journal_replay() - bcache: fix failure in journal relplay - bcache: add failure check to run_cache_set() for journal replay - bcache: avoid clang -Wunintialized warning - x86/build: Move _etext to actual end of .text - smpboot: Place the __percpu annotation correctly - x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version - pinctrl: pistachio: fix leaked of_node references - dmaengine: at_xdmac: remove BUG_ON macro in tasklet - media: coda: clear error return value before picture run - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper - media: au0828: stop video streaming only when last user stops - media: ov2659: make S_FMT succeed even if requested format doesn't match - audit: fix a memory leak bug - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() - media: pvrusb2: Prevent a buffer overflow - powerpc/numa: improve control of topology updates - sched/core: Check quota and period overflow at usec to nsec conversion - sched/core: Handle overflow in cpu_shares_write_u64 - USB: core: Don't unbind interfaces following device reset failure - x86/irq/64: Limit IST stack overflow check to #DB stack - i40e: don't allow changes to HW VLAN stripping on active port VLANs - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses - scsi: libsas: Do discovery on empty PHY to update PHY info - mmc_spi: add a status check for spi_sync_locked - mmc: sdhci-of-esdhc: add erratum eSDHC5 support - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support - PM / core: Propagate dev->power.wakeup_path when no callbacks - extcon: arizona: Disable mic detect if running when driver is removed - s390: cio: fix cio_irb declaration - cpufreq: ppc_cbe: fix possible object reference leak - cpufreq/pasemi: fix possible object reference leak - cpufreq: pmac32: fix possible object reference leak - x86/build: Keep local relocations with ld.lld - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion - iio: hmc5843: fix potential NULL pointer dereferences - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data - rtlwifi: fix a potential NULL pointer dereference - brcmfmac: fix missing checks for kmemdup - b43: shut up clang -Wuninitialized variable warning - brcmfmac: convert dev_init_lock mutex to completion - brcmfmac: fix race during disconnect when USB completion is in progress - scsi: ufs: Fix regulator load and icc-level configuration - scsi: ufs: Avoid configuring regulator with undefined voltage range - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put - x86/ia32: Fix ia32_restore_sigcontext() AC leak - chardev: add additional check for minor range overlap - HID: core: move Usage Page concatenation to Main item - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put - cxgb3/l2t: Fix undefined behaviour - spi: tegra114: reset controller on probe - media: wl128x: prevent two potential buffer overflows - virtio_console: initialize vtermno value for ports - tty: ipwireless: fix missing checks for ioremap - rcutorture: Fix cleanup path for invalid torture_type strings - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown - scsi: qla4xxx: avoid freeing unallocated dma memory - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend - media: go7007: avoid clang frame overflow warning with KASAN - media: saa7146: avoid high stack usage with clang - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices - spi : spi-topcliff-pch: Fix to handle empty DMA buffers - spi: rspi: Fix sequencer reset during initialization - spi: Fix zero length xfer bug - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address - llc: fix skb leak in llc_build_and_send_ui_pkt() - net-gro: fix use-after-free read in napi_gro_frags() - net: stmmac: fix reset gpio free missing - usbnet: fix kernel crash after disconnect - tipc: Avoid copying bytes beyond the supplied data - bnxt_en: Fix aggregation buffer leak under OOM condition. - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value - crypto: vmx - ghash: do nosimd fallback manually - xen/pciback: Don't disable PCI_COMMAND on PCI device reset. - Revert "tipc: fix modprobe tipc failed after switch order of device registration" - tipc: fix modprobe tipc failed after switch order of device registration -v2 - sparc64: Fix regression in non-hypervisor TLB flush xcall - include/linux/bitops.h: sanitize rotate primitives - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() - usb: xhci: avoid null pointer deref when bos field is NULL - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor - USB: sisusbvga: fix oops in error path of sisusb_probe - USB: Add LPM quirk for Surface Dock GigE adapter - USB: rio500: refuse more than one device at a time - USB: rio500: fix memory leak in close after disconnect - media: usb: siano: Fix general protection fault in smsusb - media: usb: siano: Fix false-positive "uninitialized variable" warning - media: smsusb: better handle optional alignment - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) - Btrfs: fix race updating log root item during fsync - ALSA: hda/realtek - Set default power save node to 0 - drm/nouveau/i2c: Disable i2c bus access after ->fini() - tty: serial: msm_serial: Fix XON/XOFF - tty: max310x: Fix external crystal register setup - memcg: make it work on sparse non-0-node systems - kernel/signal.c: trace_signal_deliver when signal_group_exit - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM - binder: Replace "%p" with "%pK" for stable - binder: replace "%p" with "%pK" - brcmfmac: Add length checks on firmware events - brcmfmac: screening firmware event packet - brcmfmac: revise handling events in receive path - brcmfmac: fix incorrect event channel deduction - brcmfmac: add length checks in scheduled scan result handler - brcmfmac: add subtype check for event handling in data path - userfaultfd: don't pin the user memory in userfaultfd_file_create() - Revert "x86/build: Move _etext to actual end of .text" - net: cdc_ncm: GetNtbFormat endian fix - usb: gadget: fix request length error for isoc transfer - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment - ethtool: fix potential userspace buffer overflow - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query - net: rds: fix memory leak in rds_ib_flush_mr_pool - pktgen: do not sleep with the thread lock held. - rcu: locking and unlocking need to always be at least barriers - parisc: Use implicit space register selection for loading the coherence index of I/O pdirs - fuse: fallocate: fix return with locked inode - MIPS: pistachio: Build uImage.gz by default - genwqe: Prevent an integer overflow in the ioctl - drm/gma500/cdv: Check vbt config bits when detecting lvds panels - fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock - fuse: Add FOPEN_STREAM to use stream_open() - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled - ethtool: check the return value of get_regs_len - Linux 4.4.181 * CVE-2019-2054 - arm/ptrace: run seccomp after ptrace * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - x86/speculation: Remove redundant arch_smt_update() invocation * Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan (LP: #1834315) - Revert "x86/vdso: Pass --eh-frame-hdr to the linker" - Revert "x86: vdso: Use $LD instead of $CC to link" * [linux-azure] Block Layer Commits Requested in Azure Kernels (LP: #1834499) - bio_copy_from_iter(): get rid of copying iov_iter - block: Clear kernel memory before copying to user - block/bio: Do not zero user pages * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864) - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches * CVE-2019-11833 - ext4: zero out the unused memory region in the extent tree block * idle-page oopses when accessing page frames that are out of range (LP: #1833410) - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn * Performance degradation when copying from LVM snapshot backed by NVMe disk (LP: #1833319) - NVMe: Allow request merges * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698) - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" * 4.4.0-145-generic Kernel Panic ip6_expire_frag_queue (LP: #1824687) - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue() * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy" (LP: #1826416) - vmbus: fix missing signaling in hv_signal_on_read() * Xenial update: 4.4.180 upstream stable release (LP: #1830176) - kbuild: simplify ld-option implementation - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number - cifs: do not attempt cifs operation on smb2+ rename error - MIPS: scall64-o32: Fix indirect syscall number load - trace: Fix preempt_enable_no_resched() abuse - sched/numa: Fix a possible divide-by-zero - ceph: ensure d_name stability in ceph_dentry_hash() - ceph: fix ci->i_head_snapc leak - nfsd: Don't release the callback slot unless it was actually held - sunrpc: don't mark uninitialised items as VALID. - USB: Add new USB LPM helpers - USB: Consolidate LPM checks to avoid enabling LPM twice - powerpc/xmon: Add RFI flush related fields to paca dump - powerpc/64s: Improve RFI L1-D cache flush fallback - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit" - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - powerpc/64s: Add barrier_nospec - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc/64: Use barrier_nospec in syscall entry - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc: Avoid code patching freed init sections - powerpc/fsl: Add infrastructure to fixup branch predictor flush - powerpc/fsl: Add macro to flush the branch predictor - powerpc/fsl: Fix spectre_v2 mitigations reporting - powerpc/fsl: Add nospectre_v2 command line argument - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) - powerpc/fsl: Update Spectre v2 reporting - powerpc/security: Fix spectre_v2 reporting - powerpc/fsl: Fix the flush of branch predictor. - tipc: handle the err returned from cmd header function - slip: make slhc_free() silently accept an error pointer - intel_th: gth: Fix an off-by-one in output unassigning - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable - tipc: check link name with right length in tipc_nl_compat_link_set - bpf: reject wrong sized filters earlier - Revert "block/loop: Use global lock for ioctl() operation." - ipv4: add sanity checks in ipv4_link_failure() - team: fix possible recursive locking when add slaves - net: stmmac: move stmmac_check_ether_addr() to driver probe - ipv4: set the tcp_min_rtt_wlen range from 0 to one day - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used - powerpc/fsl: Flush branch predictor when entering KVM - powerpc/fsl: Emulate SPRN_BUCSR register - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg - Documentation: Add nospectre_v1 parameter - usbnet: ipheth: prevent TX queue timeouts when device not ready - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set - qlcnic: Avoid potential NULL pointer dereference - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() - usb: gadget: net2280: Fix overrun of OUT messages - usb: gadget: net2280: Fix net2280_dequeue() - usb: gadget: net2272: Fix net2272_dequeue() - ARM: dts: pfla02: increase phy reset duration - net: ks8851: Dequeue RX packets explicitly - net: ks8851: Reassert reset pin if chip ID check fails - net: ks8851: Delay requesting IRQ until opened - net: ks8851: Set initial carrier state to down - net: xilinx: fix possible object reference leak - net: ibm: fix possible object reference leak - net: ethernet: ti: fix possible object reference leak - scsi: qla4xxx: fix a potential NULL pointer dereference - usb: u132-hcd: fix resource leak - ceph: fix use-after-free on symlink traversal - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN - libata: fix using DMA buffers on stack - kconfig/[mn]conf: handle backspace (^H) key - ALSA: line6: use dynamic buffers - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation - ipv6/flowlabel: wait rcu grace period before put_pid() - ipv6: invert flowlabel sharing check in process and user mode - bnxt_en: Improve multicast address setup logic. - packet: validate msg_namelen in send directly - USB: yurex: Fix protection fault after device removal - USB: w1 ds2490: Fix bug caused by improper use of altsetting array - USB: core: Fix unterminated string returned by usb_string() - USB: core: Fix bug caused by duplicate interface PM usage counter - HID: debug: fix race condition with between rdesc_show() and device removal - rtc: sh: Fix invalid alarm warning for non-enabled alarm - bonding: show full hw address in sysfs for slave entries - jffs2: fix use-after-free on symlink traversal - debugfs: fix use-after-free on symlink traversal - rtc: da9063: set uie_unsupported when relevant - vfio/pci: use correct format characters - scsi: storvsc: Fix calculation of sub-channel count - net: hns: Use NAPI_POLL_WEIGHT for hns driver - net: hns: Fix WARNING when remove HNS driver with SMMU enabled - hugetlbfs: fix memory leak for resv_map - xsysace: Fix error handling in ace_setup - ARM: orion: don't use using 64-bit DMA masks - ARM: iop: don't use using 64-bit DMA masks - usb: usbip: fix isoc packet num validation in get_pipe - staging: iio: adt7316: allow adt751x to use internal vref for all dacs - staging: iio: adt7316: fix the dac read calculation - staging: iio: adt7316: fix the dac write calculation - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ - selinux: never allow relabeling on context mounts - x86/mce: Improve error message when kernel cannot recover, p2 - media: v4l2: i2c: ov7670: Fix PLL bypass register values - scsi: libsas: fix a race condition when smp task timeout - ASoC:soc-pcm:fix a codec fixup issue in TDM case - ASoC: cs4270: Set auto-increment bit for register writes - ASoC: tlv320aic32x4: Fix Common Pins - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() - iommu/amd: Set exclusion range correctly - genirq: Prevent use-after-free and work list corruption - usb: dwc3: Fix default lpm_nyet_threshold value - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines - Bluetooth: hidp: fix buffer overflow - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections - UAS: fix alignment of scatter/gather segments - ipv6: fix a potential deadlock in do_ipv6_setsockopt() - ASoC: Intel: avoid Oops if DMA setup fails - timer/debug: Change /proc/timer_stats from 0644 to 0600 - netfilter: compat: initialize all fields in xt_init - platform/x86: sony-laptop: Fix unintentional fall-through - iio: adc: xilinx: fix potential use-after-free on remove - HID: input: add mapping for Expose/Overview key - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys - libnvdimm/btt: Fix a kmemdup failure check - s390/dasd: Fix capacity calculation for large volumes - s390/3270: fix lockdep false positive on view->lock - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing - tools lib traceevent: Fix missing equality check for strcmp - init: initialize jump labels before command line option parsing - ipvs: do not schedule icmp errors from tunnels - s390: ctcm: fix ctcm_new_device error return code - gpu: ipu-v3: dp: fix CSC handling - cw1200: fix missing unlock on error in cw1200_hw_scan() - Don't jump to compute_result state from check_result state - x86/microcode/intel: Add a helper which gives the microcode revision - x86: stop exporting msr-index.h to userland - x86/microcode/intel: Check microcode revision before updating sibling threads - x86/MCE: Save microcode revision in machine check records - x86/bugs: Add AMD's variant of SSB_NO - x86/bugs: Add AMD's SPEC_CTRL MSR usage - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date - x86/microcode: Update the new microcode revision unconditionally - x86/mm: Use WRITE_ONCE() when setting PTEs - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - x86/speculation: Propagate information about RSB filling mitigation to sysfs - x86/speculation: Update the TIF_SSBD comment - x86/speculation: Clean up spectre_v2_parse_cmdline() - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() - x86/speculation: Disable STIBP when enhanced IBRS is in use - x86/speculation: Rename SSBD update functions - x86/speculation: Reorganize speculation control MSRs update - x86/Kconfig: Select SCHED_SMT if SMP enabled - x86/speculation: Mark string arrays const correctly - x86/speculataion: Mark command line parser data __initdata - x86/speculation: Add command line control for indirect branch speculation - x86/speculation: Prepare for per task indirect branch speculation control - x86/process: Consolidate and simplify switch_to_xtra() code - x86/speculation: Avoid __switch_to_xtra() calls - x86/speculation: Prepare for conditional IBPB in switch_mm() - x86/speculation: Split out TIF update - x86/speculation: Prepare arch_smt_update() for PRCTL mode - x86/speculation: Prevent stale SPEC_CTRL msr content - x86/speculation: Add prctl() control for indirect branch speculation - x86/speculation: Enable prctl mode for spectre_v2_user - x86/speculation: Add seccomp Spectre v2 user space protection mode - x86/speculation: Provide IBPB always command line options - x86/cpu/bugs: Use __initconst for 'const' init data - USB: serial: use variable for status - USB: serial: fix unthrottle races - bridge: Fix error path for kobject_init_and_add() - net: ucc_geth - fix Oops when changing number of buffers in the ring - packet: Fix error path in packet_init - vlan: disable SIOCSHWTSTAMP in container - vrf: sit mtu should not be updated when vrf netdev is the link - ipv4: Fix raw socket lookup for local traffic - bonding: fix arp_validate toggling in active-backup mode - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl - powerpc/booke64: set RI in default MSR - powerpc/lib: fix book3s/32 boot failure due to code patching - Linux 4.4.180 - SAUCE: Clarify IBRS/IBPB runtime state change messages - SAUCE: x86/speculation: Move STIBP hunks - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option - SAUCE: x86/speculation: Update 'mitigations=' documentation - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo - SAUCE: perf/bench: Drop definition of BIT in numa.c - SAUCE: x86/speculation: Fix SSB command line documentation * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 - SAUCE: Synchronize MDS mitigations with upstream - Documentation: Correct the possible MDS sysfs values - x86/speculation/mds: Fix documentation typo * CVE-2019-11091 - x86/mds: Add MDSUM variant to the MDS documentation -- Andrea Righi Thu, 04 Jul 2019 10:47:32 +0200 linux-kvm (4.4.0-1051.58) xenial; urgency=medium * linux-kvm: 4.4.0-1051.58 -proposed tracker (LP: #1834021) [ Ubuntu: 4.4.0-154.181 ] * linux: 4.4.0-154.181 -proposed tracker (LP: #1834030) * CVE-2019-11478 - tcp: refine memory limit test in tcp_fragment() * CVE-2019-11479 - SAUCE: tcp: add tcp_min_snd_mss sysctl - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() -- Connor Kuehl Tue, 25 Jun 2019 11:01:45 -0700 linux-kvm (4.4.0-1048.55) xenial; urgency=medium [ Ubuntu: 4.4.0-151.178 ] * Remote denial of service (system crash) caused by integer overflow in TCP SACK handling (LP: #1831637) - SAUCE: tcp: limit payload size of sacked skbs - SAUCE: tcp: fix fack_count accounting on tcp_shift_skb_data() * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard manipulation (LP: #1831638) - SAUCE: tcp: tcp_fragment() should apply sane memory limits [ Ubuntu: 4.4.0-150.176 ] * linux: 4.4.0-150.176 -proposed tracker (LP: #1830941) * glibc 2.23-0ubuntu11 ADT test failure with linux 4.4.0-149.175 (LP: #1830890) - x86/vdso: Pass --eh-frame-hdr to the linker -- Stefan Bader Tue, 11 Jun 2019 11:10:53 +0200 linux-kvm (4.4.0-1047.53) xenial; urgency=medium * linux-kvm: 4.4.0-1047.53 -proposed tracker (LP: #1829195) * Xenial update: 4.4.179 upstream stable release (LP: #1828420) - [Config]: add CONFIG_LDISC_AUTOLOAD=y - [Config]: remove CONFIG_R3964 [ Ubuntu: 4.4.0-149.175 ] * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209) * disable a.out support (LP: #1818552) - [Config] Disable a.out support * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * Xenial update: 4.4.179 upstream stable release (LP: #1828420) - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals - arm64: debug: Ensure debug handlers check triggering exception level - ext4: cleanup bh release code in ext4_ind_remove_space() - lib/int_sqrt: optimize initial value compute - tty/serial: atmel: Add is_half_duplex helper - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA - Bluetooth: Fix decrementing reference count twice in releasing socket - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped - CIFS: fix POSIX lock leak and invalid ptr deref - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- - tracing: kdb: Fix ftdump to not sleep - gpio: gpio-omap: fix level interrupt idling - sysctl: handle overflow for file-max - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK - mm/cma.c: cma_declare_contiguous: correct err handling - mm/page_ext.c: fix an imbalance with kmemleak - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! - mm/slab.c: kmemleak no scan alien caches - ocfs2: fix a panic problem caused by o2cb_ctl - f2fs: do not use mutex lock in atomic context - fs/file.c: initialize init_files.resize_wait - cifs: use correct format characters - dm thin: add sanity checks to thin-pool and external snapshot creation - cifs: Fix NULL pointer dereference of devname - fs: fix guard_bio_eod to check for real EOD errors - tools lib traceevent: Fix buffer overflow in arg_eval - usb: chipidea: Grab the (legacy) USB PHY by phandle first - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c - coresight: etm4x: Add support to enable ETMv4.2 - ARM: 8840/1: use a raw_spinlock_t in unwind - mmc: omap: fix the maximum timeout setting - e1000e: Fix -Wformat-truncation warnings - IB/mlx4: Increase the timeout for CM cache - scsi: megaraid_sas: return error when create DMA pool failed - perf test: Fix failure of 'evsel-tp-sched' test on s390 - SoC: imx-sgtl5000: add missing put_device() - media: sh_veu: Correct return type for mem2mem buffer helpers - media: s5p-jpeg: Correct return type for mem2mem buffer helpers - media: s5p-g2d: Correct return type for mem2mem buffer helpers - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers - leds: lp55xx: fix null deref on firmware load failure - kprobes: Prohibit probing on bsearch() - ARM: 8833/1: Ensure that NEON code always compiles with Clang - ALSA: PCM: check if ops are defined before suspending PCM - bcache: fix input overflow to cache set sysfs file io_error_halflife - bcache: fix input overflow to sequential_cutoff - bcache: improve sysfs_strtoul_clamp() - fbdev: fbmem: fix memory access if logo is bigger than the screen - cdrom: Fix race condition in cdrom_sysctl_register - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe - soc: qcom: gsbi: Fix error handling in gsbi_probe() - mt7601u: bump supported EEPROM version - ARM: avoid Cortex-A9 livelock on tight dmb loops - tty: increase the default flip buffer limit to 2*640K - media: mt9m111: set initial frame size other than 0x0 - hwrng: virtio - Avoid repeated init of completion - soc/tegra: fuse: Fix illegal free of IO base address - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable - dmaengine: imx-dma: fix warning comparison of distinct pointer types - netfilter: physdev: relax br_netfilter dependency - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure - x86/build: Mark per-CPU symbols as absolute explicitly for LLD - dmaengine: tegra: avoid overflow of byte tracking - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers - binfmt_elf: switch to new creds when switching to new mm - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects - x86: vdso: Use $LD instead of $CC to link - x86/vdso: Drop implicit common-page-size linker flag - lib/string.c: implement a basic bcmp - tty: mark Siemens R3964 line discipline as BROKEN - [Config]: remove CONFIG_R3964 - [Config]: add CONFIG_LDISC_AUTOLOAD=y - tty: ldisc: add sysctl to prevent autoloading of ldiscs - ipv6: Fix dangling pointer when ipv6 fragment - ipv6: sit: reset ip header pointer in ipip6_rcv - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). - qmi_wwan: add Olicard 600 - sctp: initialize _pad of sockaddr_in before copying to user memory - tcp: Ensure DCTCP reacts to losses - netns: provide pure entropy for net_hash_mix() - net: ethtool: not call vzalloc for zero sized memory request - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type - ALSA: seq: Fix OOB-reads from strlcpy - include/linux/bitrev.h: fix constant bitrev - ASoC: fsl_esai: fix channel swap issue when stream starts - block: do not leak memory in bio_copy_user_iov() - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() - ARM: dts: at91: Fix typo in ISC_D0 on PC9 - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value - xen: Prevent buffer overflow in privcmd ioctl - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation - xtensa: fix return_address - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller - perf/core: Restore mmap record type correctly - ext4: add missing brelse() in add_new_gdb_meta_bg() - ext4: report real fs size after failed resize - ALSA: echoaudio: add a check for ioremap_nocache - ALSA: sb8: add a check for request_region - IB/mlx4: Fix race condition between catas error reset and aliasguid flows - mmc: davinci: remove extraneous __init annotation - ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration - thermal/int340x_thermal: Add additional UUIDs - thermal/int340x_thermal: fix mode setting - tools/power turbostat: return the exit status of a command - perf top: Fix error handling in cmd_top() - perf evsel: Free evsel->counts in perf_evsel__exit() - perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() - x86/hpet: Prevent potential NULL pointer dereference - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors - iommu/vt-d: Check capability before disabling protected memory - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error - fix incorrect error code mapping for OBJECTID_NOT_FOUND - ext4: prohibit fstrim in norecovery mode - rsi: improve kernel thread handling to fix kernel panic - 9p: do not trust pdu content for stat item size - 9p locks: add mount option for lock retry interval - f2fs: fix to do sanity check with current segment number - serial: uartps: console_setup() can't be placed to init section - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms - ACPI / SBS: Fix GPE storm on recent MacBookPro's - cifs: fallback to older infolevels on findfirst queryinfo retry - crypto: sha256/arm - fix crash bug in Thumb2 build - crypto: sha512/arm - fix crash bug in Thumb2 build - iommu/dmar: Fix buffer overflow during PCI bus notification - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t - appletalk: Fix use-after-free in atalk_proc_exit - lib/div64.c: off by one in shift - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro - tpm/tpm_crb: Avoid unaligned reads in crb_recv() - ovl: fix uid/gid when creating over whiteout - appletalk: Fix compile regression - bonding: fix event handling for stacked bonds - net: atm: Fix potential Spectre v1 vulnerabilities - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv - tcp: tcp_grow_window() needs to respect tcp_space() - ipv4: recompile ip options in ipv4_link_failure - ipv4: ensure rcu_read_lock() in ipv4_link_failure() - crypto: crypto4xx - properly set IV after de- and encrypt - modpost: file2alias: go back to simple devtable lookup - modpost: file2alias: check prototype of handler - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete - KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU - iio/gyro/bmg160: Use millidegrees for temperature scale - iio: ad_sigma_delta: select channel when reading register - iio: adc: at91: disable adc channel interrupt in timeout case - io: accel: kxcjk1013: restore the range after resume. - staging: comedi: vmk80xx: Fix use of uninitialized semaphore - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf - staging: comedi: ni_usb6501: Fix use of uninitialized mutex - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf - ALSA: core: Fix card races between register and disconnect - crypto: x86/poly1305 - fix overflow during partial reduction - arm64: futex: Restore oldval initialization to work around buggy compilers - x86/kprobes: Verify stack frame on kretprobe - kprobes: Mark ftrace mcount handler functions nokprobe - kprobes: Fix error check when reusing optimized probes - mac80211: do not call driver wake_tx_queue op during reconfig - Revert "kbuild: use -Oz instead of -Os when using clang" - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup - device_cgroup: fix RCU imbalance in error case - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n - ALSA: info: Fix racy addition/deletion of nodes - Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" - kernel/sysctl.c: fix out-of-bounds access when setting file-max - Linux 4.4.179 * Xenial update: 4.4.178 upstream stable release (LP: #1826212) - mmc: pxamci: fix enum type confusion - drm/vmwgfx: Don't double-free the mode stored in par->set_mode - udf: Fix crash on IO error during truncate - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction. - MIPS: Fix kernel crash for R6 in jump label branch function - futex: Ensure that futex address is aligned in handle_futex_death() - ext4: fix NULL pointer dereference while journal is aborted - ext4: fix data corruption caused by unaligned direct AIO - ext4: brelse all indirect buffer in ext4_ind_remove_space() - mmc: tmio_mmc_core: don't claim spurious interrupts - media: v4l2-ctrls.c/uvc: zero v4l2_event - locking/lockdep: Add debug_locks check in __lock_downgrade() - ALSA: hda - Record the current power state before suspend/resume calls - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec - mmc: pwrseq_simple: Make reset-gpios optional to match doc - mmc: debugfs: Add a restriction to mmc debugfs clock setting - mmc: make MAN_BKOPS_EN message a debug - mmc: sanitize 'bus width' in debug output - mmc: core: shut up "voltage-ranges unspecified" pr_info() - usb: dwc3: gadget: Fix suspend/resume during device mode - arm64: mm: Add trace_irqflags annotations to do_debug_exception() - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON - extcon: usb-gpio: Don't miss event during suspend/resume - kbuild: setlocalversion: print error to STDERR - usb: gadget: composite: fix dereference after null check coverify warning - usb: gadget: Add the gserial port checking in gs_start_tx() - tcp/dccp: drop SYN packets if accept queue is full - serial: sprd: adjust TIMEOUT to a big value - Hang/soft lockup in d_invalidate with simultaneous calls - arm64: traps: disable irq in die() - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning - serial: sprd: clear timeout interrupt only rather than all interrupts - lib/int_sqrt: optimize small argument - USB: core: only clean up what we allocated - rtc: Fix overflow when converting time64_t to rtc_time - ath10k: avoid possible string overflow - mmc: block: Allow more than 8 partitions per card - arm64: fix COMPAT_SHMLBA definition for large pages - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures - ARM: 8458/1: bL_switcher: add GIC dependency - ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor - android: unconditionally remove callbacks in sync_fence_free() - vmstat: make vmstat_updater deferrable again and shut down on idle - hid-sensor-hub.c: fix wrong do_div() usage - arm64: hide __efistub_ aliases from kallsyms - perf: Synchronously free aux pages in case of allocation failure - net: diag: support v4mapped sockets in inet_diag_find_one_icsk() - Revert "mmc: block: don't use parameter prefix if built as module" - writeback: initialize inode members that track writeback history - coresight: fixing lockdep error - coresight: coresight_unregister() function cleanup - coresight: release reference taken by 'bus_find_device()' - coresight: remove csdev's link from topology - stm class: Fix locking in unbinding policy path - stm class: Fix link list locking - stm class: Prevent user-controllable allocations - stm class: Support devices with multiple instances - stm class: Fix unlocking braino in the error path - stm class: Guard output assignment against concurrency - stm class: Fix unbalanced module/device refcounting - stm class: Fix a race in unlinking - coresight: "DEVICE_ATTR_RO" should defined as static. - coresight: etm4x: Check every parameter used by dma_xx_coherent. - asm-generic: Fix local variable shadow in __set_fixmap_offset - staging: ashmem: Avoid deadlock with mmap/shrink - staging: ashmem: Add missing include - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT - staging: goldfish: audio: fix compiliation on arm - ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies - arm64/kernel: fix incorrect EL0 check in inv_entry macro - mac80211: fix "warning: ‘target_metric’ may be used uninitialized" - perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops - arm64: kernel: Include _AC definition in page.h - PM / Hibernate: Call flush_icache_range() on pages restored in-place - stm class: Do not leak the chrdev in error path - stm class: Fix stm device initialization order - ipv6: fix endianness error in icmpv6_err - usb: gadget: configfs: add mutex lock before unregister gadget - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG - cpu/hotplug: Handle unbalanced hotplug enable/disable - video: fbdev: Set pixclock = 0 in goldfishfb - arm64: kconfig: drop CONFIG_RTC_LIB dependency - mmc: mmc: fix switch timeout issue caused by jiffies precision - cfg80211: size various nl80211 messages correctly - stmmac: copy unicast mac address to MAC registers - dccp: do not use ipv6 header for ipv4 flow - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: rose: fix a possible stack overflow - Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) - packets: Always register packet sk in the same order - tcp: do not use ipv6 header for ipv4 flow - vxlan: Don't call gro_cells_destroy() before device is unregistered - sctp: get sctphdr by offset in sctp_compute_cksum - mac8390: Fix mmio access size probe - btrfs: remove WARN_ON in log_dir_items - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time - ALSA: compress: add support for 32bit calls in a 64bit kernel - ALSA: pcm: Fix possible OOB access in PCM oss plugins - ALSA: pcm: Don't suspend stream in unrecoverable PCM state - scsi: sd: Fix a race between closing an sd device and sd I/O - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices - tty: atmel_serial: fix a potential NULL pointer dereference - staging: vt6655: Remove vif check from vnt_interrupt - staging: vt6655: Fix interrupt race condition on device start up. - serial: max310x: Fix to avoid potential NULL pointer dereference - serial: sh-sci: Fix setting SCSCR_TIE while transferring data - USB: serial: cp210x: add new device id - USB: serial: ftdi_sio: add additional NovaTech products - USB: serial: mos7720: fix mos_parport refcount imbalance on error path - USB: serial: option: set driver_info for SIM5218 and compatibles - USB: serial: option: add Olicard 600 - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input - perf intel-pt: Fix TSC slip - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y - KVM: Reject device ioctls from processes other than the VM's creator - xhci: Fix port resume done detection for SS ports with LPM enabled - Revert "USB: core: only clean up what we allocated" - arm64: support keyctl() system call in 32-bit mode - coresight: removing bind/unbind options from sysfs - stm class: Hide STM-specific options if STM is disabled - Linux 4.4.178 * Kprobe event string type argument failed in ftrace from ubuntu_kernel_selftests on B/C i386 (LP: #1825780) - selftests/ftrace: Fix kprobe string testcase to not probe notrace function * False positive test result in run_netsocktests from net in ubuntu_kernel_selftest (LP: #1825777) - selftests/net: correct the return value for run_netsocktests -- Andrea Righi Thu, 16 May 2019 12:11:34 +0200 linux-kvm (4.4.0-1046.52) xenial; urgency=medium [ Ubuntu: 4.4.0-148.174 ] * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - perf/x86/intel: Add model number for Skylake Server to perf - perf/x86: Add model numbers for Kabylake CPUs - perf/x86/intel: Use Intel family macros for core perf events - perf/x86/msr: Use Intel family macros for MSR events code - perf/x86/msr: Add missing Intel models - SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros - perf/x86/msr: Add missing CPU IDs - x86/speculation: Simplify the CPU bug detection logic - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - bitops: avoid integer overflow in GENMASK(_ULL) - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - locking/static_keys: Provide DECLARE and well as DEFINE macros - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - SAUCE: sched/smt: Introduce sched_smt_{active,present} - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex - SAUCE: x86/speculation: Introduce arch_smt_update() - x86/speculation: Rework SMT state change - x86/speculation: Reorder the spec_v2 code - x86/speculation: Unify conditional spectre v2 print functions - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log -- Stefan Bader Wed, 08 May 2019 18:08:48 +0200 linux-kvm (4.4.0-1045.51) xenial; urgency=medium * linux-kvm: 4.4.0-1045.51 -proposed tracker (LP: #1826028) [ Ubuntu: 4.4.0-147.173 ] * linux: 4.4.0-147.173 -proposed tracker (LP: #1826036) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872) - SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt - SAUCE: Fix typo in Documentation/kernel-parameters.txt - SAUCE: x86: Move hunks and sync to upstream stable 4.9 - Revert "module: Add retpoline tag to VERMAGIC" * CVE-2017-5753 - posix-timers: Protect posix clock array access against speculation - arm64: fix possible spectre-v1 in ptrace_hbp_get_event() - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs - s390/keyboard: sanitize array index in do_kdsk_ioctl - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() - pktcdvd: Fix possible Spectre-v1 for pkt_devs - net: socket: Fix potential spectre v1 gadget in sock_is_registered - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() - hwmon: (nct6775) Fix potential Spectre v1 - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities - powerpc/ptrace: Mitigate potential Spectre v1 - cfg80211: prevent speculation on cfg80211_classify8021d() return - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: seq: oss: Fix Spectre v1 vulnerability * CVE-2019-3874 - sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege - sctp: use sk_wmem_queued to check for writable space - sctp: implement memory accounting on tx path - sctp: implement memory accounting on rx path * Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed on B PowerPC (LP: #1812809) - selftests/ftrace: Add ppc support for kprobe args tests * CVE-2019-3882 - vfio/type1: Limit DMA mappings per container * Intel I210 Ethernet card not working after hotplug [8086:1533] (LP: #1818490) - igb: Fix WARN_ONCE on runtime suspend * TSC clocksource not available in nested guests (LP: #1822821) - x86/tsc: Add X86_FEATURE_TSC_KNOWN_FREQ flag - kvmclock: fix TSC calibration for nested guests * Remove btrfs module after a failed fallocate attempt will cause error on 4.4 i386 (LP: #1822579) - Btrfs: fix extent map leak during fallocate error path * systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG: unable to handle kernel paging request at 6db23a14" on Cosmic i386 (LP: #1813244) - openvswitch: fix flow actions reallocation -- Andrea Righi Wed, 24 Apr 2019 17:08:40 +0200 linux-kvm (4.4.0-1044.50) xenial; urgency=medium * linux-kvm: 4.4.0-1044.50 -proposed tracker (LP: #1822826) * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log [ Ubuntu: 4.4.0-146.172 ] * linux: 4.4.0-146.172 -proposed tracker (LP: #1822834) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts - [Packaging] resync retpoline extraction * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes triggers system hang on i386 (LP: #1812845) - btrfs: raid56: properly unmap parity page in finish_parity_scrub() * Xenial update: 4.4.177 upstream stable release (LP: #1822271) - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES - KEYS: allow reaching the keys quotas exactly - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells - mfd: twl-core: Fix section annotations on {,un}protect_pm_master - mfd: db8500-prcmu: Fix some section annotations - mfd: ab8500-core: Return zero in get_register_interruptible() - mfd: qcom_rpm: write fw_version to CTRL_REG - mfd: wm5110: Add missing ASRC rate register - mfd: mc13xxx: Fix a missing check of a register-read failure - net: hns: Fix use after free identified by SLUB debug - MIPS: ath79: Enable OF serial ports in the default config - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param - scsi: isci: initialize shost fully before calling scsi_add_host() - MIPS: jazz: fix 64bit build - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs - atm: he: fix sign-extension overflow on large shift - leds: lp5523: fix a missing check of return value of lp55xx_read - isdn: avm: Fix string plus integer warning from Clang - RDMA/srp: Rework SCSI device reset handling - KEYS: user: Align the payload buffer - KEYS: always initialize keyring_index_key::desc_len - batman-adv: fix uninit-value in batadv_interface_tx() - net/packet: fix 4gb buffer limit due to overflow check - team: avoid complex list operations in team_nl_cmd_options_set() - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames - ARCv2: Enable unaligned access in early ASM code - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" - libceph: handle an empty authorize reply - drm/msm: Unblock writer if reader closes file - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field - ALSA: compress: prevent potential divide by zero bugs - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts - usb: gadget: Potential NULL dereference on allocation error - ASoC: dapm: change snprintf to scnprintf for possible overflow - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow - ARC: fix __ffs return value to avoid build warnings - mac80211: fix miscounting of ttl-dropped frames - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() - net: altera_tse: fix connect_local_phy error path - ibmveth: Do not process frames after calling napi_reschedule - mac80211: don't initiate TDLS connection if station is not associated to AP - cfg80211: extend range deviation for DMG - KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 - arm/arm64: KVM: Feed initialized memory to MMIO accesses - KVM: arm/arm64: Fix MMIO emulation data handling - powerpc: Always initialize input array when calling epapr_hypercall() - mmc: spi: Fix card detection during probe - x86/uaccess: Don't leak the AC flag into __put_user() value evaluation - USB: serial: option: add Telit ME910 ECM composition - USB: serial: cp210x: add ID for Ingenico 3070 - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 - cpufreq: Use struct kobj_attribute instead of struct global_attr - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names - ncpfs: fix build warning of strncpy - isdn: isdn_tty: fix build warning of strncpy - staging: lustre: fix buffer overflow of string buffer - net-sysfs: Fix mem leak in netdev_register_kobject - team: Free BPF filter when unregistering netdev - bnxt_en: Drop oversize TX packets to prevent errors. - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails - xen-netback: fix occasional leak of grant ref mappings under memory pressure - net: Add __icmp_send helper. - net: avoid use IPCB in cipso_v4_error - net: phy: Micrel KSZ8061: link failure after cable connect - x86/CPU/AMD: Set the CPB bit unconditionally on F17h - applicom: Fix potential Spectre v1 vulnerabilities - MIPS: irq: Allocate accurate order pages for irq stack - hugetlbfs: fix races and page leaks during migration - netlabel: fix out-of-bounds memory accesses - net: dsa: mv88e6xxx: Fix u64 statistics - ip6mr: Do not call __IP6_INC_STATS() from preemptible context - media: uvcvideo: Fix 'type' check leading to overflow - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel - perf tools: Handle TOPOLOGY headers with no CPU - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM - ipvs: Fix signed integer overflow when setsockopt timeout - iommu/amd: Fix IOMMU page flush when detach device from a domain - xtensa: SMP: fix ccount_timer_shutdown - xtensa: SMP: fix secondary CPU initialization - xtensa: smp_lx200_defconfig: fix vectors clash - xtensa: SMP: mark each possible CPU as present - xtensa: SMP: limit number of possible CPUs by NR_CPUS - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() - gpio: vf610: Mask all GPIO interrupts - nfs: Fix NULL pointer dereference of dev_name - scsi: libfc: free skb when receiving invalid flogi resp - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 - cifs: fix computation for MAX_SMB2_HDR_SIZE - x86/kexec: Don't setup EFI info if EFI runtime is not enabled - x86_64: increase stack size for KASAN_EXTRA - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() - autofs: drop dentry reference only when it is never used - autofs: fix error return in autofs_fill_super() - ARM: pxa: ssp: unneeded to free devm_ allocated data - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use - dmaengine: dmatest: Abort test in case of mapping error - s390/qeth: fix use-after-free in error path - perf symbols: Filter out hidden symbols from labels - MIPS: Remove function size check in get_frame_info() - Input: wacom_serial4 - add support for Wacom ArtPad II tablet - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 - iscsi_ibft: Fix missing break in switch statement - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" - ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 - udplite: call proper backlog handlers - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES - netfilter: nfnetlink_log: just returns error for unknown command - netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options - KEYS: restrict /proc/keys by credentials at open time - l2tp: fix infoleak in l2tp_ip6_recvmsg() - net: hsr: fix memory leak in hsr_dev_finalize() - net: sit: fix UBSAN Undefined behaviour in check_6rd - net/x25: fix use-after-free in x25_device_event() - net/x25: reset state in x25_connect() - pptp: dst_release sk_dst_cache in pptp_sock_destruct - ravb: Decrease TxFIFO depth of Q3 and Q2 to one - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race - tcp: handle inet_csk_reqsk_queue_add() failures - net/mlx4_core: Fix reset flow when in command polling mode - net/mlx4_core: Fix qp mtt size calculation - net/x25: fix a race in x25_bind() - mdio_bus: Fix use-after-free on device_register fails - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 - missing barriers in some of unix_sock ->addr and ->path accesses - ipvlan: disallow userns cap_net_admin to change global mode/flags - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() - vxlan: Fix GRO cells race condition between receive and link delete - net/hsr: fix possible crash in add_timer() - gro_cells: make sure device is up in gro_cells_receive() - tcp/dccp: remove reqsk_put() from inet_child_forget() - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 - fs/9p: use fscache mutex rather than spinlock - It's wrong to add len to sector_nr in raid10 reshape twice - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() - 9p: use inode->i_lock to protect i_size_write() under 32-bit - 9p/net: fix memory leak in p9_client_create - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode - stm class: Fix an endless loop in channel allocation - crypto: caam - fixed handling of sg list - crypto: ahash - fix another early termination in hash walk - gpu: ipu-v3: Fix i.MX51 CSI control registers offset - gpu: ipu-v3: Fix CSI offsets for imx53 - s390/dasd: fix using offset into zero size array error - ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized - Input: matrix_keypad - use flush_delayed_work() - i2c: cadence: Fix the hold bit setting - Input: st-keyscan - fix potential zalloc NULL dereference - ARM: 8824/1: fix a migrating irq bug when hotplug cpu - assoc_array: Fix shortcut creation - net: systemport: Fix reception of BPDUs - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() - ASoC: topology: free created components in tplg load error - arm64: Relax GIC version check during early boot - tmpfs: fix link accounting when a tmpfile is linked in - ARC: uacces: remove lp_start, lp_end from clobber list - phonet: fix building with clang - mac80211_hwsim: propagate genlmsg_reply return code - net: set static variable an initial value in atl2_probe() - tmpfs: fix uninitialized return value in shmem_link - stm class: Prevent division by zero - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling - CIFS: Fix read after write for files with read caching - tracing: Do not free iter->trace in fail path of tracing_open_pipe() - ACPI / device_sysfs: Avoid OF modalias creation for removed device - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 - regulator: s2mpa01: Fix step values for some LDOs - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown - s390/virtio: handle find on invalid queue gracefully - scsi: virtio_scsi: don't send sc payload with tmfs - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock - m68k: Add -ffreestanding to CFLAGS - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes - Btrfs: fix corruption reading shared and compressed extents after hole punching - crypto: pcbc - remove bogus memcpy()s with src == dest - cpufreq: tegra124: add missing of_node_put() - cpufreq: pxa2xx: remove incorrect __init annotation - ext4: fix crash during online resizing - ext2: Fix underflow in ext2_max_size() - clk: ingenic: Fix round_rate misbehaving with non-integer dividers - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit - mm/vmalloc: fix size check for remap_vmalloc_range_partial() - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv - intel_th: Don't reference unassigned outputs - parport_pc: fix find_superio io compare code, should use equal test. - i2c: tegra: fix maximum transfer size - perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks - serial: 8250_pci: Fix number of ports for ACCES serial cards - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() - jbd2: clear dirty flag when revoking a buffer from an older transaction - jbd2: fix compile warning when using JBUFFER_TRACE - powerpc/32: Clear on-stack exception marker upon exception return - powerpc/wii: properly disable use of BATs when requested. - powerpc/powernv: Make opal log only readable by root - powerpc/83xx: Also save/restore SPRG4-7 during suspend - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify - dm: fix to_sector() for 32bit - NFS41: pop some layoutget errors to application - perf intel-pt: Fix CYC timestamp calculation after OVF - perf auxtrace: Define auxtrace record alignment - perf intel-pt: Fix overlap calculation for padding - md: Fix failed allocation of md_register_thread - NFS: Fix an I/O request leakage in nfs_do_recoalesce - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() - nfsd: fix memory corruption caused by readdir - nfsd: fix wrong check in write_v4_end_grace() - PM / wakeup: Rework wakeup source timer cancellation - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming - drm/radeon/evergreen_cs: fix missing break in switch statement - KVM: nVMX: Sign extend displacements of VMX instr's mem operands - KVM: nVMX: Ignore limit checks on VMX instructions using flat segments - KVM: X86: Fix residual mmio emulation request to userspace - Linux 4.4.177 * sky2 ethernet card doesn't work after returning from suspend (LP: #1807259) // sky2 ethernet card link not up after suspend (LP: #1809843) // Xenial update: 4.4.177 upstream stable release (LP: #1822271) - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 * [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881) - lib/fonts/Kconfig: keep non-Sparc fonts listed together - Fonts: New Terminus large console font - [Config]: enable highdpi Terminus 16x32 font support * Hard lockup in 2 CPUs due to deadlock in cpu_stoppers (LP: #1821259) - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock - stop_machine: Disable preemption when waking two stopper threads - stop_machine: Disable preemption after queueing stopper threads - stop_machine: Atomically queue and wake stopper threads [ Ubuntu: 4.4.0-145.171 ] * linux: 4.4.0-145.171 -proposed tracker (LP: #1821724) * linux-generic should depend on linux-base >=4.1 (LP: #1820419) - [Packaging] Fix linux-base dependency -- Andrea Righi Wed, 03 Apr 2019 16:14:20 +0200 linux-kvm (4.4.0-1043.49) xenial; urgency=medium * linux-kvm: 4.4.0-1043.49 -proposed tracker (LP: #1821712) * linux-generic should depend on linux-base >=4.1 (LP: #1820419) - [Packaging] Fix linux-base dependency * Packaging resync (LP: #1786013) - [Packaging] update helper scripts - [Packaging] resync retpoline extraction -- Kleber Sacilotto de Souza Tue, 26 Mar 2019 15:13:14 +0100 linux-kvm (4.4.0-1042.48) xenial; urgency=medium * linux-kvm: 4.4.0-1042.48 -proposed tracker (LP: #1819655) * CONFIG_CIFS_POSIX=y needs to added to xenial/kvm kernel config (LP: #1820157) - Revert "UBUNTU: [Config] Remove CONFIG_CIFS_POSIX=y" * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts [ Ubuntu: 4.4.0-144.170 ] * linux: 4.4.0-144.170 -proposed tracker (LP: #1819660) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts - [Packaging] resync retpoline extraction * C++ demangling support missing from perf (LP: #1396654) - [Packaging] fix a mistype * CVE-2019-9213 - mm: enforce min addr even if capable() in expand_downwards() * CVE-2019-3460 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt * Xenial update: 4.4.176 upstream stable release (LP: #1818815) - net: fix IPv6 prefix route residue - vsock: cope with memory allocation failure at socket creation time - hwmon: (lm80) Fix missing unlock on error in set_fan_div() - net: Fix for_each_netdev_feature on Big endian - net: Add header for usage of fls64() - tcp: tcp_v4_err() should be more careful - net: Do not allocate page fragments that are not skb aligned - tcp: clear icsk_backoff in tcp_write_queue_purge() - vxlan: test dev->flags & IFF_UP before calling netif_rx() - net: stmmac: Fix a race in EEE enable callback - net: ipv4: use a dedicated counter for icmp_v4 redirect packets - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 - mfd: as3722: Handle interrupts on suspend - mfd: as3722: Mark PM functions as __maybe_unused - net/x25: do not hold the cpu too long in x25_new_lci() - mISDN: fix a race in dev_expire_timer() - ax25: fix possible use-after-free - Linux 4.4.176 * sky2 ethernet card don't work after returning from suspension (LP: #1798921) // Xenial update: 4.4.176 upstream stable release (LP: #1818815) - sky2: Increase D3 delay again * Xenial update: 4.4.175 upstream stable release (LP: #1818813) - drm/bufs: Fix Spectre v1 vulnerability - staging: iio: adc: ad7280a: handle error from __ad7280_read32() - ASoC: Intel: mrfld: fix uninitialized variable access - scsi: lpfc: Correct LCB RJT handling - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU - dlm: Don't swamp the CPU with callbacks queued during recovery - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - powerpc/pseries: add of_node_put() in dlpar_detach_node() - serial: fsl_lpuart: clear parity enable bit when disable parity - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl - staging:iio:ad2s90: Make probe handle spi_setup failure - staging: iio: ad7780: update voltage on read - ARM: OMAP2+: hwmod: Fix some section annotations - modpost: validate symbol names also in find_elf_symbol - perf tools: Add Hygon Dhyana support - soc/tegra: Don't leak device tree node reference - f2fs: move dir data flush to write checkpoint process - f2fs: fix wrong return value of f2fs_acl_create - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN - nfsd4: fix crash on writing v4_end_grace before nfsd startup - arm64: ftrace: don't adjust the LR value - ARM: dts: mmp2: fix TWSI2 - x86/fpu: Add might_fault() to user_insn() - media: DaVinci-VPBE: fix error handling in vpbe_initialize() - smack: fix access permissions for keyring - usb: hub: delay hub autosuspend if USB3 port is still link training - timekeeping: Use proper seqcount initializer - ARM: dts: Fix OMAP4430 SDP Ethernet startup - mips: bpf: fix encoding bug for mm_srlv32_op - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer - sata_rcar: fix deferred probing - clk: imx6sl: ensure MMDC CH0 handshake is bypassed - cpuidle: big.LITTLE: fix refcount leak - i2c-axxia: check for error conditions first - udf: Fix BUG on corrupted inode - ARM: pxa: avoid section mismatch warning - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M - memstick: Prevent memstick host from getting runtime suspended during card detection - tty: serial: samsung: Properly set flags in autoCTS mode - arm64: KVM: Skip MMIO insn after emulation - powerpc/uaccess: fix warning/error with access_ok() - mac80211: fix radiotap vendor presence bitmap handling - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi - Bluetooth: Fix unnecessary error message for HCI request completion - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() - drbd: narrow rcu_read_lock in drbd_sync_handshake - drbd: disconnect, if the wrong UUIDs are attached on a connected peer - drbd: skip spurious timeout (ping-timeo) when failing promote - drbd: Avoid Clang warning about pointless switch statment - video: clps711x-fb: release disp device node in probe() - fbdev: fbmem: behave better with small rotated displays and many CPUs - fbdev: fbcon: Fix unregister crash when more than one framebuffer - KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported - NFS: nfs_compare_mount_options always compare auth flavors. - hwmon: (lm80) fix a missing check of the status of SMBus read - hwmon: (lm80) fix a missing check of bus read in lm80 probe - seq_buf: Make seq_buf_puts() null-terminate the buffer - crypto: ux500 - Use proper enum in cryp_set_dma_transfer - crypto: ux500 - Use proper enum in hash_set_dma_transfer - cifs: check ntwrk_buf_start for NULL before dereferencing it - um: Avoid marking pages with "changed protection" - niu: fix missing checks of niu_pci_eeprom_read - scripts/decode_stacktrace: only strip base path when a prefix of the path - ocfs2: don't clear bh uptodate for block read - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() - gdrom: fix a memory leak bug - block/swim3: Fix -EBUSY error when re-opening device after unmount - HID: lenovo: Add checks to fix of_led_classdev_register - kernel/hung_task.c: break RCU locks based on jiffies - fs/epoll: drop ovflist branch prediction - exec: load_script: don't blindly truncate shebang string - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set - test_hexdump: use memcpy instead of strncpy - tipc: use destination length for copy string - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup - dccp: fool proof ccid_hc_[rt]x_parse_options() - enic: fix checksum validation for IPv6 - net: dp83640: expire old TX-skb - skge: potential memory corruption in skge_get_regs() - net: systemport: Fix WoL with password after deep sleep - net: dsa: slave: Don't propagate flag changes on down slave interfaces - ALSA: compress: Fix stop handling on compressed capture streams - ALSA: hda - Serialize codec registrations - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - fuse: handle zero sized retrieve correctly - dmaengine: imx-dma: fix wrong callback invoke - usb: phy: am335x: fix race condition in _probe - usb: gadget: udc: net2272: Fix bitwise and boolean operations - perf/x86/intel/uncore: Add Node ID mask - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() - perf/core: Don't WARN() for impossible ring-buffer sizes - perf tests evsel-tp-sched: Fix bitwise operator - mtd: rawnand: gpmi: fix MX28 bus master lockup problem - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - misc: vexpress: Off by one in vexpress_syscfg_exec() - debugfs: fix debugfs_rename parameter checking - mips: cm: reprime error cause - MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled - MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds - ARM: iop32x/n2100: fix PCI IRQ mapping - mac80211: ensure that mgmt tx skbs have tailroom for encryption - drm/modes: Prevent division by zero htotal - drm/vmwgfx: Fix setting of dma masks - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - HID: debug: fix the ring buffer implementation - NFC: nxp-nci: Include unaligned.h instead of access_ok.h - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" - Revert "UBUNTU: [Config] Remove CONFIG_CIFS_POSIX=y" - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() - xfrm: refine validation of template and selector families - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit - Revert "exec: load_script: don't blindly truncate shebang string" - uapi/if_ether.h: prevent redefinition of struct ethhdr - ARM: dts: da850-evm: Correct the sound card name - ARM: dts: kirkwood: Fix polarity of GPIO fan lines - gpio: pl061: handle failed allocations - cifs: Limit memory used by lock request calls to a page - Documentation/network: reword kernel version reference - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK - perf/core: Fix impossible ring-buffer sizes warning - ALSA: hda - Add quirk for HP EliteBook 840 G5 - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - Input: bma150 - register input device after setting private data - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - alpha: fix page fault handling for r16-r18 targets - alpha: Fix Eiger NR_IRQS to 128 - tracing/uprobes: Fix output for multiple string arguments - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls - signal: Restore the stop PTRACE_EVENT_EXIT - x86/a.out: Clear the dump structure initially - dm thin: fix bug where bio that overwrites thin block ignores FUA - smsc95xx: Use skb_cow_head to deal with cloned skbs - ch9200: use skb_cow_head() to deal with cloned skbs - kaweth: use skb_cow_head() to deal with cloned skbs - usb: dwc2: Remove unnecessary kfree - pinctrl: msm: fix gpio-hog related boot issues - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define - Linux 4.4.175 * Xenial update: 4.4.174 upstream stable release (LP: #1818806) - inet: frags: change inet_frags_init_net() return value - inet: frags: add a pointer to struct netns_frags - inet: frags: refactor ipfrag_init() - inet: frags: refactor ipv6_frag_init() - inet: frags: refactor lowpan_net_frag_init() - rhashtable: add rhashtable_lookup_get_insert_key() - rhashtable: Add rhashtable_lookup() - rhashtable: add schedule points - inet: frags: use rhashtables for reassembly units - net: ieee802154: 6lowpan: fix frag reassembly - ipfrag: really prevent allocation on netns exit - inet: frags: remove some helpers - inet: frags: get rif of inet_frag_evicting() - inet: frags: remove inet_frag_maybe_warn_overflow() - inet: frags: break the 2GB limit for frags storage - inet: frags: do not clone skb in ip_expire() - ipv6: frags: rewrite ip6_expire_frag_queue() - rhashtable: reorganize struct rhashtable layout - inet: frags: reorganize struct netns_frags - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB - inet: frags: fix ip6frag_low_thresh boundary - ip: discard IPv4 datagrams with overlapping segments. - net: modify skb_rbtree_purge to return the truesize of all purged skbs. - ipv6: defrag: drop non-last frags smaller than min mtu - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends - ip: use rb trees for IP frag queue. - ip: add helpers to process in-order fragments faster. - ip: process in-order fragments efficiently - ip: frags: fix crash in ip_do_fragment() - ipv4: frags: precedence bug in ip_expire() - inet: frags: better deal with smp races - net: fix pskb_trim_rcsum_slow() with odd trim offset - net: ipv4: do not handle duplicate fragments as overlapping - rcu: Force boolean subscript for expedited stall warnings - Linux 4.4.174 * Xenial update: 4.4.173 upstream stable release (LP: #1818803) - net: Fix usage of pskb_trim_rcsum - openvswitch: Avoid OOB read when parsing flow nlattrs - net: ipv4: Fix memory leak in network namespace dismantle - net_sched: refetch skb protocol for each filter - net: bridge: Fix ethernet header pointer before check skb forwardable - USB: serial: simple: add Motorola Tetra TPG2200 device id - USB: serial: pl2303: add new PID to support PL2303TB - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - ARC: perf: map generic branches to correct hardware condition - s390/early: improve machine detection - s390/smp: fix CPU hotplug deadlock with CPU rescan - char/mwave: fix potential Spectre v1 vulnerability - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - tty: Handle problem if line discipline does not have receive_buf - tty/n_hdlc: fix __might_sleep warning - CIFS: Fix possible hang during async MTU reads and writes - Input: xpad - add support for SteelSeries Stratus Duo - KVM: x86: Fix single-step debugging - x86/kaslr: Fix incorrect i8254 outb() parameters - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - vt: invoke notifier on screen size change - perf unwind: Unwind with libdw doesn't take symfs into account - perf unwind: Take pgoff into account when reporting elf to libdwfl - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size - arm64: mm: remove page_mapping check in __sync_icache_dcache - f2fs: read page index before freeing - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" - Revert "loop: Get rid of loop_index_mutex" - Revert "loop: Fold __loop_release into loop_release" - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU - fs: add the fsnotify call to vfs_iter_write - ipv6: Consider sk_bound_dev_if when binding a socket to an address - l2tp: copy 4 more bytes to linear part if necessary - net/mlx4_core: Add masking for a few queries on HCA caps - netrom: switch to sock timer API - net/rose: fix NULL ax25_cb kernel panic - ucc_geth: Reset BQL queue when stopping device - l2tp: remove l2specific_len dependency in l2tp_core - l2tp: fix reading optional fields of L2TPv3 - CIFS: Do not count -ENODATA as failure for query directory - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment - arm64: hyp-stub: Forbid kprobing of the hyp-stub - gfs2: Revert "Fix loop in gfs2_rbm_find" - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes - mm, oom: fix use-after-free in oom_kill_process - cifs: Always resolve hostname before reconnecting - drivers: core: Remove glue dirs from sysfs earlier - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - fs: don't scan the inode cache before SB_BORN is set - Linux 4.4.173 * Xenial update: 4.4.172 upstream stable release (LP: #1818797) - tty/ldsem: Wake up readers after timed out down_write() - can: gw: ensure DLC boundaries after CAN frame modification - f2fs: clean up argument of recover_data - f2fs: cover more area with nat_tree_lock - f2fs: move sanity checking of cp into get_valid_checkpoint - f2fs: fix to convert inline directory correctly - f2fs: give -EINVAL for norecovery and rw mount - f2fs: remove an obsolete variable - f2fs: factor out fsync inode entry operations - f2fs: fix inode cache leak - f2fs: fix to avoid reading out encrypted data in page cache - f2fs: not allow to write illegal blkaddr - f2fs: avoid unneeded loop in build_sit_entries - f2fs: use crc and cp version to determine roll-forward recovery - f2fs: introduce get_checkpoint_version for cleanup - f2fs: put directory inodes before checkpoint in roll-forward recovery - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack - f2fs: detect wrong layout - f2fs: free meta pages if sanity check for ckpt is failed - f2fs: fix race condition in between free nid allocator/initializer - f2fs: return error during fill_super - f2fs: check blkaddr more accuratly before issue a bio - f2fs: sanity check on sit entry - f2fs: enhance sanity_check_raw_super() to avoid potential overflow - f2fs: clean up with is_valid_blkaddr() - f2fs: introduce and spread verify_blkaddr - f2fs: fix to do sanity check with secs_per_zone - f2fs: fix to do sanity check with user_block_count - f2fs: Add sanity_check_inode() function - f2fs: fix to do sanity check with node footer and iblocks - f2fs: fix to do sanity check with reserved blkaddr of inline inode - f2fs: fix to do sanity check with block address in main area - f2fs: fix to do sanity check with block address in main area v2 - f2fs: fix to do sanity check with cp_pack_start_sum - f2fs: fix invalid memory access - f2fs: fix missing up_read - f2fs: fix validation of the block count in sanity_check_raw_super - media: em28xx: Fix misplaced reset of dev->v4l::field_count - arm64/kvm: consistently handle host HCR_EL2 flags - arm64: Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: authenc - fix parsing key with misaligned rta_len - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: sd: Fix cache_type_store() - mips: fix n32 compat_ipc_parse_version - mfd: tps6586x: Handle interrupts on suspend - Disable MSI also when pcie-octeon.pcie_disable on - omap2fb: Fix stack memory disclosure - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - selinux: fix GPF on invalid policy - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - media: vb2: be sure to unlock mutex on errors - r8169: Add support for new Realtek Ethernet - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - writeback: don't decrement wb->refcnt if !wb->bdi - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur - arm64: perf: set suppress_bind_attrs flag to true - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - pstore/ram: Do not treat empty buffers as valid - powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - clk: imx6q: reset exclusive gates on init - kconfig: fix file name and line number of warn_ignored_character() - kconfig: fix memory leak when EOF is encountered in quotation - mmc: atmel-mci: do not assume idle after atmci_request_end - perf intel-pt: Fix error with config term "pt=0" - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - dm kcopyd: Fix bug causing workqueue stalls - dm snapshot: Fix excessive memory usage and workqueue stalls - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - scsi: megaraid: fix out-of-bound array accesses - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm, proc: be more verbose about unstable VMA flags in /proc//smaps - net: speed up skb_rbtree_purge() - ipmi:ssif: Fix handling of multi-part return messages - Linux 4.4.172 * Xenial update: 4.4.171 upstream stable release (LP: #1818237) - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - btrfs: cleanup, stop casting for extent_map->lookup everywhere - btrfs: Enhance chunk validation check - Btrfs: add validadtion checks for chunk loading - Btrfs: check inconsistence between chunk and block group - Btrfs: fix em leak in find_first_block_group - Btrfs: detect corruption when non-root leaf has zero item - Btrfs: check btree node's nritems - Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty - Btrfs: memset to avoid stale content in btree node block - Btrfs: improve check_node to avoid reading corrupted nodes - Btrfs: kill BUG_ON in run_delayed_tree_ref - Btrfs: memset to avoid stale content in btree leaf - Btrfs: fix emptiness check for dirtied extent buffers at check_leaf() - btrfs: struct-funcs, constify readers - btrfs: Refactor check_leaf function for later expansion - btrfs: Check if item pointer overlaps with the item itself - btrfs: Add sanity check for EXTENT_DATA when reading out leaf - btrfs: Add checker for EXTENT_CSUM - btrfs: Move leaf and node validation checker to tree-checker.c - btrfs: tree-checker: Enhance btrfs_check_node output - btrfs: tree-checker: Fix false panic for sanity test - btrfs: tree-checker: Add checker for dir item - btrfs: tree-checker: use %zu format string for size_t - btrfs: tree-check: reduce stack consumption in check_dir_item - btrfs: tree-checker: Verify block_group_item - btrfs: tree-checker: Detect invalid and empty essential trees - btrfs: validate type when reading a chunk - btrfs: Check that each block group has corresponding chunk at mount time - btrfs: Verify that every chunk has corresponding block group at mount time - btrfs: tree-checker: Check level for leaves and nodes - btrfs: tree-checker: Fix misleading group system information - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - slab: alien caches must not be initialized if the allocation of the alien cache failed - PCI: altera: Fix altera_pcie_link_is_up() - PCI: altera: Reorder read/write functions - PCI: altera: Check link status before retrain link - PCI: altera: Poll for link up status after retraining the link - PCI: altera: Poll for link training status after retraining the link - PCI: altera: Rework config accessors for use without a struct pci_bus - PCI: altera: Move retrain from fixup to altera_pcie_host_init() - ACPI: power: Skip duplicate power resource references in _PRx - i2c: dev: prevent adapter retries and timeout being set as minus value - crypto: cts - fix crash on short inputs - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - sunrpc: use-after-free in svc_process_common() - Linux 4.4.171 * [Packaging] Allow overlay of config annotations (LP: #1752072) - [Packaging] config-check: Add an include directive * CVE-2018-9517 - l2tp: pass tunnel pointer to ->session_create() * squashfs hardening (LP: #1816756) - squashfs metadata 2: electric boogaloo - Squashfs: Compute expected length from inode size rather than block length * Update ENA driver to version 2.0.3K (LP: #1816806) - net: ena: update driver version from 2.0.2 to 2.0.3 - net: ena: fix race between link up and device initalization - net: ena: fix crash during failed resume from hibernation * bnxt_en_po: TX timed out triggering Netdev Watchdog Timer (LP: #1814095) - SAUCE: bnxt_en_bpo: Fix TX timeout during netpoll * CVE-2019-3459 - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer * CVE-2019-7222 - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) * CVE-2019-7221 - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) * CVE-2019-6974 - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) * Regular D-state processes impacting LXD containers (LP: #1817628) - mm: do not stall register_shrinker() * libsas disks can have non-unique by-path names (LP: #1817784) - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached * Hard lockups due to unrestricted lapic timer delay (LP: #1817918) - KVM: x86: move nsec_to_cycles from x86.c to x86.h - KVM: LAPIC: cap __delay at lapic_timer_advance_ns -- Khalid Elmously Fri, 15 Mar 2019 01:29:45 -0400 linux-kvm (4.4.0-1041.47) xenial; urgency=medium * linux-kvm: 4.4.0-1041.47 -proposed tracker (LP: #1814654) * Packaging resync (LP: #1786013) - [Packaging] update update.conf * linux-buildinfo: pull out ABI information into its own package (LP: #1806380) - [Config] resync flavour-control.stub * Xenial update: 4.4.169 upstream stable release (LP: #1811252) - [Config] Remove CONFIG_CIFS_POSIX=y [ Ubuntu: 4.4.0-143.169 ] * linux: 4.4.0-143.169 -proposed tracker (LP: #1814647) * x86/kvm: Backport fixup and missing commits (LP: #1811646) - KVM: x86: avoid vmalloc(0) in the KVM_SET_CPUID - kvm: nVMX: VMCLEAR an active shadow VMCS after last use - X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() - kvm: x86: IA32_ARCH_CAPABILITIES is always supported - KVM: SVM: Add MSR-based feature support for serializing LFENCE - KVM: X86: Allow userspace to define the microcode version - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled - KVM: VMX: fixes for vmentry_l1d_flush module parameter - kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb - kvm: vmx: Scrub hardware GPRs at VM-exit - SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic - SAUCE: KVM: Move code fragments, cleanup and re-indent * linux-buildinfo: pull out ABI information into its own package (LP: #1806380) - [Packaging] limit preparation to linux-libc-dev in headers - [Packaging] commonise debhelper invocation - [Packaging] ABI -- accumulate abi information at the end of the build - [Packaging] buildinfo -- add basic build information - [Packaging] buildinfo -- add firmware information to the flavour ABI - [Packaging] buildinfo -- add compiler information to the flavour ABI - [Packaging] buildinfo -- add buildinfo support to getabis - [Config] buildinfo -- add retpoline version markers - [Packaging] getabis -- handle all known package combinations - [Packaging] getabis -- support parsing a simple version * signing: only install a signed kernel (LP: #1764794) - [Packaging] update to Debian like control scripts - [Packaging] switch to triggers for postinst.d postrm.d handling - [Packaging] signing -- switch to raw-signing tarballs - [Packaging] signing -- switch to linux-image as signed when available - [Packaging] printenv -- add signing options - [Packaging] fix invocation of header postinst hooks - [Packaging] signing -- add support for signing Opal kernel binaries - [Debian] Use src_pkg_name when constructing udeb control files - [Debian] Dynamically determine linux udebs package name - [Packaging] handle both linux-lts* and linux-hwe* as backports - [Config] linux-source-* is in the primary linux namespace - [Packaging] lookup the upstream tag - [Packaging] zfs/spl -- enhance provides information - [Packaging] switch up to debhelper 9 - [Packaging] autopkgtest -- disable d-i when dropping flavours - [debian] support for ship_extras_package=false - [Debian] do_common_tools should always be on - [debian] do not force do_tools_common - [Packaging] Add linux-tools-host package for VM host tools - [Packaging] signing should be conditional - [Packaging] skip cloud tools packaging when not building package - [Packaging] add acpidbg - [debian] prep linux-libc-dev only if do_libc_dev_package=true - [Packaging] Only install cloud init files when do_tools_common=true * Redpine: Driver crash with network-manager 1.10 and above (LP: #1813869) - SAUCE: Redpine: enhancement for MAC spoofing to avoid kernel crash * Guests using IBRS incur a large performance penalty (LP: #1764956) - SAUCE: Restore the IBRS host state on VMEXIT * Xenial update: 4.4.170 upstream stable release (LP: #1811647) - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only - USB: serial: option: add GosunCn ZTE WeLink ME3630 - USB: serial: option: add HP lt4132 - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) - USB: serial: option: add Fibocom NL668 series - USB: serial: option: add Telit LN940 series - mmc: core: Reset HPI enabled state during re-init and in case of errors - mmc: omap_hsmmc: fix DMA API warning - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - x86/mtrr: Don't copy uninitialized gentry fields back to userspace - drm/ioctl: Fix Spectre v1 vulnerabilities - ip6mr: Fix potential Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - ax25: fix a use-after-free in ax25_fillin_cb() - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path - ieee802154: lowpan_header_create check must check daddr - ipv6: explicitly initialize udp6_addr in udp_sock_create6() - isdn: fix kernel-infoleak in capi_unlocked_ioctl - netrom: fix locking in nr_find_socket() - packet: validate address length - packet: validate address length if non-zero - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event - vhost: make sure used idx is seen before log in vhost_add_used_n() - VSOCK: Send reset control packet when socket is partially bound - xen/netfront: tolerate frags with no data - gro_cell: add napi_disable in gro_cells_destroy - sock: Make sock->sk_stamp thread-safe - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: hda: add mute LED support for HP EliteBook 840 G4 - ALSA: hda/tegra: clear pending irq handlers - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays - USB: serial: option: add Fibocom NL678 series - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup - perf pmu: Suppress potential format-truncation warning - ext4: fix possible use after free in ext4_quota_enable - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() - ext4: fix EXT4_IOC_GROUP_ADD ioctl - ext4: force inode writes when nfsd calls commit_metadata() - spi: bcm2835: Fix race on DMA termination - spi: bcm2835: Fix book-keeping of DMA termination - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. - media: vivid: free bitmap_cap when updating std/timings/etc. - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() - MIPS: Align kernel load address to 64KB - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested - spi: bcm2835: Unbreak the build of esoteric configs - powerpc: Fix COFF zImage booting on old powermacs - ARM: imx: update the cpu power up timing setting on i.mx6sx - Input: restore EV_ABS ABS_RESERVED - checkstack.pl: fix for aarch64 - xfrm: Fix bucket count reported to userspace - scsi: bnx2fc: Fix NULL dereference in error handling - Input: omap-keypad - fix idle configuration to not block SoC idle states - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL - mm, devm_memremap_pages: kill mapping "System RAM" support - sunrpc: fix cache_head leak due to queued request - sunrpc: use SVC_NET() in svcauth_gss_* functions - crypto: x86/chacha20 - avoid sleeping with preemption disabled - ALSA: cs46xx: Potential NULL dereference in probe - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks - dlm: fixed memory leaks after failed ls_remove_names allocation - dlm: possible memory leak on error path in create_lkb() - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() - dlm: memory leaks on error path in dlm_user_request() - gfs2: Fix loop in gfs2_rbm_find - b43: Fix error in cordic routine - 9p/net: put a lower bound on msize - iommu/vt-d: Handle domain agaw being less than iommu agaw - ceph: don't update importing cap's mseq when handing cap export - genwqe: Fix size check - intel_th: msu: Fix an off-by-one in attribute store - power: supply: olpc_battery: correct the temperature units - Linux 4.4.170 * Xenial update: 4.4.169 upstream stable release (LP: #1811252) - lib/interval_tree_test.c: make test options module parameters - lib/interval_tree_test.c: allow full tree search - lib/rbtree_test.c: make input module parameters - lib/rbtree-test: lower default params - lib/interval_tree_test.c: allow users to limit scope of endpoint - timer/debug: Change /proc/timer_list from 0444 to 0400 - powerpc/boot: Fix random libfdt related build errors - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 - aio: fix spectre gadget in lookup_ioctx - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 - tracing: Fix memory leak in set_trigger_filter() - tracing: Fix memory leak of instance function hash filters - powerpc/msi: Fix NULL pointer access in teardown code - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" - f2fs: fix a panic caused by NULL flush_cmd_control - mac80211: don't WARN on bad WMM parameters from buggy APs - mac80211: Fix condition validating WMM IE - mac80211_hwsim: fix module init error paths for netlink - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload - x86/earlyprintk/efi: Fix infinite loop on some screen widths - drm/msm: Grab a vblank reference when waiting for commit_done - ARC: io.h: Implement reads{x}()/writes{x}() - bonding: fix 802.3ad state sent to partner when unbinding slave - SUNRPC: Fix a potential race in xprt_connect() - sbus: char: add of_node_put() - drivers/sbus/char: add of_node_put() - drivers/tty: add missing of_node_put() - ide: pmac: add of_node_put() - clk: mmp: Off by one in mmp_clk_add() - Input: omap-keypad - fix keyboard debounce configuration - libata: whitelist all SAMSUNG MZ7KM* solid-state disks - mv88e6060: disable hardware level MAC learning - ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) - [Config] Remove CONFIG_CIFS_POSIX=y - i2c: axxia: properly handle master timeout - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node - rtc: snvs: add a missing write sync - rtc: snvs: Add timeouts to avoid kernel lockups - ALSA: isa/wavefront: prevent some out of bound writes - Linux 4.4.169 * Xenial update: 4.4.168 upstream stable release (LP: #1811080) - ipv6: Check available headroom in ip6_xmit() even without options - net: 8139cp: fix a BUG triggered by changing mtu with network traffic - net: phy: don't allow __set_phy_supported to add unsupported modes - net: Prevent invalid access to skb->prev in __qdisc_drop_all - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices - tcp: fix NULL ref in tail loss probe - tun: forbid iface creation with rtnl ops - neighbour: Avoid writing before skb->head in neigh_hh_output() - ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup - ARM: OMAP1: ams-delta: Fix possible use of uninitialized field - sysv: return 'err' instead of 0 in __sysv_write_inode - s390/cpum_cf: Reject request for sampling in event initialization - hwmon: (ina2xx) Fix current value calculation - ASoC: dapm: Recalculate audio map forcely when card instantiated - hwmon: (w83795) temp4_type has writable permission - Btrfs: send, fix infinite loop due to directory rename dependencies - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE - exportfs: do not read dentry after free - bpf: fix check of allowed specifiers in bpf_trace_printk - USB: omap_udc: use devm_request_irq() - USB: omap_udc: fix crashes on probe error and module removal - USB: omap_udc: fix omap_udc_start() on 15xx machines - USB: omap_udc: fix USB gadget functionality on Palm Tungsten E - KVM: x86: fix empty-body warnings - net: thunderx: fix NULL pointer dereference in nic_remove - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps - net: hisilicon: remove unexpected free_netdev - drm/ast: fixed reading monitor EDID not stable issue - xen: xlate_mmu: add missing header to fix 'W=1' warning - fscache: fix race between enablement and dropping of object - fscache, cachefiles: remove redundant variable 'cache' - ocfs2: fix deadlock caused by ocfs2_defrag_extent() - hfs: do not free node before using - hfsplus: do not free node before using - debugobjects: avoid recursive calls with kmemleak - ocfs2: fix potential use after free - pstore: Convert console write to use ->write_buf - ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC - KVM: nVMX: mark vmcs12 pages dirty on L2 exit - KVM: nVMX: Eliminate vmcs02 pool - KVM: VMX: introduce alloc_loaded_vmcs - KVM: VMX: make MSR bitmaps per-VCPU - KVM/x86: Add IBPB support - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD - bpf: support 8-byte metafield access - bpf/verifier: Add spi variable to check_stack_write() - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() - bpf: Prevent memory disambiguation attack - wil6210: missing length check in wmi_set_ie - mm/hugetlb.c: don't call region_abort if region_chg fails - hugetlbfs: fix offset overflow in hugetlbfs mmap - hugetlbfs: check for pgoff value overflow - hugetlbfs: fix bug in pgoff overflow checking - swiotlb: clean up reporting - sr: pass down correctly sized SCSI sense buffer - mm: remove write/force parameters from __get_user_pages_locked() - mm: remove write/force parameters from __get_user_pages_unlocked() - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages() - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags - mm: replace get_user_pages_locked() write/force parameters with gup_flags - mm: replace get_vaddr_frames() write/force parameters with gup_flags - mm: replace get_user_pages() write/force parameters with gup_flags - mm: replace __access_remote_vm() write parameter with gup_flags - mm: replace access_remote_vm() write parameter with gup_flags - proc: don't use FOLL_FORCE for reading cmdline and environment - proc: do not access cmdline nor environ from file-backed areas - media: dvb-frontends: fix i2c access helpers for KASAN - matroxfb: fix size of memcpy - staging: speakup: Replace strncpy with memcpy - rocker: fix rocker_tlv_put_* functions for KASAN - selftests: Move networking/timestamping from Documentation - Linux 4.4.168 * kernel oops in bcache module (LP: #1793901) - SAUCE: bcache: never writeback a discard operation * Userspace break as a result of missing patch backport (LP: #1813873) - tty: Don't hold ldisc lock in tty_reopen() if ldisc present * CVE-2019-6133 - fork: record start_time late * Crash on "ip link add foo type ipip" (LP: #1811803) - SAUCE: fan: Fix NULL pointer dereference -- Khalid Elmously Mon, 11 Feb 2019 02:49:43 +0000 linux-kvm (4.4.0-1040.46) xenial; urgency=medium * linux-kvm: 4.4.0-1040.46 -proposed tracker (LP: #1811853) * Xenial update: 4.4.164 upstream stable release (LP: #1810947) - [Config] Remove CONFIG{,_ARCH_USE}_QUEUED_SPINLOCKS [ Ubuntu: 4.4.0-142.168 ] * linux: 4.4.0-142.168 -proposed tracker (LP: #1811846) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * iptables connlimit allows more connections than the limit when using multiple CPUs (LP: #1811094) - netfilter: xt_connlimit: don't store address in the conn nodes - SAUCE: netfilter: xt_connlimit: remove the 'addr' parameter in add_hlist() - netfilter: nf_conncount: expose connection list interface - netfilter: nf_conncount: Fix garbage collection with zones - netfilter: nf_conncount: fix garbage collection confirm race - netfilter: nf_conncount: don't skip eviction when age is negative * CVE-2017-5715 - SAUCE: x86/speculation: Cleanup IBPB runtime control handling - SAUCE: x86/speculation: Cleanup IBRS runtime control handling - SAUCE: x86/speculation: Use x86_spec_ctrl_base in entry/exit code - SAUCE: x86/speculation: Move RSB_CTXSW hunk * Xenial update: 4.4.167 upstream stable release (LP: #1811077) - media: em28xx: Fix use-after-free when disconnecting - Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" - rapidio/rionet: do not free skb before reading its length - s390/qeth: fix length check in SNMP processing - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 - kvm: mmu: Fix race in emulated page table writes - xtensa: enable coprocessors that are being flushed - xtensa: fix coprocessor context offset definitions - Btrfs: ensure path name is null terminated at btrfs_control_ioctl - ALSA: wss: Fix invalid snd_free_pages() at error path - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write - ALSA: control: Fix race between adding and removing a user element - ALSA: sparc: Fix invalid snd_free_pages() at error path - ext2: fix potential use after free - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() - dmaengine: at_hdmac: fix module unloading - btrfs: release metadata before running delayed refs - USB: usb-storage: Add new IDs to ums-realtek - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup - Kbuild: suppress packed-not-aligned warning for default setting only - exec: avoid gcc-8 warning for get_task_comm - disable stringop truncation warnings for now - kobject: Replace strncpy with memcpy - unifdef: use memcpy instead of strncpy - kernfs: Replace strncpy with memcpy - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() - drm: gma500: fix logic error - scsi: bfa: convert to strlcpy/strlcat - staging: rts5208: fix gcc-8 logic error warning - kdb: use memmove instead of overlapping memcpy - iser: set sector for ambiguous mr status errors - uprobes: Fix handle_swbp() vs. unregister() + register() race once more - MIPS: ralink: Fix mt7620 nd_sd pinmux - mips: fix mips_get_syscall_arg o32 check - drm/ast: Fix incorrect free on ioregs - scsi: scsi_devinfo: cleanly zero-pad devinfo strings - ALSA: trident: Suppress gcc string warning - scsi: csiostor: Avoid content leaks and casts - kgdboc: Fix restrict error - kgdboc: Fix warning with module build - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF - leds: turn off the LED and wait for completion on unregistering LED class device - leds: leds-gpio: Fix return value check in create_gpio_led() - Input: xpad - quirk all PDP Xbox One gamepads - Input: matrix_keypad - check for errors from of_get_named_gpio() - Input: elan_i2c - add ELAN0620 to the ACPI table - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR - Input: elan_i2c - add support for ELAN0621 touchpad - btrfs: Always try all copies when reading extent buffers - Btrfs: fix use-after-free when dumping free space - ARC: change defconfig defaults to ARCv2 - arc: [devboards] Add support of NFSv3 ACL - mm: cleancache: fix corruption on missed inode invalidation - usb: gadget: dummy: fix nonsensical comparisons - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() - iommu/ipmmu-vmsa: Fix crash on early domain free - can: rcar_can: Fix erroneous registration - batman-adv: Expand merged fragment buffer for full packet - bnx2x: Assign unique DMAE channel number for FW DMAE transactions. - qed: Fix PTT leak in qed_drain() - qed: Fix reading wrong value in loop condition - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command - net/mlx4_core: Fix uninitialized variable compilation warning - net/mlx4: Fix UBSAN warning of signed integer overflow - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts - iommu/vt-d: Use memunmap to free memremap - net: amd: add missing of_node_put() - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device - usb: appledisplay: Add 27" Apple Cinema Display - USB: check usb_get_extra_descriptor for proper size - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c - ALSA: hda: Add support for AMD Stoney Ridge - ALSA: pcm: Fix starvation on down_write_nonblock() - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing - ALSA: pcm: Fix interval evaluation with openmin/max - virtio/s390: avoid race on vcdev->config - virtio/s390: fix race in ccw_io_helper() - SUNRPC: Fix leak of krb5p encode pages - xhci: Prevent U1/U2 link pm states if exit latency is too long - Staging: lustre: remove two build warnings - cifs: Fix separator when building path from dentry - tty: serial: 8250_mtk: always resume the device in probe. - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() - mac80211_hwsim: Timer should be initialized before device registered - mac80211: Clear beacon_int in ieee80211_do_stop - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext - mac80211: fix reordering of buffered broadcast packets - mac80211: ignore NullFunc frames in the duplicate detection - Linux 4.4.167 * CVE-2018-19407 - KVM: X86: Fix scan ioapic use-before-initialization * cpu-hotplug test in ubuntu_kernel_selftest always return 0 on Xenial (LP: #1809699) - selftests/cpu-hotplug: exit with failure when test occured unexpected behaviors * iommu - need to effectively disable iommu if "intel_iommu=off" is passed as a kernel parameter (LP: #1810328) - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off * ldisc crash on reopened tty (LP: #1791758) - tty: fix data race between tty_init_dev and flush of buf - tty: Drop tty->count on tty_reopen() failure - tty: Hold tty_ldisc_lock() during tty_reopen() - tty: Don't block on IO when ldisc change is pending - tty: Simplify tty->count math in tty_reopen() * Xenial update: 4.4.166 upstream stable release (LP: #1810967) - usb: core: Fix hub port connection events lost - usb: xhci: fix timeout for transition from RExit to U0 - MAINTAINERS: Add Sasha as a stable branch maintainer - iwlwifi: mvm: support sta_statistics() even on older firmware - v9fs_dir_readdir: fix double-free on p9stat_read error - bfs: add sanity check at bfs_fill_super() - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer - gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd - llc: do not use sk_eat_skb() - drm/ast: change resolution may cause screen blurred - drm/ast: fixed cursor may disappear sometimes - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length - can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected - KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE - cpufreq: imx6q: add return value check for voltage scale - SUNRPC: Fix a bogus get/put in generic_key_to_expire() - kdb: Use strscpy with destination buffer size - powerpc/numa: Suppress "VPHN is not supported" messages - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset - of: add helper to lookup compatible child node - NFC: nfcmrvl_uart: fix OF child-node lookup - net: bcmgenet: fix OF child-node lookup - x86/entry: spell EBX register correctly in documentation - x86/entry/64: Remove %ebx handling from error_entry/exit - arm64: remove no-op -p linker flag - ath10k: fix kernel panic due to race in accessing arvif list - Input: xpad - remove spurious events of wireless xpad 360 controller - Input: xpad - handle "present" and "gone" correctly - Input: xpad - update Xbox One Force Feedback Support - Input: xpad - workaround dead irq_out after suspend/ resume - Input: xpad - use LED API when identifying wireless controllers - Input: xpad - correct xbox one pad device name - Input: xpad - remove unused function - Input: xpad - add Mad Catz FightStick TE 2 VID/PID - Input: xpad - prevent spurious input from wired Xbox 360 controllers - Input: xpad - add more third-party controllers - Input: xpad - xbox one elite controller support - Input: xpad - fix rumble on Xbox One controllers with 2015 firmware - Input: xpad - power off wireless 360 controllers on suspend - Input: xpad - add product ID for Xbox One S pad - Input: xpad - fix Xbox One rumble stopping after 2.5 secs - Input: xpad - correctly sort vendor id's - Input: xpad - move reporting xbox one home button to common function - Input: xpad - simplify error condition in init_output - Input: xpad - don't depend on endpoint order - Input: xpad - fix stuck mode button on Xbox One S pad - Input: xpad - restore LED state after device resume - Input: xpad - support some quirky Xbox One pads - Input: xpad - sort supported devices by USB ID - Input: xpad - sync supported devices with xboxdrv - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth - Input: xpad - sync supported devices with 360Controller - Input: xpad - sync supported devices with XBCD - Input: xpad - constify usb_device_id - Input: xpad - fix PowerA init quirk for some gamepad models - Input: xpad - validate USB endpoint type during probe - Input: xpad - add support for PDP Xbox One controllers - Input: xpad - add PDP device id 0x02a4 - Input: xpad - fix some coding style issues - Input: xpad - avoid using __set_bit() for capabilities - Input: xpad - add GPD Win 2 Controller USB IDs - Input: xpad - fix GPD Win 2 controller name - Input: xpad - add support for Xbox1 PDP Camo series gamepad - cw1200: Don't leak memory if krealloc failes - mwifiex: Fix NULL pointer dereference in skb_dequeue() - mwifiex: fix p2p device doesn't find in scan problem - netfilter: nf_tables: fix oops when inserting an element into a verdict map - scsi: ufs: fix bugs related to null pointer access and array size - scsi: ufshcd: Fix race between clk scaling and ungate work - scsi: ufs: fix race between clock gating and devfreq scaling work - scsi: ufshcd: release resources if probe fails - scsi: qla2xxx: do not queue commands when unloading - iwlwifi: mvm: fix regulatory domain update when the firmware starts - tty: wipe buffer. - tty: wipe buffer if not echoing data - usb: xhci: fix uninitialized completion when USB3 port got wrong status - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used - s390/mm: Check for valid vma before zapping in gmap_discard - drm/ast: Remove existing framebuffers before loading driver - Linux 4.4.166 * Xenial update: 4.4.166 upstream stable release (LP: #1810967) // CVE-2000-1134 // CVE-2007-3852 // CVE-2008-0525 // CVE-2009-0416 // CVE-2011-4834 // CVE-2015-1838 // CVE-2015-7442 // CVE-2016-7489 - namei: allow restricted O_CREAT of FIFOs and regular files * Xenial update: 4.4.165 upstream stable release (LP: #1810958) - flow_dissector: do not dissect l4 ports for fragments - ip_tunnel: don't force DF when MTU is locked - net-gro: reset skb->pkt_type in napi_reuse_skb() - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF - kbuild: Add better clang cross build support - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS - kbuild: Consolidate header generation from ASM offset information - kbuild: consolidate redundant sed script ASM offset generation - kbuild: fix asm-offset generation to work with clang - kbuild: drop -Wno-unknown-warning-option from clang options - kbuild, LLVMLinux: Add -Werror to cc-option to support clang - kbuild: use -Oz instead of -Os when using clang - kbuild: Add support to generate LLVM assembly files - modules: mark __inittest/__exittest as __maybe_unused - kbuild: clang: Disable 'address-of-packed-member' warning - crypto: arm64/sha - avoid non-standard inline asm tricks - efi/libstub/arm64: Force 'hidden' visibility for section markers - efi/libstub/arm64: Set -fpie when building the EFI stub - kbuild: fix linker feature test macros when cross compiling with Clang - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile - kbuild: clang: fix build failures with sparse check - kbuild: clang: remove crufty HOSTCFLAGS - kbuild: clang: disable unused variable warnings only when constant - kbuild: set no-integrated-as before incl. arch Makefile - kbuild: allow to use GCC toolchain not in Clang search path - arm64: Disable asm-operand-width warning for clang - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} - crypto, x86: aesni - fix token pasting for clang - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility - kbuild: Add __cc-option macro - x86/build: Use __cc-option for boot code compiler options - x86/build: Specify stack alignment for clang - x86/boot: #undef memcpy() et al in string.c - x86/build: Fix stack alignment for CLang - x86/build: Use cc-option to validate stack alignment parameter - reiserfs: propagate errors from fill_with_dentries() properly - hfs: prevent btree data loss on root split - hfsplus: prevent btree data loss on root split - um: Give start_idle_thread() a return code - fs/exofs: fix potential memory leak in mount option parsing - clk: samsung: exynos5420: Enable PERIS clocks for suspend - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 - arm64: percpu: Initialize ret in the default case - s390/vdso: add missing FORCE to build targets - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net - s390/mm: Fix ERROR: "__node_distance" undefined! - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() - netfilter: xt_IDLETIMER: add sysfs filename checking routine - hwmon: (ibmpowernv) Remove bogus __init annotations - lib/raid6: Fix arm64 test build - zram: close udev startup race condition as default groups - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() - gfs2: Put bitmap buffers in put_super - btrfs: fix pinned underflow after transaction aborted - Revert "media: videobuf2-core: don't call memop 'finish' when queueing" - media: v4l: event: Add subscription to list before calling "add" operation - uio: Fix an Oops on load - usb: cdc-acm: add entry for Hiro (Conexant) modem - USB: quirks: Add no-lpm quirk for Raydium touchscreens - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data - USB: misc: appledisplay: add 20" Apple Cinema Display - drivers/misc/sgi-gru: fix Spectre v1 vulnerability - ACPI / platform: Add SMB0001 HID to forbidden_id_list - new helper: uaccess_kernel() - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges - xhci: Fix USB3 NULL pointer dereference at logical disconnect. - Linux 4.4.165 * Xenial update: 4.4.164 upstream stable release (LP: #1810947) - bcache: fix miss key refill->end in writeback - hwmon: (pmbus) Fix page count auto-detection. - jffs2: free jffs2_sb_info through jffs2_kill_sb() - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges - ipmi: Fix timer race with module unload - parisc: Fix address in HPMC IVA - parisc: Fix map_pages() to not overwrite existing pte entries - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided - x86/kconfig: Fall back to ticket spinlocks - [Config] Remove CONFIG{,_ARCH_USE}_QUEUED_SPINLOCKS - sparc: Fix single-pcr perf event counter management. - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() - net: qla3xxx: Remove overflowing shift statement - selftests: ftrace: Add synthetic event syntax testcase - locking/lockdep: Fix debug_locks off performance problem - ataflop: fix error handling during setup - swim: fix cleanup on setup error - tun: Consistently configure generic netdev params via rtnetlink - perf tools: Free temporary 'sys' string in read_event_files() - perf tools: Cleanup trace-event-info 'tdata' leak - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth - x86: boot: Fix EFI stub alignment - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers - pinctrl: qcom: spmi-mpp: Fix drive strength setting - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant - ath10k: schedule hardware restart if WMI command times out - scsi: esp_scsi: Track residual for PIO transfers - scsi: megaraid_sas: fix a missing-check bug - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated - ext4: fix argument checking in EXT4_IOC_MOVE_EXT - MD: fix invalid stored role for a disk - usb: chipidea: Prevent unbalanced IRQ disable - driver/dma/ioat: Call del_timer_sync() without holding prep_lock - uio: ensure class is registered before devices - scsi: lpfc: Correct soft lockup when running mds diagnostics - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init - dmaengine: dma-jz4780: Return error if not probed from DT - ALSA: hda: Check the non-cached stream buffers more explicitly - xen-swiotlb: use actually allocated size on check physical continuous - tpm: Restore functionality to xen vtpm driver. - xen: fix race in xen_qlock_wait() - xen: make xen_qlock_wait() nestable - net/ipv4: defensive cipso option parsing - libnvdimm: Hold reference on parent while scheduling async init - jbd2: fix use after free in jbd2_log_do_checkpoint() - gfs2_meta: ->mount() can get NULL dev_name - ext4: initialize retries variable in ext4_da_write_inline_data_begin() - HID: hiddev: fix potential Spectre v1 - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk - signal/GenWQE: Fix sending of SIGKILL - crypto: lrw - Fix out-of bounds access on counter overflow - ima: fix showing large 'violations' or 'runtime_measurements_count' - hugetlbfs: dirty pages as they are added to pagecache - kbuild: fix kernel/bounds.c 'W=1' warning - iio: adc: at91: fix acking DRDY irq on simple conversions - iio: adc: at91: fix wrong channel number in triggered buffer mode - w1: omap-hdq: fix missing bus unregister at removal - smb3: allow stats which track session and share reconnects to be reset - smb3: do not attempt cifs operation in smb3 query info error path - smb3: on kerberos mount if server doesn't specify auth type use krb5 - printk: Fix panic caused by passing log_buf_len to command line - genirq: Fix race on spurious interrupt detection - NFSv4.1: Fix the r/wsize checking - nfsd: Fix an Oops in free_session() - lockd: fix access beyond unterminated strings in prints - dm ioctl: harden copy_params()'s copy_from_user() from malicious users - powerpc/msi: Fix compile error on mpc83xx - MIPS: OCTEON: fix out of bounds array access on CN68XX - TC: Set DMA masks for devices - kgdboc: Passing ekgdboc to command line causes panic - xen: fix xen_qlock_wait() - media: em28xx: use a default format if TRY_FMT fails - media: em28xx: fix input name for Terratec AV 350 - media: em28xx: make v4l2-compliance happier by starting sequence on zero - ext4: avoid running out of journal credits when appending to an inline file - Cramfs: fix abad comparison when wrap-arounds occur - arm64: dts: stratix10: Correct System Manager register size - soc/tegra: pmc: Fix child-node lookup - btrfs: Handle owner mismatch gracefully when walking up tree - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list - btrfs: don't attempt to trim devices that don't support it - btrfs: wait on caching when putting the bg cache - btrfs: reset max_extent_size on clear in a bitmap - btrfs: make sure we create all new block groups - Btrfs: fix wrong dentries after fsync of file that got its parent replaced - btrfs: qgroup: Dirty all qgroups before rescan - Btrfs: fix null pointer dereference on compressed write path error - btrfs: set max_extent_size properly - MD: fix invalid stored role for a disk - try2 - tty: check name length in tty_find_polling_driver() - powerpc/nohash: fix undefined behaviour when testing page size support - drm/omap: fix memory barrier bug in DMM driver - media: pci: cx23885: handle adding to list failure - MIPS: kexec: Mark CPU offline before disabling local IRQ - powerpc/boot: Ensure _zimage_start is a weak symbol - sc16is7xx: Fix for multi-channel stall - media: tvp5150: fix width alignment during set_selection() - 9p locks: fix glock.client_id leak in do_lock - 9p: clear dangling pointers in p9stat_free - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters - fuse: Fix use-after-free in fuse_dev_do_read() - fuse: Fix use-after-free in fuse_dev_do_write() - fuse: fix blocked_waitq wakeup - fuse: set FR_SENT while locked - mm, elf: handle vm_brk error - binfmt_elf: fix calculations for bss padding - mm: refuse wrapped vm_brk requests - fs, elf: make sure to page align bss in load_elf_library - mm: do not bug_on on incorrect length in __mm_populate() - e1000: avoid null pointer dereference on invalid stat type - e1000: fix race condition between e1000_down() and e1000_watchdog - bna: ethtool: Avoid reading past end of buffer - MIPS: Loongson-3: Fix CPU UART irq delivery problem - MIPS: Loongson-3: Fix BRIDGE irq delivery problem - xtensa: add NOTES section to the linker script - xtensa: make sure bFLT stack is 16 byte aligned - xtensa: fix boot parameters address translation - clk: s2mps11: Fix matching when built as module and DT node contains compatible - libceph: bump CEPH_MSG_MAX_DATA_LEN - mach64: fix display corruption on big endian machines - mach64: fix image corruption due to reading accelerator registers - vhost/scsi: truncate T10 PI iov_iter to prot_bytes - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings - mtd: docg3: don't set conflicting BCH_CONST_PARAMS option - termios, tty/tty_baudrate.c: fix buffer overrun - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 - Btrfs: fix data corruption due to cloning of eof block - clockevents/drivers/i8253: Add support for PIT shutdown quirk - ext4: add missing brelse() update_backups()'s error path - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() - ext4: avoid buffer leak in ext4_orphan_add() after prior errors - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing - ext4: avoid possible double brelse() in add_new_gdb() on error path - ext4: fix possible leak of sbi->s_group_desc_leak in error path - ext4: release bs.bh before re-using in ext4_xattr_block_find() - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path - ext4: fix buffer leak in __ext4_read_dirblock() on error path - mount: Prevent MNT_DETACH from disconnecting locked mounts - sunrpc: correct the computation for page_ptr when truncating - rtc: hctosys: Add missing range error reporting - fuse: fix leaked notify reply - configfs: replace strncpy with memcpy - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! - mm: migration: fix migration of huge PMD shared pages - drm/rockchip: Allow driver to be shutdown on reboot/kexec - drm/dp_mst: Check if primary mstb is null - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values - Linux 4.4.164 * Xenial update: 4.4.163 upstream stable release (LP: #1810807) - xfrm: Validate address prefix lengths in the xfrm selector. - xfrm6: call kfree_skb when skb is toobig - mac80211: Always report TX status - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() - ARM: 8799/1: mm: fix pci_ioremap_io() offset check - xfrm: validate template mode - mac80211_hwsim: do not omit multicast announce of first added radio - Bluetooth: SMP: fix crash in unpairing - pxa168fb: prepare the clock - asix: Check for supported Wake-on-LAN modes - ax88179_178a: Check for supported Wake-on-LAN modes - lan78xx: Check for supported Wake-on-LAN modes - sr9800: Check for supported Wake-on-LAN modes - r8152: Check for supported Wake-on-LAN Modes - smsc75xx: Check for Wake-on-LAN modes - smsc95xx: Check for Wake-on-LAN modes - perf/ring_buffer: Prevent concurent ring buffer access - net: cxgb3_main: fix a missing-check bug - KEYS: put keyring if install_session_keyring_to_cred() fails - ipv6: suppress sparse warnings in IP6_ECN_set_ce() - net: drop write-only stack variable - ser_gigaset: use container_of() instead of detour - tracing: Skip more functions when doing stack tracing of events - ARM: dts: apq8064: add ahci ports-implemented mask - x86/mm/pat: Prevent hang during boot when mapping pages - radix-tree: fix radix_tree_iter_retry() for tagged iterators. - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers - net/mlx4_en: Resolve dividing by zero in 32-bit system - ipv6: orphan skbs in reassembly unit - um: Avoid longjmp/setjmp symbol clashes with libpthread.a - sched/cgroup: Fix cgroup entity load tracking tear-down - btrfs: don't create or leak aliased root while cleaning up orphans - thermal: allow spear-thermal driver to be a module - thermal: allow u8500-thermal driver to be a module - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs - aacraid: Start adapter after updating number of MSIX vectors - perf/core: Don't leak event in the syscall error path - usbvision: revert commit 588afcc1 - MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue - ASoC: ak4613: Enable cache usage to fix crashes on resume - ASoC: wm8940: Enable cache usage to fix crashes on resume - CIFS: handle guest access errors to Windows shares - arm64: Fix potential race with hardware DBM in ptep_set_access_flags() - xfrm: Clear sk_dst_cache when applying per-socket policy. - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata - sch_red: update backlog as well - usb-storage: fix bogus hardware error messages for ATA pass-thru devices - bpf: generally move prog destruction to RCU deferral - drm/nouveau/fbcon: fix oops without fbdev emulation - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio - net/mlx5e: Fix LRO modify - net/mlx5e: Correctly handle RSS indirection table when changing number of channels - ALSA: timer: Fix zero-division by continue of uninitialized instance - vti6: flush x-netns xfrm cache when vti interface is removed - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() - tty: serial: sprd: fix error return code in sprd_probe() - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() - sparc64 mm: Fix more TSB sizing issues - gpu: host1x: fix error return code in host1x_probe() - sparc64: Fix exception handling in UltraSPARC-III memcpy. - gpio: msic: fix error return code in platform_msic_gpio_probe() - usb: imx21-hcd: fix error return code in imx21_probe() - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() - usb: dwc3: omap: fix error return code in dwc3_omap_probe() - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() - MIPS: Handle non word sized instructions when examining frame - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() - spi: xlp: fix error return code in xlp_spi_probe() - ASoC: spear: fix error return code in spdif_in_probe() - PM / devfreq: tegra: fix error return code in tegra_devfreq_probe() - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal - scsi: aacraid: Fix typo in blink status - MIPS: microMIPS: Fix decoding of swsp16 instruction - igb: Remove superfluous reset to PHY and page 0 selection - MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression - ARM: dts: imx53-qsb: disable 1.2GHz OPP - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() - mtd: spi-nor: Add support for is25wp series chips - perf tools: Disable parallelism for 'make clean' - bridge: do not add port to router list when receives query with source 0.0.0.0 - net: bridge: remove ipv6 zero address check in mcast queries - ipv6: mcast: fix a use-after-free in inet6_mc_check - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs - net: sched: gred: pass the right attribute to gred_change_table_def() - net: socket: fix a missing-check bug - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules - r8169: fix NAPI handling under high load - sctp: fix race on sctp_id2asoc - net: drop skb on failure in ip_check_defrag() - vhost: Fix Spectre V1 vulnerability - rtnetlink: Disallow FDB configuration for non-Ethernet device - mremap: properly flush TLB before releasing the page - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned - ahci: don't ignore result code of ahci_reset_controller() - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) - ptp: fix Spectre v1 vulnerability - RDMA/ucma: Fix Spectre v1 vulnerability - IB/ucm: Fix Spectre v1 vulnerability - cdc-acm: correct counting of UART states in serial state notification - usb: gadget: storage: Fix Spectre v1 vulnerability - USB: fix the usbfs flag sanitization for control transfers - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM - sched/fair: Fix throttle_list starvation with low CFS quota - x86/percpu: Fix this_cpu_read() - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 - x86/time: Correct the attribute on jiffies' definition - Linux 4.4.163 * nvme - Polling on timeout (LP: #1807393) - nvme/pci: Poll CQ on timeout * Xenial: data corruption when using i40e with iommu (LP: #1802421) - i40e: Drop packet split receive routine * Fix Intel I210 doesn't work when ethernet cable gets plugged (LP: #1806818) - igb: Fix an issue that PME is not enabled during runtime suspend -- Khalid Elmously Thu, 17 Jan 2019 01:08:07 +0000 linux-kvm (4.4.0-1039.45) xenial; urgency=medium * linux-kvm: 4.4.0-1039.45 -proposed tracker (LP: #1806578) [ Ubuntu: 4.4.0-141.167 ] * linux: 4.4.0-141.167 -proposed tracker (LP: #1806569) * Redpine: firmware assert upon assoc timeout (LP: #1804360) - SAUCE: Redpine: fix for firmware assert upon assoc timeout * CVE-2018-12896 - posix-timers: Sanitize overrun handling * CVE-2017-5753 - ALSA: opl3: Hardening for potential Spectre v1 - ALSA: asihpi: Hardening for potential Spectre v1 - ALSA: hdspm: Hardening for potential Spectre v1 - ALSA: rme9652: Hardening for potential Spectre v1 - ALSA: control: Hardening for potential Spectre v1 - usbip: vhci_sysfs: fix potential Spectre v1 - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() * CVE-2018-18710 - cdrom: fix improper type cast, which can leat to information leak. * CVE-2018-18690 - xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE * CVE-2017-18174 - pinctrl: Add devm_ apis for pinctrl_{register, unregister} - pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration -- Khalid Elmously Thu, 06 Dec 2018 02:50:39 +0000 linux-kvm (4.4.0-1038.44) xenial; urgency=medium * linux-kvm: 4.4.0-1038.44 -proposed tracker (LP: #1802786) [ Ubuntu: 4.4.0-140.166 ] * linux: 4.4.0-140.166 -proposed tracker (LP: #1802776) * Bypass of mount visibility through userns + mount propagation (LP: #1789161) - mount: Retest MNT_LOCKED in do_umount - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts * kdump fail due to an IRQ storm (LP: #1797990) - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot - SAUCE: x86/quirks: Scan all busses for early PCI quirks * crash in ENA driver on removing an interface (LP: #1802341) - SAUCE: net: ena: fix crash during ena_remove() * xenial guest on arm64 drops to busybox under openstack bionic-rocky (LP: #1797092) - [Config] CONFIG_PCI_ECAM=y - PCI: Provide common functions for ECAM mapping - PCI: generic, thunder: Use generic ECAM API - PCI, of: Move PCI I/O space management to PCI core code - PCI: Move ecam.h to linux/include/pci-ecam.h - PCI: Add parent device field to ECAM struct pci_config_window - PCI: Add pci_unmap_iospace() to unmap I/O resources - PCI/ACPI: Support I/O resources when parsing host bridge resources - [Config] CONFIG_ACPI_MCFG=y - PCI/ACPI: Add generic MCFG table handling - PCI: Refactor pci_bus_assign_domain_nr() for CONFIG_PCI_DOMAINS_GENERIC - PCI: Factor DT-specific pci_bus_find_domain_nr() code out - ARM64: PCI: Add acpi_pci_bus_find_domain_nr() - ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT code - ARM64: PCI: Support ACPI-based PCI host controller * [GLK/CLX] Enhanced IBRS (LP: #1786139) - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation - x86/speculation: Support Enhanced IBRS on future CPUs * Update ENA driver to version 2.0.1K (LP: #1798182) - net: ena: remove ndo_poll_controller - net: ena: fix warning in rmmod caused by double iounmap - net: ena: fix rare bug when failed restart/resume is followed by driver removal - net: ena: fix NULL dereference due to untimely napi initialization - net: ena: fix auto casting to boolean - net: ena: minor performance improvement - net: ena: complete host info to match latest ENA spec - net: ena: introduce Low Latency Queues data structures according to ENA spec - net: ena: add functions for handling Low Latency Queues in ena_com - net: ena: add functions for handling Low Latency Queues in ena_netdev - net: ena: use CSUM_CHECKED device indication to report skb's checksum status - net: ena: explicit casting and initialization, and clearer error handling - net: ena: limit refill Rx threshold to 256 to avoid latency issues - net: ena: change rx copybreak default to reduce kernel memory pressure - net: ena: remove redundant parameter in ena_com_admin_init() - net: ena: update driver version to 2.0.1 - net: ena: fix indentations in ena_defs for better readability - net: ena: Fix Kconfig dependency on X86 - net: ena: enable Low Latency Queues - net: ena: fix compilation error in xtensa architecture * Xenial update: 4.4.162 upstream stable release (LP: #1801900) - ASoC: wm8804: Add ACPI support - ASoC: sigmadsp: safeload should not have lower byte limit - selftests/efivarfs: add required kernel configs - mfd: omap-usb-host: Fix dts probe of children - sound: enable interrupt after dma buffer initialization - stmmac: fix valid numbers of unicast filter entries - net: macb: disable scatter-gather for macb on sama5d3 - ARM: dts: at91: add new compatibility string for macb on sama5d3 - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 - ext4: add corruption check in ext4_xattr_set_entry() - mm/vmstat.c: fix outdated vmstat_text - mach64: detect the dot clock divider correctly on sparc - perf script python: Fix export-to-postgresql.py occasional failure - i2c: i2c-scmi: fix for i2c_smbus_write_block_data - xhci: Don't print a warning when setting link state for disabled ports - jffs2: return -ERANGE when xattr buffer is too small - bnxt_en: Fix TX timeout during netpoll. - bonding: avoid possible dead-lock - ip6_tunnel: be careful when accessing the inner header - ip_tunnel: be careful when accessing the inner header - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() - net: ipv4: update fnhe_pmtu when first hop's MTU changes - net/ipv6: Display all addresses in output of /proc/net/if_inet6 - netlabel: check for IPV4MASK in addrinfo_get - net/usb: cancel pending work when unbinding smsc75xx - qlcnic: fix Tx descriptor corruption on 82xx devices - team: Forbid enslaving team device to itself - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload - net: systemport: Fix wake-up interrupt race during resume - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch - x86/fpu: Remove use_eager_fpu() - x86/fpu: Remove struct fpu::counter - x86/fpu: Finish excising 'eagerfpu' - media: af9035: prevent buffer overflow on write - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non- am43 SoCs - Input: atakbd - fix Atari keymap - Input: atakbd - fix Atari CapsLock behaviour - net/mlx4: Use cpumask_available for eq->affinity_mask - powerpc/tm: Fix userspace r13 corruption - powerpc/tm: Avoid possible userspace r1 corruption on reclaim - ARC: build: Get rid of toolchain check - usb: gadget: serial: fix oops when data rx'd after close - HV: properly delay KVP packets when negotiation is in progress - Linux 4.4.162 * Xenial update: 4.4.161 upstream stable release (LP: #1801893) - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly - fbdev/omapfb: fix omapfb_memory_read infoleak - x86/vdso: Fix asm constraints on vDSO syscall fallbacks - x86/vdso: Fix vDSO syscall fallback asm constraint regression - PCI: Reprogram bridge prefetch registers on resume - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys - PM / core: Clear the direct_complete flag on errors - dm cache: fix resize crash if user doesn't reload cache table - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI - USB: serial: simple: add Motorola Tetra MTP6550 id - of: unittest: Disable interrupt node tests for old world MAC systems - ext4: always verify the magic number in xattr blocks - cgroup: Fix deadlock in cpu hotplug path - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait - ARC: clone syscall to setp r25 as thread pointer - ucma: fix a use-after-free in ucma_resolve_ip() - ubifs: Check for name being NULL while mounting - tcp: increment sk_drops for dropped rx packets - tcp: use an RB tree for ooo receive queue - tcp: fix a stale ooo_last_skb after a replace - tcp: free batches of packets in tcp_prune_ofo_queue() - tcp: call tcp_drop() from tcp_data_queue_ofo() - tcp: add tcp_ooo_try_coalesce() helper - ath10k: fix scan crash due to incorrect length calculation - ebtables: arpreply: Add the standard target sanity check - Linux 4.4.161 * mlock203 test in ubuntu_ltp_syscalls failed with Xenial kernel (LP: #1793451) - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) * execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729) - cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639) - net/af_iucv: drop inbound packets with invalid flags - net/af_iucv: fix skb handling on HiperTransport xmit error * NULL pointer dereference at 0000000000000020 when access dst_orig->ops->family in function xfrm_lookup_with_ifid() (LP: #1801878) - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry. * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641) - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function - s390: qeth: Fix potential array overrun in cmd/rc lookup * Packaging resync (LP: #1786013) - [Package] add support for specifying the primary makefile -- Khalid Elmously Tue, 13 Nov 2018 17:17:34 -0500 linux-kvm (4.4.0-1037.43) xenial; urgency=medium * linux-kvm: 4.4.0-1037.43 -proposed tracker (LP: #1799408) [ Ubuntu: 4.4.0-139.165 ] * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401) * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464) - nbd: Remove signal usage - nbd: Timeouts are not user requested disconnects - nbd: Cleanup reset of nbd and bdev after a disconnect - nbd: don't shutdown sock with irq's disabled - nbd: fix race in ioctl * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314) - SAUCE: fscache: Fix race in decrementing refcount of op->npages * xenial: virtio-scsi: CPU soft lockup due to loop in virtscsi_target_destroy() (LP: #1798110) - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command requeue * Error reported when creating ZFS pool with "-t" option, despite successful pool creation (LP: #1769937) - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26 * Xenial update: 4.4.160 upstream stable release (LP: #1798770) - crypto: skcipher - Fix -Wstringop-truncation warnings - tsl2550: fix lux1_input error in low light - vmci: type promotion bug in qp_host_get_user_memory() - x86/numa_emulation: Fix emulated-to-physical node mapping - staging: rts5208: fix missing error check on call to rtsx_write_register - uwb: hwa-rc: fix memory leak at probe - power: vexpress: fix corruption in notifier registration - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 - USB: serial: kobil_sct: fix modem-status error handling - 6lowpan: iphc: reset mac_header after decompress to fix panic - md-cluster: clear another node's suspend_area after the copy is finished - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() - powerpc/kdump: Handle crashkernel memory reservation failure - media: fsl-viu: fix error handling in viu_of_probe() - x86/tsc: Add missing header to tsc_msr.c - x86/entry/64: Add two more instruction suffixes - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size - scsi: klist: Make it safe to use klists in atomic context - scsi: ibmvscsi: Improve strings handling - usb: wusbcore: security: cast sizeof to int for comparison - powerpc/powernv/ioda2: Reduce upper limit for DMA window size - alarmtimer: Prevent overflow for relative nanosleep - s390/extmem: fix gcc 8 stringop-overflow warning - ALSA: snd-aoa: add of_node_put() in error path - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power - media: soc_camera: ov772x: correct setting of banding filter - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data - staging: android: ashmem: Fix mmap size validation - drivers/tty: add error handling for pcmcia_loop_config - media: tm6000: add error handling for dvb_register_adapter - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() - ARM: mvebu: declare asm symbols as character arrays in pmsu.c - HID: hid-ntrig: add error handling for sysfs_create_group - scsi: bnx2i: add error handling for ioremap_nocache - EDAC, i7core: Fix memleaks and use-after-free on probe and remove - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs - module: exclude SHN_UNDEF symbols from kallsyms api - nfsd: fix corrupted reply to badly ordered compound - ARM: dts: dra7: fix DCAN node addresses - serial: cpm_uart: return immediately from console poll - spi: tegra20-slink: explicitly enable/disable clock - spi: sh-msiof: Fix invalid SPI use during system suspend - spi: sh-msiof: Fix handling of write value for SISTR register - spi: rspi: Fix invalid SPI use during system suspend - spi: rspi: Fix interrupted DMA transfers - USB: fix error handling in usb_driver_claim_interface() - USB: handle NULL config in usb_find_alt_setting() - slub: make ->cpu_partial unsigned int - Revert "UBUNTU: SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device" - media: uvcvideo: Support realtek's UVC 1.5 device - USB: usbdevfs: sanitize flags more - USB: usbdevfs: restore warning for nonsensical flags - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" - USB: remove LPM management from usb_driver_claim_interface() - Input: elantech - enable middle button of touchpad on ThinkPad P72 - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop - scsi: target: iscsi: Use bin2hex instead of a re-implementation - serial: imx: restore handshaking irq for imx1 - arm64: KVM: Tighten guest core register access from userspace - ext4: never move the system.data xattr out of the inode body - thermal: of-thermal: disable passive polling when thermal zone is disabled - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES - e1000: check on netif_running() before calling e1000_up() - e1000: ensure to free old tx/rx rings in set_ringparam() - hwmon: (ina2xx) fix sysfs shunt resistor read access - hwmon: (adt7475) Make adt7475_read_word() return errors - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus - arm64: cpufeature: Track 32bit EL0 support - arm64: KVM: Sanitize PSTATE.M when being set from userspace - media: v4l: event: Prevent freeing event subscriptions while accessed - KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X - gpio: adp5588: Fix sleep-in-atomic-context bug - mac80211: mesh: fix HWMP sequence numbering to follow standard - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 - i2c: uniphier: issue STOP only for last message or I2C_M_STOP - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() - fs/cifs: don't translate SFM_SLASH (U+F026) to backslash - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() - mac80211: fix a race between restart and CSA flows - mac80211: Fix station bandwidth setting after channel switch - mac80211: shorten the IBSS debug messages - tools/vm/slabinfo.c: fix sign-compare warning - tools/vm/page-types.c: fix "defined but not used" warning - mm: madvise(MADV_DODUMP): allow hugetlbfs pages - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] - perf probe powerpc: Ignore SyS symbols irrespective of endianness - RDMA/ucma: check fd type in ucma_migrate_id() - USB: yurex: Check for truncation in yurex_read() - drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS - fs/cifs: suppress a string overflow warning - dm thin metadata: try to avoid ever aborting transactions - arch/hexagon: fix kernel/dma.c build warning - hexagon: modify ffs() and fls() to return int - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED - s390/qeth: don't dump past end of unknown HW header - cifs: read overflow in is_valid_oplock_break() - xen/manage: don't complain about an empty value in control/sysrq node - xen: avoid crash in disable_hotplug_cpu - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage - smb2: fix missing files in root share directory listing - crypto: mxs-dcp - Fix wait logic on chan threads - proc: restrict kernel stack dumps to root - ocfs2: fix locking for res->tracking and dlm->tracking_list - dm thin metadata: fix __udivdi3 undefined on 32-bit - Linux 4.4.160 * Volume control not working Dell XPS 27 (7760) (LP: #1775068) // Xenial update: 4.4.160 upstream stable release (LP: #1798770) - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 * Xenial update: 4.4.160 upstream stable release (LP: #1798770) // CVE-2018-7755 - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl * Xenial update: 4.4.159 upstream stable release (LP: #1798617) - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands - NFC: Fix the number of pipes - ASoC: cs4265: fix MMTLR Data switch control - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping - ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO - platform/x86: alienware-wmi: Correct a memory leak - xen/netfront: don't bug in case of too many frags - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code - ring-buffer: Allow for rescheduling when removing pages - mm: shmem.c: Correctly annotate new inodes for lockdep - gso_segment: Reset skb->mac_len after modifying network header - ipv6: fix possible use-after-free in ip6_xmit() - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT - net: hp100: fix always-true check for link up state - neighbour: confirm neigh entries when ARP packet is received - ocfs2: fix ocfs2 read block panic - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() - tty: vt_ioctl: fix potential Spectre v1 - ext4: avoid divide by zero fault when deleting corrupted inline directories - ext4: recalucate superblock checksum after updating free blocks/inodes - ext4: fix online resize's handling of a too-small final block group - ext4: fix online resizing for bigalloc file systems with a 1k block size - ext4: don't mark mmp buffer head dirty - arm64: Add trace_hardirqs_off annotation in ret_to_user - HID: sony: Update device ids - HID: sony: Support DS4 dongle - iw_cxgb4: only allow 1 flush on user qps - Linux 4.4.159 * Xenial update: 4.4.158 upstream stable release (LP: #1798587) - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register - ALSA: msnd: Fix the default sample sizes - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro - xfrm: fix 'passing zero to ERR_PTR()' warning - gfs2: Special-case rindex for gfs2_grow - clk: imx6ul: fix missing of_node_put() - kbuild: add .DELETE_ON_ERROR special target - dmaengine: pl330: fix irq race with terminate_all - MIPS: ath79: fix system restart - media: videobuf2-core: check for q->error in vb2_core_qbuf() - mtd/maps: fix solutionengine.c printk format warnings - fbdev: omapfb: off by one in omapfb_register_client() - video: goldfishfb: fix memory leak on driver remove - fbdev/via: fix defined but not used warning - perf powerpc: Fix callchain ip filtering when return address is in a register - fbdev: Distinguish between interlaced and progressive modes - ARM: exynos: Clear global variable on init error path - perf powerpc: Fix callchain ip filtering - powerpc/powernv: opal_put_chars partial write fix - MIPS: jz4740: Bump zload address - mac80211: restrict delayed tailroom needed decrement - xen-netfront: fix queue name setting - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger - s390/qeth: fix race in used-buffer accounting - s390/qeth: reset layer2 attribute on layer switch - platform/x86: toshiba_acpi: Fix defined but not used build warnings - crypto: sharah - Unregister correct algorithms for SAHARA 3 - xen-netfront: fix warn message as irq device name has '/' - RDMA/cma: Protect cma dev list with lock - pstore: Fix incorrect persistent ram buffer mapping - xen/netfront: fix waiting for xenbus state change - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler - Tools: hv: Fix a bug in the key delete code - misc: hmc6352: fix potential Spectre v1 - usb: Don't die twice if PCI xhci host is not responding in resume - USB: Add quirk to support DJI CineSSD - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller - USB: net2280: Fix erroneous synchronization change - USB: serial: io_ti: fix array underflow in completion handler - usb: misc: uss720: Fix two sleep-in-atomic-context bugs - USB: yurex: Fix buffer over-read in yurex_write() - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() - cifs: prevent integer overflow in nxt_dir_entry() - CIFS: fix wrapping bugs in num_entries() - binfmt_elf: Respect error return from `regset->active' - audit: fix use-after-free in audit_add_watch - mtdchar: fix overflows in adjustment of `count` - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads - ARM: hisi: handle of_iomap and fix missing of_node_put - ARM: hisi: fix error handling and missing of_node_put - ARM: hisi: check of_iomap and fix missing of_node_put - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping - parport: sunbpp: fix error return code - coresight: Handle errors in finding input/output ports - coresight: tpiu: Fix disabling timeouts - gpiolib: Mark gpio_suffixes array with __maybe_unused - drm/amdkfd: Fix error codes in kfd_get_process - rtc: bq4802: add error handling for devm_ioremap - ALSA: pcm: Fix snd_interval_refine first/last with open min/max - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler - mei: bus: type promotion bug in mei_nfc_if_version() - drivers: net: cpsw: fix segfault in case of bad phy-handle - MIPS: VDSO: Match data page cache colouring when D$ aliases - Linux 4.4.158 * Xenial update: 4.4.157 upstream stable release (LP: #1798539) - i2c: xiic: Make the start and the byte count write atomic - i2c: i801: fix DNV's SMBCTRL register offset - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work - cfq: Give a chance for arming slice idle timer in case of group_idle - kthread: Fix use-after-free if kthread fork fails - kthread: fix boot hang (regression) on MIPS/OpenRISC - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page - staging/rts5208: Fix read overflow in memcpy - block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg - locking/rwsem-xadd: Fix missed wakeup due to reordering of load - selinux: use GFP_NOWAIT in the AVC kmem_caches - locking/osq_lock: Fix osq_lock queue corruption - ARC: [plat-axs*]: Enable SWAP - misc: mic: SCIF Fix scif_get_new_port() error handling - ethtool: Remove trailing semicolon for static inline - gpio: tegra: Move driver registration to subsys_init level - scsi: target: fix __transport_register_session locking - md/raid5: fix data corruption of replacements after originals dropped - misc: ti-st: Fix memory leak in the error path of probe() - uio: potential double frees if __uio_register_device() fails - tty: rocket: Fix possible buffer overwrite on register_PCI - f2fs: do not set free of current section - perf tools: Allow overriding MAX_NR_CPUS at compile time - NFSv4.0 fix client reference leak in callback - macintosh/via-pmu: Add missing mmio accessors - ath10k: prevent active scans on potential unusable channels - MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET - ata: libahci: Correct setting of DEVSLP register - scsi: 3ware: fix return 0 on the error path of probe - ath10k: disable bundle mgmt tx completion event support - Bluetooth: hidp: Fix handling of strncpy for hid->name information - x86/mm: Remove in_nmi() warning from vmalloc_fault() - gpio: ml-ioh: Fix buffer underwrite on probe error path - net: mvneta: fix mtu change on port without link - MIPS: Octeon: add missing of_node_put() - net: dcb: For wild-card lookups, use priority -1, not 0 - Input: atmel_mxt_ts - only use first T9 instance - iommu/ipmmu-vmsa: Fix allocation in atomic context - mfd: ti_am335x_tscadc: Fix struct clk memory leak - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize - MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON - RDMA/cma: Do not ignore net namespace for unbound cm_id - xhci: Fix use-after-free in xhci_free_virt_device - vmw_balloon: include asm/io.h - netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config - net: ethernet: ti: cpsw: fix mdio device reference leak - ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle - crypto: vmx - Fix sleep-in-atomic bugs - mtd: ubi: wl: Fix error return code in ubi_wl_init() - autofs: fix autofs_sbi() does not check super block type - Linux 4.4.157 * Xenial update: 4.4.156 upstream stable release (LP: #1797563) - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free - net: bcmgenet: use MAC link status for fixed phy - qlge: Fix netdev features configuration. - tcp: do not restart timewait timer on rst reception - vti6: remove !skb->ignore_df check from vti6_xmit() - cifs: check if SMB2 PDU size has been padded and suppress the warning - hfsplus: don't return 0 when fill_super() failed - hfs: prevent crash on exit from failed search - fork: don't copy inconsistent signal handler state to child - reiserfs: change j_timestamp type to time64_t - hfsplus: fix NULL dereference in hfsplus_lookup() - fat: validate ->i_start before using - scripts: modpost: check memory allocation results - mm/fadvise.c: fix signed overflow UBSAN complaint - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() - mfd: sm501: Set coherent_dma_mask when creating subdevices - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP - net/9p: fix error path of p9_virtio_probe - powerpc: Fix size calculation using resource_size() - s390/dasd: fix hanging offline processing due to canceled worker - scsi: aic94xx: fix an error code in aic94xx_init() - PCI: mvebu: Fix I/O space end address calculation - dm kcopyd: avoid softlockup in run_complete_job - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice - selftests/powerpc: Kill child processes on SIGINT - smb3: fix reset of bytes read and written stats - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. - btrfs: replace: Reset on-disk dev stats value after replace - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized - btrfs: Don't remove block group that still has pinned down bytes - debugobjects: Make stack check warning more informative - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear - kbuild: make missing $DEPMOD a Warning instead of an Error - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" - enic: do not call enic_change_mtu in enic_probe - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated pages") - genirq: Delay incrementing interrupt count if it's disabled/pending - irqchip/gic-v3-its: Recompute the number of pages on page size change - irqchip/gicv3-its: Fix memory leak in its_free_tables() - irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() - irqchip/gic: Make interrupt ID 1020 invalid - ovl: rename is_merge to is_lowest - ovl: override creds with the ones from the superblock mounter - ovl: proper cleanup of workdir - sch_htb: fix crash on init failure - sch_multiq: fix double free on init failure - sch_hhf: fix null pointer dereference on init failure - sch_netem: avoid null pointer deref on init failure - sch_tbf: fix two null pointer dereferences on init failure - mei: me: allow runtime pm for platform with D0i3 - ASoC: wm8994: Fix missing break in switch - btrfs: use correct compare function of dirty_metadata_bytes - Linux 4.4.156 -- Khalid Elmously Thu, 25 Oct 2018 23:14:53 +0000 linux-kvm (4.4.0-1036.42) xenial; urgency=medium * linux-kvm: 4.4.0-1036.42 -proposed tracker (LP: #1795589) * Xenial update to 4.4.148 stable release (LP: #1792174) - [config] updateconfigs for master changes * kvm kernel missing nbd module (LP: #1793976) - kvm: [Config] enable BLK_DEV_NBD [ Ubuntu: 4.4.0-138.164 ] * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582) * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662) - powerpc/fadump: Return error when fadump registration fails * Kernel hang on drive pull caused by regression introduced by commit 287922eb0b18 (LP: #1791790) - block: Fix a race between blk_cleanup_queue() and timeout handling * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086) - s390/qeth: use vzalloc for QUERY OAT buffer * Page leaking in cachefiles_read_backing_file while vmscan is active (LP: #1793430) - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan is active * Bugfix for handling of shadow doorbell buffer (LP: #1788222) - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event * Xenial update to 4.4.155 stable release (LP: #1792419) - net: 6lowpan: fix reserved space for single frames - net: mac802154: tx: expand tailroom if necessary - 9p/net: Fix zero-copy path in the 9p virtio transport - net: lan78xx: Fix misplaced tasklet_schedule() call - spi: davinci: fix a NULL pointer dereference - drm/i915/userptr: reject zero user_size - powerpc/fadump: handle crash memory ranges array index overflow - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler. - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed - 9p/virtio: fix off-by-one error in sg list bounds check - net/9p/client.c: version pointer uninitialized - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() - dm cache metadata: save in-core policy_hint_size to on-disk superblock - iio: ad9523: Fix displayed phase - iio: ad9523: Fix return value for ad952x_store() - vmw_balloon: fix inflation of 64-bit GFNs - vmw_balloon: do not use 2MB without batching - vmw_balloon: VMCI_DOORBELL_SET does not check status - vmw_balloon: fix VMCI use when balloon built into kernel - tracing: Do not call start/stop() functions when tracing_on does not change - tracing/blktrace: Fix to allow setting same value - kthread, tracing: Don't expose half-written comm when creating kthreads - uprobes: Use synchronize_rcu() not synchronize_sched() - 9p: fix multiple NULL-pointer-dereferences - PM / sleep: wakeup: Fix build error caused by missing SRCU support - pnfs/blocklayout: off by one in bl_map_stripe() - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset - mm/tlb: Remove tlb_remove_table() non-concurrent condition - iommu/vt-d: Add definitions for PFSID - iommu/vt-d: Fix dev iotlb pfsid use - osf_getdomainname(): use copy_to_user() - sys: don't hold uts_sem while accessing userspace memory - userns: move user access out of the mutex - ubifs: Fix memory leak in lprobs self-check - Revert "UBIFS: Fix potential integer overflow in allocation" - ubifs: Check data node size before truncate - ubifs: Fix synced_i_size calculation for xattr inodes - pwm: tiehrpwm: Fix disabling of output of PWMs - fb: fix lost console when the user unplugs a USB adapter - udlfb: set optimal write delay - getxattr: use correct xattr length - bcache: release dc->writeback_lock properly in bch_writeback_thread() - perf auxtrace: Fix queue resize - fs/quota: Fix spectre gadget in do_quotactl - x86/io: add interface to reserve io memtype for a resource range. (v1.1) - drm/drivers: add support for using the arch wc mapping API. - Linux 4.4.155 * Xenial update to 4.4.154 stable release (LP: #1792392) - sched/sysctl: Check user input value of sysctl_sched_time_avg - Cipso: cipso_v4_optptr enter infinite loop - vti6: fix PMTU caching and reporting on xmit - xfrm: fix missing dst_release() after policy blocking lbcast and multicast - xfrm: free skb if nlsk pointer is NULL - mac80211: add stations tied to AP_VLANs during hw reconfig - nl80211: Add a missing break in parse_station_flags - drm/bridge: adv7511: Reset registers on hotplug - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF - drm/imx: imx-ldb: disable LDB on driver bind - drm/imx: imx-ldb: check if channel is enabled before printing warning - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() - usb/phy: fix PPC64 build errors in phy-fsl-usb.c - tools: usb: ffs-test: Fix build on big endian systems - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' - tools/power turbostat: fix -S on UP systems - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb - qed: Fix possible race for the link state value. - atl1c: reserve min skb headroom - net: prevent ISA drivers from building on PPC32 - can: mpc5xxx_can: check of_iomap return before use - i2c: davinci: Avoid zero value of CLKH - media: staging: omap4iss: Include asm/cacheflush.h after generic includes - bnx2x: Fix invalid memory access in rss hash config path. - net: axienet: Fix double deregister of mdio - selftests/ftrace: Add snapshot and tracing_on test case - zswap: re-check zswap_is_full() after do zswap_shrink() - tools/power turbostat: Read extended processor family from CPUID - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" - enic: handle mtu change for vf properly - arc: fix build errors in arc/include/asm/delay.h - arc: fix type warnings in arc/mm/cache.c - drivers: net: lmc: fix case value for target abort error - scsi: fcoe: drop frames in ELS LOGO error path - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED - mm/memory.c: check return value of ioremap_prot - cifs: add missing debug entries for kconfig options - cifs: check kmalloc before use - smb3: Do not send SMB3 SET_INFO if nothing changed - smb3: don't request leases in symlink creation and query - btrfs: don't leak ret from do_chunk_alloc - s390/kvm: fix deadlock when killed by oom - ext4: check for NUL characters in extended attribute's name - ext4: sysfs: print ext4_super_block fields as little-endian - ext4: reset error code in ext4_find_entry in fallback - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() - KVM: arm/arm64: Skip updating PTE entry if no change - KVM: arm/arm64: Skip updating PMD entry if no change - x86/speculation/l1tf: Suggest what to do on systems with too much RAM - x86/process: Re-export start_thread() - fuse: Don't access pipe->buffers without pipe_lock() - fuse: fix double request_end() - fuse: fix unlocked access to processing queue - fuse: umount should wait for all requests - fuse: Fix oops at process_init_reply() - fuse: Add missed unlock_page() to fuse_readpages_fill() - udl-kms: change down_interruptible to down - udl-kms: handle allocation failure - udl-kms: fix crash due to uninitialized memory - ASoC: dpcm: don't merge format from invalid codec dai - ASoC: sirf: Fix potential NULL pointer dereference - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() - x86/irqflags: Mark native_restore_fl extern inline - s390: fix br_r1_trampoline for machines without exrl - s390/qdio: reset old sbal_state flags - kprobes: Make list and blacklist root user read only - MIPS: Correct the 64-bit DSP accumulator register size - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock - iscsi target: fix session creation failure handling - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status - Linux 4.4.154 * Xenial update to 4.4.153 stable release (LP: #1792383) - x86/mm: Fix use-after-free of ldt_struct - ovl: Ensure upper filesystem supports d_type - ovl: Do d_type check only if work dir creation was successful - ovl: warn instead of error if d_type is not supported - Linux 4.4.153 * Xenial update to 4.4.152 stable release (LP: #1792377) - ARC: Explicitly add -mmedium-calls to CFLAGS - netfilter: ipv6: nf_defrag: reduce struct net memory waste - selftests: pstore: return Kselftest Skip code for skipped tests - selftests: static_keys: return Kselftest Skip code for skipped tests - selftests: user: return Kselftest Skip code for skipped tests - selftests: zram: return Kselftest Skip code for skipped tests - selftests: sync: add config fragment for testing sync framework - ARM: dts: Cygnus: Fix I2C controller interrupt type - usb: dwc2: fix isoc split in transfer with no data - usb: gadget: composite: fix delayed_status race condition when set_interface - usb: gadget: dwc2: fix memory leak in gadget_init() - scsi: xen-scsifront: add error handling for xenbus_printf - arm64: make secondary_start_kernel() notrace - qed: Add sanity check for SIMD fastpath handler. - enic: initialize enic->rfs_h.lock in enic_probe - net: hamradio: use eth_broadcast_addr - net: propagate dev_get_valid_name return code - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP - net: davinci_emac: match the mdio device against its compatible if possible - locking/lockdep: Do not record IRQ state within lockdep code - ipv6: mcast: fix unsolicited report interval after receiving querys - Smack: Mark inode instant in smack_task_to_inode - cxgb4: when disabling dcb set txq dcb priority to 0 - brcmfmac: stop watchdog before detach and free everything - ARM: dts: am437x: make edt-ft5x06 a wakeup source - usb: xhci: increase CRS timeout value - perf test session topology: Fix test on s390 - perf report powerpc: Fix crash if callchain is empty - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs - ARM: dts: da850: Fix interrups property for gpio - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() - md/raid10: fix that replacement cannot complete recovery after reassemble - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes - drm/exynos: decon5433: Fix WINCONx reset value - bnx2x: Fix receiving tx-timeout in error or recovery state. - m68k: fix "bad page state" oops on ColdFire boot - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos - ARM: imx_v6_v7_defconfig: Select ULPI support - ARM: imx_v4_v5_defconfig: Select ULPI support - tracing: Use __printf markup to silence compiler - kasan: fix shadow_size calculation error in kasan_module_alloc - smsc75xx: Add workaround for gigabit link up hardware errata. - netfilter: x_tables: set module owner for icmp(6) matches - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem - ieee802154: at86rf230: use __func__ macro for debug messages - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem - drm/armada: fix colorkey mode property - bnxt_en: Fix for system hang if request_irq fails - perf llvm-utils: Remove bashism from kernel include fetch script - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller - ixgbe: Be more careful when modifying MAC filters - packet: reset network header if packet shorter than ll reserved space - qlogic: check kstrtoul() for errors - tcp: remove DELAYED ACK events in DCTCP - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() - net/ethernet/freescale/fman: fix cross-build error - net: usb: rtl8150: demote allmulti message to dev_dbg() - net: qca_spi: Avoid packet drop during initial sync - net: qca_spi: Make sure the QCA7000 reset is triggered - net: qca_spi: Fix log level if probe fails - tcp: identify cryptic messages as TCP seq # bugs - staging: android: ion: check for kref overflow - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer - ext4: fix spectre gadget in ext4_mb_regular_allocator() - parisc: Remove ordered stores from syscall.S - xfrm_user: prevent leaking 2 bytes of kernel memory - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state - packet: refine ring v3 block size test to hold one frame - bridge: Propagate vlan add failure to user - parisc: Remove unnecessary barriers from spinlock.h - PCI: hotplug: Don't leak pci_slot on registration failure - PCI: Skip MPS logic for Virtual Functions (VFs) - PCI: pciehp: Fix use-after-free on unplug - i2c: imx: Fix race condition in dma read - reiserfs: fix broken xattr handling (heap corruption, bad retval) - Linux 4.4.152 * Xenial update to 4.4.151 stable release (LP: #1792340) - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache - llc: use refcount_inc_not_zero() for llc_sap_find() - net_sched: Fix missing res info when create new tc_index filter - vsock: split dwork to avoid reinitializations - net_sched: fix NULL pointer dereference when delete tcindex filter - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs - ALSA: hda - Turn CX8200 into D3 as well upon reboot - ALSA: vx222: Fix invalid endian conversions - ALSA: virmidi: Fix too long output trigger loop - ALSA: cs5535audio: Fix invalid endian conversion - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry - ALSA: memalloc: Don't exceed over the requested size - ALSA: vxpocket: Fix invalid endian conversions - USB: serial: sierra: fix potential deadlock at close - USB: option: add support for DW5821e - ACPI: save NVS memory for Lenovo G50-45 - ACPI / PM: save NVS memory for ASUS 1025C laptop - serial: 8250_dw: always set baud rate in dw8250_set_termios - Bluetooth: avoid killing an already killed socket - isdn: Disable IIOCDBGVAR - Linux 4.4.151 * Xenial update to 4.4.150 stable release (LP: #1792336) - x86/speculation/l1tf: Exempt zeroed PTEs from inversion - Linux 4.4.150 * Xenial update to 4.4.149 stable release (LP: #1792310) - x86/mm: Disable ioremap free page handling on x86-PAE - tcp: Fix missing range_truesize enlargement in the backport - kasan: don't emit builtin calls when sanitization is off - i2c: ismt: fix wrong device address when unmap the data buffer - kbuild: verify that $DEPMOD is installed - crypto: vmac - require a block cipher with 128-bit block size - crypto: vmac - separate tfm and request context - crypto: blkcipher - fix crash flushing dcache in error path - crypto: ablkcipher - fix crash flushing dcache in error path - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization - ioremap: Update pgtable free interfaces with addr - x86/mm: Add TLB purge to free pmd/pte page interfaces - Linux 4.4.149 * Xenial update to 4.4.149 stable release (LP: #1792310) // CVE-2018-9363 - Bluetooth: hidp: buffer overflow in hidp_process_report * Xenial update to 4.4.148 stable release (LP: #1792174) - ext4: fix check to prevent initializing reserved inodes - tpm: fix race condition in tpm_common_write() - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV - fork: unconditionally clear stack on fork - parisc: Enable CONFIG_MLONGCALLS by default - parisc: Define mb() and add memory barriers to assembler unlock sequences - xen/netfront: don't cache skb_shinfo() - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled - root dentries need RCU-delayed freeing - fix mntput/mntput race - fix __legitimize_mnt()/mntput() race - IB/core: Make testing MR flags for writability a static inline function - IB/mlx4: Mark user MR as writable if actual virtual memory is writable - IB/ocrdma: fix out of bounds access to local buffer - ARM: dts: imx6sx: fix irq for pcie bridge - kprobes/x86: Fix %p uses in error messages - x86/irqflags: Provide a declaration for native_save_fl - SAUCE: Sync pgtable_64.h with upstream stable - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 - SAUCE: Sync pgtable-3level.h with upstream stable - SAUCE: Sync pgtable.h with upstream stable - mm: Add vm_insert_pfn_prot() - mm: fix cache mode tracking in vm_insert_mixed() - x86/mm/kmmio: Make the tracer robust against L1TF - x86/init: fix build with CONFIG_SWAP=n - Linux 4.4.148 * Xenial update to 4.4.147 stable release (LP: #1792109) - scsi: qla2xxx: Fix ISP recovery on unload - scsi: qla2xxx: Return error when TMF returns - genirq: Make force irq threading setup more robust - nohz: Fix local_timer_softirq_pending() - netlink: Do not subscribe to non-existent groups - netlink: Don't shift with UB on nlk->ngroups - netlink: Don't shift on 64 for ngroups - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle - ring_buffer: tracing: Inherit the tracing setting to next ring buffer - i2c: imx: Fix reinit_completion() use - Linux 4.4.147 * Xenial update to 4.4.146 stable release (LP: #1791953) - MIPS: Fix off-by-one in pci_resource_to_user() - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST - tracing: Fix double free of event_trigger_data - tracing: Fix possible double free in event_enable_trigger_func() - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure - tracing: Quiet gcc warning about maybe unused link variable - xen/netfront: raise max number of slots in xennet_get_responses() - ALSA: emu10k1: add error handling for snd_ctl_add - ALSA: fm801: add error handling for snd_ctl_add - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo - mm: vmalloc: avoid racy handling of debugobjects in vunmap - mm/slub.c: add __printf verification to slab_err() - rtc: ensure rtc_set_alarm fails when alarms are not supported - netfilter: ipset: List timing out entries with "timeout 1" instead of zero - infiniband: fix a possible use-after-free bug - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() - powerpc/64s: Fix compiler store ordering to SLB shadow area - RDMA/mad: Convert BUG_ONs to error flows - disable loading f2fs module on PAGE_SIZE > 4KB - f2fs: fix to don't trigger writeback during recovery - usbip: usbip_detach: Fix memory, udev context and udev leak - perf/x86/intel/uncore: Correct fixed counter index check in generic code - perf/x86/intel/uncore: Correct fixed counter index check for NHM - iwlwifi: pcie: fix race in Rx buffer allocator - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 - ASoC: dpcm: fix BE dai not hw_free and shutdown - mfd: cros_ec: Fail early if we cannot identify the EC - mwifiex: handle race during mwifiex_usb_disconnect - wlcore: sdio: check for valid platform device data before suspend - media: videobuf2-core: don't call memop 'finish' when queueing - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree - PCI: Prevent sysfs disable of device while driver is attached - ath: Add regulatory mapping for FCC3_ETSIC - ath: Add regulatory mapping for ETSI8_WORLD - ath: Add regulatory mapping for APL13_WORLD - ath: Add regulatory mapping for APL2_FCCA - ath: Add regulatory mapping for Uganda - ath: Add regulatory mapping for Tanzania - ath: Add regulatory mapping for Serbia - ath: Add regulatory mapping for Bermuda - ath: Add regulatory mapping for Bahamas - powerpc/32: Add a missing include header - powerpc/chrp/time: Make some functions static, add missing header include - powerpc/powermac: Add missing prototype for note_bootable_part() - powerpc/powermac: Mark variable x as unused - powerpc/8xx: fix invalid register expression in head_8xx.S - pinctrl: at91-pio4: add missing of_node_put - PCI: pciehp: Request control of native hotplug only if supported - mwifiex: correct histogram data with appropriate index - scsi: ufs: fix exception event handling - ALSA: emu10k1: Rate-limit error messages about page errors - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops - md: fix NULL dereference of mddev->pers in remove_and_add_spares() - media: smiapp: fix timeout checking in smiapp_read_nvm - ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback - HID: hid-plantronics: Re-resend Update to map button for PTT products - drm/radeon: fix mode_valid's return type - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet - HID: i2c-hid: check if device is there before really probing - tty: Fix data race in tty_insert_flip_string_fixed_flag - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() - libata: Fix command retry decision - media: saa7164: Fix driver name in debug output - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages - brcmfmac: Add support for bcm43364 wireless chipset - s390/cpum_sf: Add data entry sizes to sampling trailer entry - perf: fix invalid bit in diagnostic entry - scsi: 3w-9xxx: fix a missing-check bug - scsi: 3w-xxxx: fix a missing-check bug - scsi: megaraid: silence a static checker bug - thermal: exynos: fix setting rising_threshold for Exynos5433 - bpf: fix references to free_bpf_prog_info() in comments - media: siano: get rid of __le32/__le16 cast warnings - drm/atomic: Handling the case when setting old crtc for plane - ALSA: hda/ca0132: fix build failure when a local macro is defined - memory: tegra: Do not handle spurious interrupts - memory: tegra: Apply interrupts mask per SoC - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type - ipconfig: Correctly initialise ic_nameservers - rsi: Fix 'invalid vdd' warning in mmc - audit: allow not equal op for audit by executable - microblaze: Fix simpleImage format generation - usb: hub: Don't wait for connect state at resume for powered-off ports - crypto: authencesn - don't leak pointers to authenc keys - crypto: authenc - don't leak pointers to authenc keys - media: omap3isp: fix unbalanced dma_iommu_mapping - scsi: scsi_dh: replace too broad "TP9" string with the exact models - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs - media: si470x: fix __be16 annotations - drm: Add DP PSR2 sink enable bit - random: mix rdrand with entropy sent in from userspace - squashfs: be more careful about metadata corruption - ext4: fix inline data updates with checksums enabled - ext4: check for allocation block validity with block group locked - dmaengine: pxa_dma: remove duplicate const qualifier - ASoC: pxa: Fix module autoload for platform drivers - ipv4: remove BUG_ON() from fib_compute_spec_dst - net: fix amd-xgbe flow-control issue - net: lan78xx: fix rx handling before first packet is send - xen-netfront: wait xenbus state change when load module manually - NET: stmmac: align DMA stuff to largest cache line length - tcp: do not force quickack when receiving out-of-order packets - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode - tcp: do not aggressively quick ack after ECN events - tcp: refactor tcp_ecn_check_ce to remove sk type cast - tcp: add one more quick ack after after ECN events - inet: frag: enforce memory limits earlier - net: dsa: Do not suspend/resume closed slave_dev - netlink: Fix spectre v1 gadget in netlink_create() - squashfs: more metadata hardening - squashfs: more metadata hardenings - can: ems_usb: Fix memory leak on ems_usb_disconnect() - net: socket: fix potential spectre v1 gadget in socketcall - virtio_balloon: fix another race between migration and ballooning - kvm: x86: vmx: fix vpid leak - crypto: padlock-aes - Fix Nano workaround data corruption - scsi: sg: fix minor memory leak in error path - Linux 4.4.146 * Xenial update to 4.4.145 stable release (LP: #1791942) - MIPS: ath79: fix register address in ath79_ddr_wb_flush() - ip: hash fragments consistently - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper - rtnetlink: add rtnl_link_state check in rtnl_configure_link - tcp: fix dctcp delayed ACK schedule - tcp: helpers to send special DCTCP ack - tcp: do not cancel delay-AcK on DCTCP special ACK - tcp: do not delay ACK in DCTCP upon CE status change - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull - usb: cdc_acm: Add quirk for Castles VEGA3000 - usb: core: handle hub C_PORT_OVER_CURRENT condition - usb: gadget: f_fs: Only return delayed status when len is 0 - driver core: Partially revert "driver core: correct device's shutdown order" - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK - can: xilinx_can: fix recovery from error states not being propagated - can: xilinx_can: fix device dropping off bus on RX overrun - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting - can: xilinx_can: fix incorrect clear of non-processed interrupts - can: xilinx_can: fix RX overflow interrupt not being enabled - turn off -Wattribute-alias - ARM: fix put_user() for gcc-8 - Linux 4.4.145 * kernel panic - null pointer dereference on ipset operations (LP: #1793753) - netfilter: ipset: fix race condition in ipset save, swap and delete - netfilter: ipset: Fix race between dump and swap * Improvements to the kernel source package preparation (LP: #1793461) - [Packaging] startnewrelease: add support for backport kernels * update ENA driver to latest mainline version (LP: #1792044) - net: ena: Remove redundant unlikely() - net: ena: reduce the severity of some printouts - net: ena: fix rare kernel crash when bar memory remap fails - net: ena: fix wrong max Tx/Rx queues on ethtool - net: ena: improve ENA driver boot time. - net: ena: remove legacy suspend suspend/resume support - net: ena: add power management ops to the ENA driver - net: ena: add statistics for missed tx packets - net: ena: add new admin define for future support of IPv6 RSS - net: ena: increase ena driver version to 1.3.0 - net: ena: fix race condition between device reset and link up setup - net: ena: add detection and recovery mechanism for handling missed/misrouted MSI-X - net: ena: increase ena driver version to 1.5.0 - net: ena: fix error handling in ena_down() sequence - net: ena: Eliminate duplicate barriers on weakly-ordered archs - SAUCE: ena: devm_kzalloc() -> devm_kcalloc() - net: ena: Fix use of uninitialized DMA address bits field - net: ena: fix surprise unplug NULL dereference kernel crash - net: ena: fix driver when PAGE_SIZE == 64kB - net: ena: fix device destruction to gracefully free resources - net: ena: fix potential double ena_destroy_device() - net: ena: fix missing lock during device destruction - net: ena: fix missing calls to READ_ONCE - net: ena: fix incorrect usage of memory barriers -- Kleber Sacilotto de Souza Tue, 02 Oct 2018 16:20:12 +0000 linux-kvm (4.4.0-1035.41) xenial; urgency=medium [ Ubuntu: 4.4.0-137.163 ] * CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-17182 - mm: get rid of vmacache_flush_all() entirely -- Stefan Bader Mon, 24 Sep 2018 16:57:13 +0200 linux-kvm (4.4.0-1034.40) xenial; urgency=medium * linux-kvm: 4.4.0-1034.40 -proposed tracker (LP: #1791751) * Xenial update to 4.4.141 stable release (LP: #1790620) - [config] updateconfigs for master changes * please include the kernel module IPIP (LP: #1790605) - kvm: [config] enable CONFIG_NET_IPIP [ Ubuntu: 4.4.0-136.162 ] * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745) * CVE-2017-5753 - bpf: properly enforce index mask to prevent out-of-bounds speculation - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()" - Revert "bpf: prevent speculative execution in eBPF interpreter" * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * Xenial update to 4.4.144 stable release (LP: #1791080) - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - x86/MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically - ARC: Fix CONFIG_SWAP - ARC: mm: allow mprotect to make stack mappings executable - mm: memcg: fix use after free in mem_cgroup_iter() - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - tg3: Add higher cpu clock for 5762. - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - x86/paravirt: Make native_save_fl() extern inline - SAUCE: Add missing CPUID_7_EDX defines - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier() - x86/pti: Mark constant arrays as __initconst - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface - x86/speculation: Clean up various Spectre related details - x86/speculation: Fix up array_index_nospec_mask() asm constraint - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend - x86/mm: Factor out LDT init from context init - x86/mm: Give each mm TLB flush generation a unique ID - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context switch - x86/speculation: Use IBRS if available before calling into firmware - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - selftest/seccomp: Fix the seccomp(2) signature - xen: set cpu capabilities from xen_start_kernel() - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - SAUCE: Preserve SPEC_CTRL MSR in new inlines - SAUCE: Add Knights Mill to NO SSB list - x86/process: Correct and optimize TIF_BLOCKSTEP switch - x86/process: Optimize TIF_NOTSC switch - Revert "x86/cpufeatures: Add FEATURE_ZEN" - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)" - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read - block: do not use interruptible wait anywhere - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 - ubi: Introduce vol_ignored() - ubi: Rework Fastmap attach base code - ubi: Be more paranoid while seaching for the most recent Fastmap - ubi: Fix races around ubi_refill_pools() - ubi: Fix Fastmap's update_vol() - ubi: fastmap: Erase outdated anchor PEBs during attach - Linux 4.4.144 * CVE-2017-5715 (Spectre v2 s390x) - s390: detect etoken facility - s390/lib: use expoline for all bcr instructions - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT * Xenial update to 4.4.143 stable release (LP: #1790884) - compiler, clang: suppress warning for unused static inline functions - compiler, clang: properly override 'inline' for clang - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - x86/asm: Add _ASM_ARG* constants for argument registers to - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent - bcm63xx_enet: correct clock usage - bcm63xx_enet: do not write to random DMA channel on BCM6345 - crypto: crypto4xx - remove bad list_del - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak - atm: zatm: Fix potential Spectre v1 - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() - net: dccp: switch rx_tstamp_last_feedback to monotonic clock - net/mlx5: Fix incorrect raw command length parsing - net: sungem: fix rx checksum support - qed: Limit msix vectors in kdump kernel to the minimum required count. - r8152: napi hangup fix after disconnect - tcp: fix Fast Open key endianness - tcp: prevent bogus FRTO undos with non-SACK flows - vhost_net: validate sock before trying to put its fd - net_sched: blackhole: tell upper qdisc about dropped packets - net/mlx5: Fix command interface race in polling mode - net: cxgb3_main: fix potential Spectre v1 - rtlwifi: rtl8821ae: fix firmware is not ready to run - MIPS: Call dump_stack() from show_regs() - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace() - netfilter: ebtables: reject non-bridge targets - KEYS: DNS: fix parsing multiple options - rds: avoid unenecessary cong_update in loop transport - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL. - Linux 4.4.143 * Xenial update to 4.4.142 stable release (LP: #1790883) - Kbuild: fix # escaping in .cmd files for future Make - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ - Linux 4.4.142 * Xenial update to 4.4.141 stable release (LP: #1790620) - MIPS: Fix ioremap() RAM check - ibmasm: don't write out of bounds in read handler - vmw_balloon: fix inflation with batching - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS - USB: serial: ch341: fix type promotion bug in ch341_control_in() - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick - USB: serial: keyspan_pda: fix modem-status error handling - USB: yurex: fix out-of-bounds uaccess in read handler - USB: serial: mos7840: fix status-register error handling - usb: quirks: add delay quirks for Corsair Strafe - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter - tools build: fix # escaping in .cmd files for future Make - iw_cxgb4: correctly enforce the max reg_mr depth - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpu: Provide a config option to disable static_cpu_has - x86/fpu: Add an XSTATE_OP() macro - x86/fpu: Get rid of xstate_fault() - x86/headers: Don't include asm/processor.h in asm/atomic.h - x86/cpufeature: Replace the old static_cpu_has() with safe variant - x86/cpufeature: Get rid of the non-asm goto variant - x86/alternatives: Add an auxilary section - x86/alternatives: Discard dynamic check after init - x86/vdso: Use static_cpu_has() - x86/boot: Simplify kernel load address alignment check - x86/cpufeature: Speed up cpu_feature_enabled() - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits - x86/cpu: Add detection of AMD RAS Capabilities - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated - x86/cpufeature: Add helper macro for mask check macros - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() - netfilter: nf_queue: augment nfqa_cfg_policy - netfilter: x_tables: initialise match/target check parameter struct - loop: add recursion validation to LOOP_CHANGE_FD - PM / hibernate: Fix oops at snapshot_write() - SAUCE: RDMA/ucm: Blacklist UCM module - loop: remember whether sysfs_create_group() was done - Linux 4.4.141 - [Config] Refresh configs for 4.4.141 * regression with EXT4 file systems and meta_bg flag (LP: #1789653) - ext4: fix false negatives *and* false positives in ext4_check_descriptors() * CVE-2018-15572 - x86/speculation: Protect against userspace-userspace spectreRSB * random oopses on s390 systems using NVMe devices (LP: #1790480) - s390/pci: fix out of bounds access during irq setup * CVE-2018-6555 - SAUCE: irda: Only insert new objects into the global database via setsockopt * CVE-2018-6554 - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket * errors when scanning partition table of corrupted AIX disk (LP: #1787281) - partitions/aix: fix usage of uninitialized lv_info and lvname structures - partitions/aix: append null character to print data from disk -- Kleber Sacilotto de Souza Tue, 11 Sep 2018 18:23:57 +0200 linux-kvm (4.4.0-1033.39) xenial; urgency=medium * linux-kvm: 4.4.0-1033.39 -proposed tracker (LP: #1788771) * zram module not found in 4.4/4.15 KVM kernel (LP: #1766823) - [Config]: enable CONFIG_ZRAM - [Config]: enable CONFIG_ZRAM (continued) [ Ubuntu: 4.4.0-135.161 ] * linux: 4.4.0-135.161 -proposed tracker (LP: #1788766) * [Regression] APM Merlin boards fail to recover link after interface down/up (LP: #1785739) - net: phylib: fix interrupts re-enablement in phy_start - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT * qeth: don't clobber buffer on async TX completion (LP: #1786057) - s390/qeth: don't clobber buffer on async TX completion * nvme: avoid cqe corruption (LP: #1788035) - nvme: avoid cqe corruption when update at the same time as read * CacheFiles: Error: Overlong wait for old active object to go away. (LP: #1776254) - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" * fscache cookie refcount updated incorrectly during fscache object allocation (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache object allocation (LP: #1776277) - fscache: Fix reference overput in fscache_attach_object() error handling * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336) - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race" - fscache: Allow cancelled operations to be enqueued - cachefiles: Fix refcounting bug in backing-file read monitoring * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before walinuxagent.service (LP: #1739107) - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before walinuxagent.service -- Khalid Elmously Mon, 27 Aug 2018 00:14:00 -0400 linux-kvm (4.4.0-1032.38) xenial; urgency=medium * linux-kvm: 4.4.0-1032.38 -proposed tracker (LP: #1787182) * Xenial update to 4.4.136 stable release (LP: #1776177) - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y * DEBUG_WX is not set in Bionic KVM kernel (LP: #1782721) - kvm: [Config] enable CONFIG_DEBUG_WX [ Ubuntu: 4.4.0-134.160 ] * linux: 4.4.0-134.160 -proposed tracker (LP: #1787177) * locking sockets broken due to missing AppArmor socket mediation patches (LP: #1780227) - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets * Backport namespaced fscaps to xenial 4.4 (LP: #1778286) - Introduce v3 namespaced file capabilities - commoncap: move assignment of fs_ns to avoid null pointer dereference - capabilities: fix buffer overread on very short xattr - commoncap: Handle memory allocation failure. * Xenial update to 4.4.140 stable release (LP: #1784409) - usb: cdc_acm: Add quirk for Uniden UBC125 scanner - USB: serial: cp210x: add CESINEL device ids - USB: serial: cp210x: add Silicon Labs IDs for Windows Update - n_tty: Fix stall at n_tty_receive_char_special(). - staging: android: ion: Return an ERR_PTR in ion_map_kernel - n_tty: Access echo_* variables carefully. - x86/boot: Fix early command-line parsing when matching at end - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode - i2c: rcar: fix resume by always initializing registers before transfer - ipv4: Fix error return value in fib_convert_metrics() - kprobes/x86: Do not modify singlestep buffer while resuming - nvme-pci: initialize queue memory before interrupts - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() - ARM: dts: imx6q: Use correct SDMA script for SPI5 core - ubi: fastmap: Correctly handle interrupted erasures in EBA - mm: hugetlb: yield when prepping struct pages - tracing: Fix missing return symbol in function_graph output - scsi: sg: mitigate read/write abuse - s390: Correct register corruption in critical section cleanup - drbd: fix access after free - cifs: Fix infinite loop when using hard mount option - jbd2: don't mark block as modified if the handle is out of credits - ext4: make sure bitmaps and the inode table don't overlap with bg descriptors - ext4: always check block group bounds in ext4_init_block_bitmap() - ext4: only look at the bg_flags field if it is valid - ext4: verify the depth of extent tree in ext4_find_extent() - ext4: include the illegal physical block in the bad map ext4_error msg - ext4: clear i_data in ext4_inode_info when removing inline data - ext4: add more inode number paranoia checks - ext4: add more mount time checks of the superblock - ext4: check superblock mapped prior to committing - HID: i2c-hid: Fix "incomplete report" noise - HID: hiddev: fix potential Spectre v1 - HID: debug: check length before copy_to_user() - x86/mce: Detect local MCEs properly - x86/mce: Fix incorrect "Machine check from unknown source" message - media: cx25840: Use subdev host data for PLL override - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset - dm bufio: avoid sleeping while holding the dm_bufio lock - dm bufio: drop the lock when doing GFP_NOIO allocation - mtd: rawnand: mxc: set spare area size register explicitly - dm bufio: don't take the lock in dm_bufio_shrink_count - mtd: cfi_cmdset_0002: Change definition naming to retry write operation - mtd: cfi_cmdset_0002: Change erase functions to retry for error - mtd: cfi_cmdset_0002: Change erase functions to check chip good only - netfilter: nf_log: don't hold nf_log_mutex during user access - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() - Linux 4.4.140 * Xenial update to 4.4.139 stable release (LP: #1784382) - xfrm6: avoid potential infinite loop in _decode_session6() - netfilter: ebtables: handle string from userspace with care - ipvs: fix buffer overflow with sync daemon and service - atm: zatm: fix memcmp casting - net: qmi_wwan: Add Netgear Aircard 779S - net/sonic: Use dma_mapping_error() - Revert "Btrfs: fix scrub to repair raid6 corruption" - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() - Btrfs: make raid6 rebuild retry more - usb: musb: fix remote wakeup racing with suspend - bonding: re-evaluate force_primary when the primary slave name changes - tcp: verify the checksum of the first data segment in a new connection - ext4: update mtime in ext4_punch_hole even if no blocks are released - ext4: fix fencepost error in check for inode count overflow during resize - driver core: Don't ignore class_dir_create_and_add() failure. - btrfs: scrub: Don't use inode pages for device replace - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() - ALSA: hda: add dock and led support for HP EliteBook 830 G5 - ALSA: hda: add dock and led support for HP ProBook 640 G4 - cpufreq: Fix new policy initialization during limits updates via sysfs - libata: zpodd: make arrays cdb static, reduces object code size - libata: zpodd: small read overflow in eject_tray() - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk - w1: mxc_w1: Enable clock before calling clk_get_rate() on it - x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user - usb: do not reset if a low-speed or full-speed device timed out - 1wire: family module autoload fails because of upper/lower case mismatch. - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it - ASoC: cirrus: i2s: Fix LRCLK configuration - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup - lib/vsprintf: Remove atomic-unsafe support for %pCr - mips: ftrace: fix static function graph tracing - branch-check: fix long->int truncation when profiling branches - ipmi:bt: Set the timeout before doing a capabilities check - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader - fuse: atomic_o_trunc should truncate pagecache - fuse: don't keep dead fuse_conn at fuse_fill_super(). - fuse: fix control dir setup and teardown - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG - powerpc/ptrace: Fix enforcement of DAWR constraints - cpuidle: powernv: Fix promotion from snooze if next state disabled - powerpc/fadump: Unregister fadump on kexec down path. - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size - of: unittest: for strings, account for trailing \0 in property length field - IB/qib: Fix DMA api warning with debug kernel - RDMA/mlx4: Discard unknown SQP work requests - mtd: cfi_cmdset_0002: Change write buffer to check correct value - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume - MIPS: io: Add barrier after register read in inX() - time: Make sure jiffies_to_msecs() preserves non-zero time periods - Btrfs: fix clone vs chattr NODATASUM race - iio:buffer: make length types match kfifo types - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread - linvdimm, pmem: Preserve read-only setting for pmem devices - md: fix two problems with setting the "re-add" device state. - ubi: fastmap: Cancel work upon detach - UBIFS: Fix potential integer overflow in allocation - xfrm: skip policies marked as dead while rehashing - backlight: as3711_bl: Fix Device Tree node lookup - backlight: max8925_bl: Fix Device Tree node lookup - backlight: tps65217_bl: Fix Device Tree node lookup - mfd: intel-lpss: Program REMAP register in PIO mode - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP - perf intel-pt: Fix MTC timing after overflow - perf intel-pt: Fix "Unexpected indirect branch" error - perf intel-pt: Fix packet decoding of CYC packets - media: v4l2-compat-ioctl32: prevent go past max size - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message - video: uvesafb: Fix integer overflow in allocation - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID - xen: Remove unnecessary BUG_ON from __unbind_from_irq() - udf: Detect incorrect directory size - Input: elan_i2c_smbus - fix more potential stack buffer overflows - Input: elantech - enable middle button of touchpads on ThinkPad P52 - Input: elantech - fix V4 report decoding for module with middle key - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 - Btrfs: fix unexpected cow in run_delalloc_nocow - spi: Fix scatterlist elements size in spi_map_buf - block: Fix transfer when chunk sectors exceeds max - dm thin: handle running out of data space vs concurrent discard - cdc_ncm: avoid padding beyond end of skb - Bluetooth: Fix connection if directed advertising and privacy is used - Linux 4.4.139 * Support AverMedia DVD EZMaker 7 USB video capture dongle (LP: #1620762) // Xenial update to 4.4.139 stable release (LP: #1784382) - media: cx231xx: Add support for AverMedia DVD EZMaker 7 * vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci (LP: #1779830) - vfio/pci: Hide broken INTx support from user * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364) - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu25 * Allow multiple mounts of zfs datasets (LP: #1759848) - SAUCE: Allow mounting datasets more than once (LP: #1759848) * CVE-2018-12233 - jfs: Fix inconsistency between memory allocation and ea_buf->max_size * Redpine: Observed kernel panic while running wireless tests in regression mode (LP: #1773410) // Redpine: Observed kernel panic while running soft-ap tests (LP: #1777850) - SAUCE: Redpine: improve cancel_hw_scan handling to fix kernel panic * [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways (LP: #1783241) - SAUCE: (no-up) upgrade IXXAT USB SocketCAN driver * CVE-2018-13094 - xfs: don't call xfs_da_shrink_inode with NULL bp * other users' coredumps can be read via setgid directory and killpriv bypass (LP: #1779923) // CVE-2018-13405 - Fix up non-directory creation in SGID directories * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build (LP: #1782116) - snapcraft.yaml: copy retpoline-extract-one to scripts before build * Enable basic support for Solarflare 8000 series NIC (LP: #1783152) - sfc: make TSO version a per-queue parameter - sfc: Add PCI ID for Solarflare 8000 series 10/40G NIC * Redpine: Observed kernel panic while running wireless regressions tests (LP: #1777858) - SAUCE: Redpine: improve kernel thread handling to fix kernel panic * Xenial update to 4.4.138 stable release (LP: #1777389) - x86: Remove unused function cpu_has_ht_siblings() - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros - x86/fpu: Disable AVX when eagerfpu is off - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off") - x86/fpu: Hard-disable lazy FPU mode - af_key: Always verify length of provided sadb_key - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code - gpio: No NULL owner - Clarify (and fix) MAX_LFS_FILESIZE macros - serial: samsung: fix maxburst parameter for DMA transactions - vmw_balloon: fixing double free when batching mode is off - Input: goodix - add new ACPI id for GPD Win 2 touch screen - crypto: vmx - Remove overly verbose printk from AES init routines - Linux 4.4.138 * Redpine: wifi-ap stopped working after restart (LP: #1773400) - SAUCE: Redpine: fix soft-ap invisible issue * Xenial update to 4.4.137 stable release (LP: #1777063) - tpm: do not suspend/resume if power stays on - tpm: self test failure should not cause suspend to fail - mmap: introduce sane default mmap limits - mmap: relax file size limit for regular files - kconfig: Avoid format overflow warning from GCC 8.1 - xfs: fix incorrect log_flushed on fsync - drm: set FMODE_UNSIGNED_OFFSET for drm files - brcmfmac: Fix check for ISO3166 code - bnx2x: use the right constant - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() - enic: set DMA mask to 47 bit - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds - ipv4: remove warning in ip_recv_error - isdn: eicon: fix a missing-check bug - netdev-FAQ: clarify DaveM's position for stable backports - net/packet: refine check for priv area size - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP - packet: fix reserve calculation - qed: Fix mask for physical address in ILT entry - net/mlx4: Fix irq-unsafe spinlock usage - team: use netdev_features_t instead of u32 - rtnetlink: validate attributes in do_setlink() - net: phy: broadcom: Fix bcm_write_exp() - net: metrics: add proper netlink validation - Linux 4.4.137 * Xenial update to 4.4.136 stable release (LP: #1776177) - arm64: lse: Add early clobbers to some input/output asm operands - powerpc/64s: Clear PCR on boot - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type - sh: New gcc support - xfs: detect agfl count corruption and reset agfl - Input: elan_i2c_smbus - fix corrupted stack - tracing: Fix crash when freeing instances with event triggers - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity - cfg80211: further limit wiphy names to 64 bytes - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c - ASoC: Intel: sst: remove redundant variable dma_dev_name - irda: fix overly long udelay() - tcp: avoid integer overflows in tcp_rcv_space_adjust() - i2c: rcar: make sure clocks are on when doing clock calculation - i2c: rcar: rework hw init - i2c: rcar: remove unused IOERROR state - i2c: rcar: remove spinlock - i2c: rcar: refactor setup of a msg - i2c: rcar: init new messages in irq - i2c: rcar: don't issue stop when HW does it automatically - i2c: rcar: check master irqs before slave irqs - i2c: rcar: revoke START request early - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all() - iio:kfifo_buf: check for uint overflow - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests - scsi: scsi_transport_srp: Fix shost to rport translation - stm class: Use vmalloc for the master map - hwtracing: stm: fix build error on some arches - drm/i915: Disable LVDS on Radiant P845 - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y - fix io_destroy()/aio_complete() race - mm: fix the NULL mapping case in __isolate_lru_page() - sparc64: Fix build warnings with gcc 7. - Linux 4.4.136 * Xenial update to 4.4.135 stable release (LP: #1776158) - Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" - Linux 4.4.135 -- Khalid Elmously Thu, 16 Aug 2018 07:27:02 +0000 linux-kvm (4.4.0-1031.37) xenial; urgency=medium [ Ubuntu: 4.4.0-133.159 ] * CVE-2018-5390 - tcp: avoid collapses in tcp_prune_queue() if possible - tcp: detect malicious patterns in tcp_collapse_ofo_queue() * CVE-2018-5391 - Revert "net: increase fragment memory usage limits" * CVE-2018-3620 // CVE-2018-3646 - KVM: x86: introduce linear_{read,write}_system - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT - x86/speculation/l1tf: Change order of offset/type in swap entry - x86/speculation/l1tf: Protect swap entries against L1TF - x86/mm: Simplify p[g4um]d_page() macros - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation - x86/speculation/l1tf: Make sure the first page is always reserved - SAUCE: x86/cpu: Add Knights Mill/Gemini Lake - x86/speculation/l1tf: Add sysfs reporting for l1tf - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 - x86/smp: Provide topology_is_primary_thread() - x86/topology: Provide topology_smt_supported() - cpu/hotplug: Split do_cpu_down() - x86/topology: Add topology_max_smt_threads() - cpu/hotplug: Provide knobs to control SMT - x86/CPU: Modify detect_extended_topology() to return result - x86/cpu: Remove the pointless CPU printout - x86/cpu/AMD: Remove the pointless detect_ht() call - x86/cpu/common: Provide detect_ht_early() - x86/cpu/topology: Provide detect_extended_topology_early() - x86/cpu/intel: Evaluate smp_num_siblings early - x86/cpu/AMD: Evaluate smp_num_siblings early - x86/apic: Ignore secondary threads if nosmt=force - x86/speculation/l1tf: Extend 64bit swap file size limit - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings - x86/cpufeatures: Add detection of L1D cache flush support. - x86/speculation/l1tf: Protect PAE swap entries against L1TF - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE - Revert "x86/apic: Ignore secondary threads if nosmt=force" - SAUCE: x86/mce: register mce notifier earlier - cpu/hotplug: Boot HT siblings at least once - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present. - x86/KVM/VMX: Add module argument for L1TF mitigation - x86/KVM/VMX: Add L1D flush algorithm - x86/KVM/VMX: Add L1D MSR based flush - x86/KVM/VMX: Add L1D flush logic - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers - x86/KVM/VMX: Add find_msr() helper function - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting. - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required - cpu/hotplug: Online siblings when SMT control is turned on - x86/litf: Introduce vmx status variable - x86/kvm: Drop L1TF MSR list approach - x86/l1tf: Handle EPT disabled state proper - x86/kvm: Move l1tf setup function - x86/kvm: Add static key for flush always - x86/kvm: Serialize L1D flush parameter setter - x86/kvm: Allow runtime control of L1D flush - cpu/hotplug: Expose SMT control init function - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations - Documentation: Add section about CPU vulnerabilities - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content - Documentation/l1tf: Fix typos - cpu/hotplug: detect SMT disabled by BIOS - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d - x86: Don't include linux/irq.h from asm/hardirq.h - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() - Documentation/l1tf: Remove Yonah processors from not vulnerable list - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES - KVM: x86: Add a framework for supporting MSR-based features - KVM: X86: Introduce kvm_get_msr_feature() - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry - cpu/hotplug: Fix SMT supported evaluation - x86/speculation/l1tf: Invert all not present mappings - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers - SAUCE: Add pfn_pud() and pud_mkhuge() - x86/mm/pat: Make set_memory_np() L1TF safe [ Ubuntu: 4.4.0-131.157 ] * linux: 4.4.0-131.157 -proposed tracker (LP: #1779376) * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413) - xen-netfront: Fix mismatched rtnl_unlock - xen-netfront: Update features after registering netdev -- Stefan Bader Fri, 10 Aug 2018 14:31:09 +0200 linux-kvm (4.4.0-1029.34) xenial; urgency=medium * linux-kvm: 4.4.0-1029.34 -proposed tracker (LP: #1776826) [ Ubuntu: 4.4.0-130.156 ] * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822) * CVE-2018-3665 (x86) - x86/fpu: Fix early FPU command-line parsing - x86/fpu: Fix 'no387' regression - x86/fpu: Disable MPX when eagerfpu is off - x86/fpu: Default eagerfpu=on on all CPUs - x86/fpu: Fix FNSAVE usage in eagerfpu mode - x86/fpu: Fix math emulation in eager fpu mode - x86/fpu: Fix eager-FPU handling on legacy FPU machines -- Stefan Bader Thu, 14 Jun 2018 11:22:55 +0200 linux-kvm (4.4.0-1028.33) xenial; urgency=medium * linux-kvm: 4.4.0-1028.33 -proposed tracker (LP: #1776358) [ Ubuntu: 4.4.0-129.155 ] * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352) * Xenial update to 4.4.134 stable release (LP: #1775771) - MIPS: ptrace: Expose FIR register through FP regset - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" - affs_lookup(): close a race with affs_remove_link() - aio: fix io_destroy(2) vs. lookup_ioctx() race - ALSA: timer: Fix pause event notification - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register - libata: Blacklist some Sandisk SSDs for NCQ - libata: blacklist Micron 500IT SSD with MU01 firmware - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent - Revert "ipc/shm: Fix shmat mmap nil-page protection" - ipc/shm: fix shmat() nil address after round-down when remapping - kasan: fix memory hotplug during boot - kernel/sys.c: fix potential Spectre v1 issue - kernel/signal.c: avoid undefined behaviour in kill_something_info - xfs: remove racy hasattr check from attr ops - do d_instantiate/unlock_new_inode combinations safely - firewire-ohci: work around oversized DMA reads on JMicron controllers - NFSv4: always set NFS_LOCK_LOST when a lock is lost. - ALSA: hda - Use IS_REACHABLE() for dependency on input - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account - PCI: Add function 1 DMA alias quirk for Marvell 9128 - tools lib traceevent: Simplify pointer print logic and fix %pF - perf callchain: Fix attr.sample_max_stack setting - tools lib traceevent: Fix get_field_str() for dynamic strings - dm thin: fix documentation relative to low water mark threshold - nfs: Do not convert nfs_idmap_cache_timeout to jiffies - watchdog: sp5100_tco: Fix watchdog disable bit - kconfig: Don't leak main menus during parsing - kconfig: Fix automatic menu creation mem leak - kconfig: Fix expr_free() E_NOT leak - ipmi/powernv: Fix error return code in ipmi_powernv_probe() - Btrfs: set plug for fsync - btrfs: Fix out of bounds access in btrfs_search_slot - Btrfs: fix scrub to repair raid6 corruption - scsi: fas216: fix sense buffer initialization - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes - powerpc/numa: Ensure nodes initialized for hotplug - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure - ntb_transport: Fix bug with max_mw_size parameter - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute - ocfs2: return error when we attempt to access a dirty bh in jbd2 - mm/mempolicy: fix the check of nodemask from user - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages - asm-generic: provide generic_pmdp_establish() - mm: pin address_space before dereferencing it while isolating an LRU page - IB/ipoib: Fix for potential no-carrier state - x86/power: Fix swsusp_arch_resume prototype - firmware: dmi_scan: Fix handling of empty DMI strings - ACPI: processor_perflib: Do not send _PPC change notification if not ready - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS - xen-netfront: Fix race between device setup and open - xen/grant-table: Use put_page instead of free_page - RDS: IB: Fix null pointer issue - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics - proc: fix /proc/*/map_files lookup - cifs: silence compiler warnings showing up with gcc-8.0.0 - bcache: properly set task state in bch_writeback_thread() - bcache: fix for allocator and register thread race - bcache: fix for data collapse after re-attaching an attached device - bcache: return attach error when no cache set exist - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames - locking/qspinlock: Ensure node->count is updated before initialising node - irqchip/gic-v3: Change pr_debug message to pr_devel - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request - scsi: sym53c8xx_2: iterator underflow in sym_getsync() - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() - ARC: Fix malformed ARC_EMUL_UNALIGNED default - usb: gadget: f_uac2: fix bFirstInterface in composite gadget - usb: gadget: fsl_udc_core: fix ep valid checks - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() - selftests: memfd: add config fragment for fuse - scsi: storvsc: Increase cmd_per_lun for higher speed devices - scsi: aacraid: fix shutdown crash when init fails - scsi: qla4xxx: skip error recovery in case of register disconnect. - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt - ARM: OMAP3: Fix prm wake interrupt for resume - ARM: OMAP1: clock: Fix debugfs_create_*() usage - NFC: llcp: Limit size of SDP URI - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 - md raid10: fix NULL deference in handle_write_completed() - drm/exynos: fix comparison to bitshift when dealing with a mask - usb: musb: fix enumeration after resume - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() - md: raid5: avoid string overflow warning - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access - s390/cio: fix return code after missing interrupt - s390/cio: clear timer when terminating driver I/O - ARM: OMAP: Fix dmtimer init for omap1 - smsc75xx: fix smsc75xx_set_features() - regulatory: add NUL to request alpha2 - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations - media: dmxdev: fix error code for invalid ioctls - md/raid1: fix NULL pointer dereference - batman-adv: fix packet checksum in receive path - batman-adv: invalidate checksum on fragment reassembly - netfilter: ebtables: convert BUG_ONs to WARN_ONs - nvme-pci: Fix nvme queue cleanup if IRQ setup fails - clocksource/drivers/fsl_ftm_timer: Fix error return checking - r8152: fix tx packets accounting - virtio-gpu: fix ioctl and expose the fixed status to userspace. - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 - bcache: fix kcrashes with fio in RAID5 backend dev - sit: fix IFLA_MTU ignored on NEWLINK - gianfar: Fix Rx byte accounting for ndev stats - net/tcp/illinois: replace broken algorithm reference link - xen/pirq: fix error path cleanup when binding MSIs - Btrfs: send, fix issuing write op when processing hole in no data mode - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing - watchdog: f71808e_wdt: Fix magic close handling - e1000e: Fix check_for_link return value with autoneg off - e1000e: allocate ring descriptors with dma_zalloc_coherent - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM - scsi: sd: Keep disk read-only when re-reading partition - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). - xen: xenbus: use put_device() instead of kfree() - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM - netfilter: ebtables: fix erroneous reject of last rule - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). - workqueue: use put_device() instead of kfree() - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu - sunvnet: does not support GSO for sctp - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off - batman-adv: fix header size check in batadv_dbg_arp() - vti4: Don't count header length twice on tunnel setup - vti4: Don't override MTU passed on link creation via IFLA_MTU - perf/cgroup: Fix child event counting bug - RDMA/ucma: Correct option size check using optlen - mm/mempolicy.c: avoid use uninitialized preferred_node - selftests: ftrace: Add probe event argument syntax testcase - selftests: ftrace: Add a testcase for string type with kprobe_event - selftests: ftrace: Add a testcase for probepoint - batman-adv: fix multicast-via-unicast transmission with AP isolation - batman-adv: fix packet loss for broadcasted DHCP packets to a server - ARM: 8748/1: mm: Define vdso_start, vdso_end as array - net: qmi_wwan: add BroadMobi BM806U 2020:2033 - net/usb/qmi_wwan.c: Add USB id for lt4120 modem - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 - llc: properly handle dev_queue_xmit() return value - mm/kmemleak.c: wait for scan completion before disabling free - net: Fix untag for vlan packets without ethernet header - net: mvneta: fix enable of all initialized RXQs - sh: fix debug trap failure to process signals before return to user - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table - swap: divide-by-zero when zero length swap file on ssd - sr: get/drop reference to device in revalidate and check_events - Force log to disk before reading the AGF during a fstrim - cpufreq: CPPC: Initialize shared perf capabilities of CPUs - scsi: aacraid: Insure command thread is not recursively stopped - dp83640: Ensure against premature access to PHY registers after reset - mm/ksm: fix interaction with THP - mm: fix races between address_space dereference and free in page_evicatable - Btrfs: bail out on error during replay_dir_deletes - Btrfs: fix NULL pointer dereference in log_dir_items - btrfs: Fix possible softlock on single core machines - ocfs2/dlm: don't handle migrate lockres if already in shutdown - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning - KVM: VMX: raise internal error for exception during invalid protected mode state - fscache: Fix hanging wait on page discarded by writeback - sparc64: Make atomic_xchg() an inline function rather than a macro. - rtc: snvs: Fix usage of snvs_rtc_enable - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB - btrfs: tests/qgroup: Fix wrong tree backref level - Btrfs: fix copy_items() return value when logging an inode - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers - xen/acpi: off by one in read_acpi_id() - ACPI: acpi_pad: Fix memory leak in power saving threads - powerpc/mpic: Check if cpu_possible() in mpic_physmask() - m68k: set dma and coherent masks for platform FEC ethernets - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode - hwmon: (nct6775) Fix writing pwmX_mode - rtc: hctosys: Ensure system time doesn't overflow time_t - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer - powerpc/perf: Fix kernel address leak via sampling registers - tools/thermal: tmon: fix for segfault - selftests: Print the test we're running to /dev/kmsg - net/mlx5: Protect from command bit overflow - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) - ima: Fix Kconfig to select TPM 2.0 CRB interface - [Config] CONFIG_TCG_CRB=y - ima: Fallback to the builtin hash algorithm - arm: dts: socfpga: fix GIC PPI warning - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path - clk: Don't show the incorrect clock phase - zorro: Set up z->dev.dma_mask for the DMA API - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set - ACPICA: Events: add a return on failure from acpi_hw_register_read - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c - i2c: mv64xxx: Apply errata delay only in standard mode - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use - xhci: zero usb device slot_id member when disabling and freeing a xhci slot - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset - PCI: Restore config space on runtime resume despite being unbound - ipmi_ssif: Fix kernel panic at msg_done_handler - usb: dwc2: Fix interval type issue - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS - usb: gadget: ffs: Execute copy_to_user() with USER_DS set - powerpc: Add missing prototype for arch_irq_work_raise() - ASoC: topology: create TLV data for dapm widgets - perf/core: Fix perf_output_read_group() - hwmon: (pmbus/max8688) Accept negative page register values - hwmon: (pmbus/adm1275) Accept negative page register values - cdrom: do not call check_disk_change() inside cdrom_open() - gfs2: Fix fallocate chunk size - usb: gadget: udc: change comparison to bitshift when dealing with a mask - usb: gadget: composite: fix incorrect handling of OS desc requests - x86/devicetree: Initialize device tree before using it - x86/devicetree: Fix device IRQ settings in DT - ALSA: vmaster: Propagate slave error - media: cx23885: Override 888 ImpactVCBe crystal frequency - media: cx23885: Set subdev host data to clk_freq pointer - media: s3c-camif: fix out-of-bounds array access - dmaengine: pl330: fix a race condition in case of threaded irqs - media: em28xx: USB bulk packet size fix - clk: rockchip: Prevent calculating mmc phase if clock rate is zero - enic: enable rq before updating rq descriptors - hwrng: stm32 - add reset during probe - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr - rtc: tx4939: avoid unintended sign extension on a 24 bit shift - serial: xuartps: Fix out-of-bounds access through DT alias - serial: samsung: Fix out-of-bounds access through serial port index - serial: mxs-auart: Fix out-of-bounds access through serial port index - serial: imx: Fix out-of-bounds access through serial port index - serial: fsl_lpuart: Fix out-of-bounds access through DT alias - serial: arc_uart: Fix out-of-bounds access through DT alias - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 - udf: Provide saner default for invalid uid / gid - media: cx25821: prevent out-of-bounds read on array card - clk: samsung: s3c2410: Fix PLL rates - clk: samsung: exynos5260: Fix PLL rates - clk: samsung: exynos5433: Fix PLL rates - clk: samsung: exynos5250: Fix PLL rates - clk: samsung: exynos3250: Fix PLL rates - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss - audit: return on memory error to avoid null pointer dereference - MIPS: Octeon: Fix logging messages with spurious periods after newlines - drm/rockchip: Respect page offset for PRIME mmap calls - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified - perf tests: Use arch__compare_symbol_names to compare symbols - perf report: Fix memory corruption in --branch-history mode --branch-history - selftests/net: fixes psock_fanout eBPF test case - netlabel: If PF_INET6, check sk_buff ip header version - scsi: lpfc: Fix issue_lip if link is disabled - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing - scsi: lpfc: Fix frequency of Release WQE CQEs - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined - Bluetooth: btusb: Add device ID for RTL8822BE - kdb: make "mdr" command repeat - s390/ftrace: use expoline for indirect branches - Linux 4.4.134 * Support SocketCAN over USB on Dell IoT 300x Gateways (LP: #1774563) - [Config] CONFIG_CAN_HMS_USB=m - SAUCE: (no-up) Support IXXAT USB SocketCAN device - i386/amd64 -- Add new module ixx_usb * Ubuntu 16.04 (4.4.0-127) hangs on boot with virtio-scsi MQ enabled (LP: #1775235) - SAUCE: (no-up) virtio-scsi: Increment reqs counter. * register on binfmt_misc may overflow and crash the system (LP: #1775856) - fs/binfmt_misc.c: do not allow offset overflow * The kernel NULL pointer dereference happens when accessing the task_struct by task_cpu() in function cpuacct_charge() (LP: #1775326) - sched/cpuacct: Simplify the cpuacct code * Xenial update to 4.4.133 stable release (LP: #1775477) - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() - bridge: check iface upper dev when setting master via ioctl - dccp: fix tasklet usage - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg - llc: better deal with too small mtu - net: ethernet: sun: niu set correct packet size in skb - net/mlx4_en: Verify coalescing parameters are in range - net_sched: fq: take care of throttled flows before reuse - net: support compat 64-bit time in {s,g}etsockopt - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found - qmi_wwan: do not steal interfaces from class drivers - r8169: fix powering up RTL8168h - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). - bonding: do not allow rlb updates to invalid mac - tcp: ignore Fast Open on repair mode - sctp: fix the issue that the cookie-ack with auth can't get processed - sctp: delay the authentication for the duplicated cookie-echo chunk - ALSA: timer: Call notifier in the same spinlock - audit: move calcs after alloc and check when logging set loginuid - arm64: introduce mov_q macro to move a constant into a 64-bit register - [Config] Add CONFIG_ARM64_ERRATUM_1024718=y - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 - futex: Remove unnecessary warning from get_futex_key - futex: Remove duplicated code and fix undefined behaviour - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) - lockd: lost rollback of set_grace_period() in lockd_down_net() - Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" - l2tp: revert "l2tp: fix missing print session offset info" - pipe: cap initial pipe capacity according to pipe-max-size limit - futex: futex_wake_op, fix sign_extend32 sign bits - kernel/exit.c: avoid undefined behaviour when calling wait4() - usbip: usbip_host: refine probe and disconnect debug msgs to be useful - usbip: usbip_host: delete device from busid_table after rebind - usbip: usbip_host: run rebind from exit when module is removed - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors - usbip: usbip_host: fix bad unlock balance during stub_probe() - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist - ALSA: control: fix a redundant-copy issue - spi: pxa2xx: Allow 64-bit DMA - powerpc/powernv: panic() on OPAL < V3 - powerpc/powernv: Remove OPALv2 firmware define and references - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL - cpuidle: coupled: remove unused define cpuidle_coupled_lock - powerpc: Don't preempt_disable() in show_cpuinfo() - vmscan: do not force-scan file lru if its absolute size is small - mm: filemap: remove redundant code in do_read_cache_page - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read - signals: avoid unnecessary taking of sighand->siglock - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} - proc read mm's {arg,env}_{start,end} with mmap semaphore taken. - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing - mm: don't allow deferred pages with NEED_PER_CPU_KM - s390/qdio: fix access to uninitialized qdio_q fields - s390/qdio: don't release memory in qdio_setup_irq() - s390: remove indirect branch from do_softirq_own_stack - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr - tick/broadcast: Use for_each_cpu() specially on UP kernels - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions - Btrfs: fix xattr loss after power failure - btrfs: fix crash when trying to resume balance without the resume flag - btrfs: fix reading stale metadata blocks after degraded raid1 mounts - net: test tailroom before appending to linear skb - packet: in packet_snd start writing at link layer allocation - sock_diag: fix use-after-free read in __sk_free - tcp: purge write queue in tcp_connect_init() - ext2: fix a block leak - s390: add assembler macros for CPU alternatives - s390: move expoline assembler macros to a header - s390/lib: use expoline for indirect branches - s390/kernel: use expoline for indirect branches - s390: move spectre sysfs attribute code - s390: extend expoline to BC instructions - s390: use expoline thunks in the BPF JIT - scsi: libsas: defer ata device eh commands to libata - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() - scsi: zfcp: fix infinite iteration on ERP ready list - dmaengine: ensure dmaengine helpers check valid callback - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting - gpio: rcar: Add Runtime PM handling for interrupts - cfg80211: limit wiphy names to 128 bytes - hfsplus: stop workqueue when fill_super() failed - x86/kexec: Avoid double free_page() upon do_kexec_load() failure - Linux 4.4.133 * vmxnet3: update to latest ToT (LP: #1768143) - vmxnet3: avoid xmit reset due to a race in vmxnet3 - vmxnet3: use correct flag to indicate LRO feature - vmxnet3: fix incorrect dereference when rxvlan is disabled * Prevent speculation on user controlled pointer (LP: #1775137) - x86: reorganize SMAP handling in user space accesses - x86: fix SMAP in 32-bit environments - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec * Xenial update to 4.4.132 stable release (LP: #1774173) - perf/core: Fix the perf_cpu_time_max_percent check - bpf: map_get_next_key to return first key on NULL - percpu: include linux/sched.h for cond_resched() - mac80211: allow not sending MIC up from driver for HW crypto - mac80211: allow same PN for AMSDU sub-frames - mac80211: Add RX flag to indicate ICV stripped - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode - ath10k: rebuild crypto header in rx data frames - gpmi-nand: Handle ECC Errors in erased pages - USB: serial: option: Add support for Quectel EP06 - ALSA: pcm: Check PCM state at xfern compat ioctl - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() - ALSA: aloop: Mark paused device as inactive - ALSA: aloop: Add missing cable lock to ctl API callbacks - tracepoint: Do not warn on ENOMEM - Input: leds - fix out of bound access - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro - xfs: prevent creating negative-sized file via INSERT_RANGE - RDMA/ucma: Allow resolving address w/o specifying source address - RDMA/mlx5: Protect from shift operand overflow - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 - IB/mlx5: Use unlimited rate when static rate is not supported - drm/vmwgfx: Fix a buffer object leak - test_firmware: fix setting old custom fw path back on exit, second try - USB: serial: visor: handle potential invalid device configuration - USB: Accept bulk endpoints with 1024-byte maxpacket - USB: serial: option: reimplement interface masking - USB: serial: option: adding support for ublox R410M - usb: musb: host: fix potential NULL pointer dereference - ipvs: fix rtnl_lock lockups caused by start_sync_thread - crypto: af_alg - fix possible uninit-value in alg_bind() - netlink: fix uninit-value in netlink_sendmsg - net: fix rtnh_ok() - net: initialize skb->peeked when cloning - net: fix uninit-value in __hw_addr_add_ex() - dccp: initialize ireq->ir_mark - soreuseport: initialise timewait reuseport field - perf: Remove superfluous allocation error check - tcp: fix TCP_REPAIR_QUEUE bound checking - bdi: Fix oops in wb_workfn() - f2fs: fix a dead loop in f2fs_fiemap() - xfrm_user: fix return value from xfrm_user_rcv_msg - rfkill: gpio: fix memory leak in probe error path - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs - tracing: Fix regex_match_front() to not over compare the test string - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() - net: atm: Fix potential Spectre v1 - atm: zatm: Fix potential Spectre v1 - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" - tracing/uprobe_event: Fix strncpy corner case - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() - Linux 4.4.132 * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181) - Documentation: Document array_index_nospec - array_index_nospec: Sanitize speculative array de-references - x86: Implement array_index_mask_nospec - x86: Introduce barrier_nospec - x86/get_user: Use pointer masking to limit speculation - x86/syscall: Sanitize syscall table de-references under speculation - vfs, fdtable: Prevent bounds-check bypass via speculative execution - nl80211: Sanitize array index in parse_txq_params - x86/spectre: Report get_user mitigation for spectre_v1 - x86/kvm: Update spectre-v1 mitigation - nospec: Allow index argument to have const-qualified type - x86/syscall: Sanitize syscall table de-references under speculation fix - mpls, nospec: Sanitize array index in mpls_label_ok() - nospec: Include dependency - nospec: Move array_index_nospec() parameter checking into separate macro - nospec: Kill array_index_nospec_mask_check() - ALSA: seq: oss: Hardening for potential Spectre v1 - ALSA: hda: Hardening for potential Spectre v1 - SAUCE: Replace osb() calls with array_index_nospec() - SAUCE: Rename osb() to barrier_nospec() - SAUCE: bpf: Use barrier_nospec() instead of osb() * CVE-2018-3639 (x86) - KVM: x86: remove magic number with enum cpuid_leafs - SAUCE: x86/cpufeatures: Move CPUID_7_EDX CPUID bits to word 18 - SAUCE: x86: Remove double include - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto - SAUCE: x86/speculation: Query individual feature flags when reloading microcode * cpum_sf: ensure sample freq is non-zero (LP: #1772593) - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero * ELANPAD ELAN0612 does not work, patch available (LP: #1773509) - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336) - SAUCE: CacheFiles: fix a read_waiter/read_copier race * Kernel 4.4 NBD size overflow with image size exceeding 1TB (LP: #1772575) - nbd: use loff_t for blocksize and nbd_set_size args - nbd: fix 64-bit division * 4.4.0-127.153 generates many "sit: non-ECT" messages (LP: #1772775) - Revert "sit: reload iphdr in ipip6_rcv" * Creation of IMA file hashes fails when appraisal is enabled (LP: #1771826) - Revert "ima: limit file hash setting by user to fix and log modes" * Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN tunnels (LP: #1771301) - vxlan: correctly handle ipv6.disable module parameter * CVE-2018-7755 - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl * Support UVC1.5 Camera for Xenial (LP: #1773905) - uvcvideo: Enable UVC 1.5 device detection * Kernel produces empty lines in /proc/PID/status (LP: #1772671) - SAUCE: seccomp: Remove double newline sequence in /proc/PID/status * rfi-flush: Switch to new linear fallback flush (LP: #1744173) - powerpc/64s: Improve RFI L1-D cache flush fallback - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again -- Khalid Elmously Wed, 13 Jun 2018 00:20:06 -0400 linux-kvm (4.4.0-1027.32) xenial; urgency=medium * linux-kvm: 4.4.0-1027.32 -proposed tracker (LP: #1772964) * Xenial update to 4.4.129 stable release (LP: #1768429) - [Config] Remove ARCH_HWEIGHT_CFLAGS * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15 kvm kernel (LP: #1766832) - kvm: [config] enable CONFIG_MODULE_UNLOAD * test_072_config_debug_set_module_ronx in kernel security test failed with 4.4 X-kvm (LP: #1760646) - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed with 4.4/4.15 kvm (LP: #1760656) - kvm: [config] enable BPF_SYSCALL * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15 kvm (LP: #1760653) - kvm: [config] enable ipsec configs * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15 kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed with 4.4/4.15 kvm (LP: #1760649) - kvm: [config] enable DEVMEM * test_076_config_security_acl_ext4 in kernel security test failed with 4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel security test failed with 4.4/4.15 kvm (LP: #1760657) - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems * test_074_config_security_default_mmap_min_addr in kernel security test failed with 4.4/4.15 kvm (LP: #1760650) - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536 * test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm (LP: #1760643) - [Config] enable CONFIG_DEBUG_RODATA [ Ubuntu: 4.4.0-128.154 ] * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960) * CVE-2018-3639 (x86) - x86/cpu: Make alternative_msr_write work for 32-bit code - x86/bugs: Fix the parameters alignment and missing void - KVM: SVM: Move spec control call after restore of GS - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS - x86/cpufeatures: Disentangle SSBD enumeration - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/cpufeatures: Add FEATURE_ZEN - x86/speculation: Handle HT correctly on AMD - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL - x86/speculation: Add virtualized speculative store bypass disable support - x86/speculation: Rework speculative_store_bypass_update() - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} - x86/bugs: Expose x86_spec_ctrl_base directly - x86/bugs: Remove x86_spec_ctrl_set() - x86/bugs: Rework spec_ctrl base and mask logic - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD - x86/bugs: Rename SSBD_NO to SSB_NO - KVM: VMX: Expose SSBD properly to guests. * [i915_bpo] Fix flickering issue after panel change (LP: #1770565) - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL - drm/i915: Name the "iboost bit" - drm/i915: Program iboost settings for HDMI/DVI on SKL - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable() for HDMI - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart - drm/i915: Get the iboost setting based on the port type - drm/i915: Simplify intel_ddi_get_encoder_port() - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 - drm/i915: KBL - Recommended buffer translation programming for DisplayPort - drm/i915: Ignore OpRegion panel type except on select machines * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696) - init: fix false positives in W+X checking * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674) - SAUCE: (no-up) s390: fix rwlock implementation * linux < 4.11: unable to use netfilter logging from non-init namespaces (LP: #1766573) - netfilter: allow logging from non-init namespaces * [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04 guest (LP: #1771439) - powerpc: signals: Discard transaction state from signal frames * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345) - ath10k: update the IRAM bank number for QCA9377 * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel 4.4.0-116-generic (LP: #1752536) - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC * Xenial update to 4.4.131 stable release (LP: #1768825) - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS - ext4: set h_journal if there is a failure starting a reserved handle - ext4: add validity checks for bitmap block numbers - ext4: fix bitmap position validation - usbip: usbip_host: fix to hold parent lock for device_attach() calls - usbip: vhci_hcd: Fix usb device and sockfd leaks - USB: serial: simple: add libtransistor console - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster - USB: serial: cp210x: add ID for NI USB serial console - usb: core: Add quirk for HP v222w 16GB Mini - USB: Increment wakeup count on remote wakeup. - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio - virtio: add ability to iterate over vqs - virtio_console: free buffers after reset - drm/virtio: fix vq wait_event condition - tty: Don't call panic() at tty_ldisc_init() - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set - tty: Use __GFP_NOFAIL for tty_ldisc_get() - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device - ALSA: hda/realtek - Add some fixes for ALC233 - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. - kobject: don't use WARN for registration failures - scsi: sd: Defer spinning up drive while SANITIZE is in progress - ARM: amba: Make driver_override output consistent with other buses - ARM: amba: Fix race condition with driver_override - ARM: amba: Don't read past the end of sysfs "driver_override" buffer - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio - libceph: validate con->state at the top of try_write() - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds - x86/smpboot: Don't use mwait_play_dead() on AMD systems - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init - serial: mctrl_gpio: Add missing module license - Linux 4.4.131 * Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 // CVE-2017-5753 - SAUCE: s390: print messages for gmb and nobp * Xenial update to 4.4.130 stable release (LP: #1768474) - cifs: do not allow creating sockets except with SMB1 posix exensions - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() - perf: Return proper values for user stack errors - staging: ion : Donnot wakeup kswapd in ion system alloc - r8152: add Linksys USB3GIGV1 id - Input: drv260x - fix initializing overdrive voltage - ath9k_hw: check if the chip failed to wake up - jbd2: fix use after free in kjournald2() - Revert "ath10k: send (re)assoc peer command when NSS changed" - Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp" - Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and nobp" - Revert "s390: add ppa to kernel entry / exit" - Revert "s390: introduce CPU alternatives" - s390: introduce CPU alternatives - s390: enable CPU alternatives unconditionally - s390/alternative: use a copy of the facility bit mask - s390: add options to change branch prediction behaviour for the kernel - s390: scrub registers on kernel entry and KVM exit - s390: add optimized array_index_mask_nospec - s390: run user space and KVM guests with modified branch prediction - s390: introduce execute-trampolines for branches - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) - s390: do not bypass BPENTER for interrupt system calls - s390/entry.S: fix spurious zeroing of r0 - s390: move nobp parameter functions to nospec-branch.c - s390: add automatic detection of the spectre defense - [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y - s390: report spectre mitigation via syslog - s390: add sysfs attributes for spectre - s390: correct nospec auto detection init order - s390: correct module section names for expoline code revert - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave - KEYS: DNS: limit the length of option strings - l2tp: check sockaddr length in pppol2tp_connect() - net: validate attribute sizes in neigh_dump_table() - llc: delete timers synchronously in llc_sk_free() - tcp: don't read out-of-bounds opsize - team: avoid adding twice the same option to the event list - team: fix netconsole setup over team - packet: fix bitfield update race - pppoe: check sockaddr length in pppoe_connect() - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi - sctp: do not check port in sctp_inet6_cmp_addr - llc: hold llc_sap before release_sock() - llc: fix NULL pointer deref for SOCK_ZAPPED - tipc: add policy for TIPC_NLA_NET_ADDR - net: fix deadlock while clearing neighbor proxy table - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets - net: af_packet: fix race in PACKET_{R|T}X_RING - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy - scsi: mptsas: Disable WRITE SAME - cdrom: information leak in cdrom_ioctl_media_changed() - s390/cio: update chpid descriptor after resource accessibility event - s390/uprobes: implement arch_uretprobe_is_alive() - Linux 4.4.130 - SAUCE: s390: Add 'nogmb' kernel parameter * Xenial update to 4.4.129 stable release (LP: #1768429) - media: v4l2-compat-ioctl32: don't oops on overlay - parisc: Fix out of array access in match_pci_device() - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly - perf intel-pt: Fix sync_switch - perf intel-pt: Fix error recovery from missing TIP packet - perf intel-pt: Fix timestamp following overflow - radeon: hide pointless #warning when compile testing - block/loop: fix deadlock after loop_set_status - s390/qdio: don't retry EQBS after CCQ 96 - s390/qdio: don't merge ERROR output buffers - s390/ipl: ensure loadparm valid flag is set - getname_kernel() needs to make sure that ->name != ->iname in long case - rtl8187: Fix NULL pointer dereference in priv->conf_mutex - hwmon: (ina2xx) Fix access to uninitialized mutex - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN - slip: Check if rstate is initialized before uncompressing - lan78xx: Correctly indicate invalid OTP - x86/hweight: Get rid of the special calling convention - [Config] Remove ARCH_HWEIGHT_CFLAGS - x86/hweight: Don't clobber %rdi - tty: make n_tty_read() always abort if hangup is in progress - ubifs: Check ubifs_wbuf_sync() return code - ubi: fastmap: Don't flush fastmap work on detach - ubi: Fix error for write access - ubi: Reject MLC NAND - fs/reiserfs/journal.c: add missing resierfs_warning() arg - resource: fix integer overflow at reallocation - ipc/shm: fix use-after-free of shm file via remap_file_pages() - mm, slab: reschedule cache_reap() on the same CPU - usb: musb: gadget: misplaced out of bounds check - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property - ARM: dts: at91: sama5d4: fix pinctrl compatible string - xen-netfront: Fix hang on device removal - regmap: Fix reversed bounds check in regmap_raw_write() - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw - usb: dwc3: pci: Properly cleanup resource - HID: i2c-hid: fix size check and type usage - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops - HID: Fix hid_report_len usage - HID: core: Fix size as type u32 - ASoC: ssm2602: Replace reg_default_raw with reg_default - thunderbolt: Resume control channel after hibernation image is created - random: use a tighter cap in credit_entropy_bits_safe() - jbd2: if the journal is aborted then don't allow update of the log tail - ext4: don't update checksum of new initialized bitmaps - ext4: fail ext4_iget for root directory if unallocated - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device - ALSA: pcm: Fix UAF at PCM release via PCM timer access - IB/srp: Fix srp_abort() - IB/srp: Fix completion vector assignment algorithm - dmaengine: at_xdmac: fix rare residue corruption - um: Use POSIX ucontext_t instead of struct ucontext - iommu/vt-d: Fix a potential memory leak - mmc: jz4740: Fix race condition in IRQ mask update - clk: mvebu: armada-38x: add support for 1866MHz variants - clk: mvebu: armada-38x: add support for missing clocks - clk: bcm2835: De-assert/assert PLL reset signal when appropriate - thermal: imx: Fix race condition in imx_thermal_probe() - watchdog: f71808e_wdt: Fix WD_EN register read - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation - ALSA: pcm: Avoid potential races between OSS ioctls and read/write - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation - vfio-pci: Virtualize PCIe & AF FLR - vfio/pci: Virtualize Maximum Payload Size - vfio/pci: Virtualize Maximum Read Request Size - ext4: don't allow r/w mounts if metadata blocks overlap the superblock - drm/radeon: Fix PCIe lane width calculation - ext4: fix crashes in dioread_nolock mode - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() - ALSA: line6: Use correct endpoint type for midi output - ALSA: rawmidi: Fix missing input substream checks in compat ioctls - ALSA: hda - New VIA controller suppor no-snoop path - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device - MIPS: uaccess: Add micromips clobbers to bzero invocation - MIPS: memset.S: EVA & fault support for small_memset - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup - MIPS: memset.S: Fix clobber of v1 in last_fixup - powerpc/eeh: Fix enabling bridge MMIO windows - powerpc/lib: Fix off-by-one in alternate feature patching - jffs2_kill_sb(): deal with failed allocations - hypfs_kill_super(): deal with failed allocations - rpc_pipefs: fix double-dput() - Don't leak MNT_INTERNAL away from internal mounts - autofs: mount point create should honour passed in mode - mm: allow GFP_{FS,IO} for page_cache_read page cache allocation - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() - ext4: bugfix for mmaped pages in mpage_release_unused_pages() - fanotify: fix logic of events on child - writeback: safer lock nesting - Linux 4.4.129 * CVE-2018-8087 - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in DELL XPS 13 9370 with firmware 1.50 (LP: #1763748) - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device * [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671) - Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer" - Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer" - mwifiex: cfg80211: do not change virtual interface during scan processing * user space process hung in 'D' state waiting for disk io to complete (LP: #1750038) - NFS: Use GFP_NOIO for two allocations in writeback * Acer Swift sf314-52 power button not managed (LP: #1766054) - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode -- Khalid Elmously Fri, 25 May 2018 16:30:58 -0400 linux-kvm (4.4.0-1026.31) xenial; urgency=medium * Xenial update to 4.4.118 stable release (LP: #1756866) - kvm: [config] Add CONFIG_DST_CACHE=y * getlogin will fail to open /proc/self/loginuid (LP: #1770245) - Config: Enable CONFIG_AUDITSYSCALL [ Ubuntu: 4.4.0-127.153 ] * CVE-2018-3639 (powerpc) - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Set or clear security feature flags - powerpc/64s: Move cpu_show_meltdown() - powerpc/64s: Enhance the information in cpu_show_meltdown() - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/64s: Wire up cpu_show_spectre_v1() - powerpc/64s: Wire up cpu_show_spectre_v2() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Clean up IBPB and IBRS control functions and macros - SAUCE: Fix up IBPB and IBRS kernel parameters documentation - SAUCE: Remove #define X86_FEATURE_PTI - x86/cpufeature: Move some of the scattered feature bits to x86_capability - x86/cpufeature: Cleanup get_cpu_cap() - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf - x86/cpufeatures: Add Intel feature bits for Speculation Control - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf - x86/cpufeatures: Add AMD feature bits for Speculation Control - x86/msr: Add definitions for new speculation control MSRs - SAUCE: x86/msr: Rename MSR spec control feature bits - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - x86/speculation: Add dependency - x86/cpufeatures: Clean up Spectre v2 related CPUID flags - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code - SAUCE: x86: Add alternative_msr_write - SAUCE: x86/nospec: Simplify alternative_msr_write() - SAUCE: x86/bugs: Concentrate bug detection into a separate function - SAUCE: x86/bugs: Concentrate bug reporting into a separate function - arch: Introduce post-init read-only memory - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell - SAUCE: prctl: Add speculation control prctls - x86/process: Optimize TIF checks in __switch_to_xtra() - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation - SAUCE: nospec: Allow getting/setting on non-current task - SAUCE: proc: Provide details on speculation flaw mitigations - SAUCE: seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - SAUCE: x86/bugs: Make boot modes __ro_after_init - SAUCE: prctl: Add force disable speculation - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation - SAUCE: seccomp: Move speculation migitation control to arch code - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - SAUCE: x86/bugs: Rename _RDS to _SSBD - SAUCE: proc: Use underscores for SSBD in 'status' - SAUCE: Documentation/spec_ctrl: Do some minor cleanups - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type - SAUCE: x86/bugs: Make cpu_show_common() static - x86/entry: define _TIF_ALLWORK_MASK flags explicitly - Revert "x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes" - SAUCE: kvm/cpuid: Fix CPUID_7_0.EDX handling -- Juerg Haefliger Sun, 20 May 2018 16:19:04 +0200 linux-kvm (4.4.0-1024.29) xenial; urgency=medium * linux-kvm: 4.4.0-1024.29 -proposed tracker (LP: #1770019) [ Ubuntu: 4.4.0-125.150 ] * linux: 4.4.0-125.150 -proposed tracker (LP: #1770011) * Unable to insert test_bpf module on Xenial (LP: #1765698) - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches * virtio_scsi race can corrupt memory, panic kernel (LP: #1765241) - SAUCE: (no-up) virtio-scsi: Fix race in target free * bpf_map_lookup_elem: BUG: unable to handle kernel paging request (LP: #1763454) // CVE-2017-17862 - SAUCE: Add missing hunks from "bpf: fix branch pruning logic" * Xenial: rfkill: fix missing return on rfkill_init (LP: #1764810) - rfkill: fix missing return on rfkill_init * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534) - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS * Xenial update to 4.4.128 stable release (LP: #1765010) - cfg80211: make RATE_INFO_BW_20 the default - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock - rtc: snvs: fix an incorrect check of return value - x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION - IB/srpt: Fix abort handling - af_key: Fix slab-out-of-bounds in pfkey_compile_policy. - mac80211: bail out from prep_connection() if a reconfig is ongoing - bna: Avoid reading past end of buffer - qlge: Avoid reading past end of buffer - ipmi_ssif: unlock on allocation failure - net: cdc_ncm: Fix TX zero padding - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control - lockd: fix lockd shutdown race - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() - s390: move _text symbol to address higher than zero - net/mlx4_en: Avoid adding steering rules with invalid ring - NFSv4.1: Work around a Linux server bug... - CIFS: silence lockdep splat in cifs_relock_file() - net: qca_spi: Fix alignment issues in rx path - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd - Input: elan_i2c - check if device is there before really probing - Input: elantech - force relative mode on a certain module - KVM: PPC: Book3S PR: Check copy_to/from_user return values - vmxnet3: ensure that adapter is in proper state during force_close - SMB2: Fix share type handling - bus: brcmstb_gisb: Use register offsets with writes too - bus: brcmstb_gisb: correct support for 64-bit address output - PowerCap: Fix an error code in powercap_register_zone() - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning - x86/tsc: Provide 'tsc=unstable' boot parameter - ARM: dts: imx6qdl-wandboard: Fix audio channel swap - ipv6: avoid dad-failures for addresses with NODAD - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() - usb: dwc3: keystone: check return value - btrfs: fix incorrect error return ret being passed to mapping_set_error - ata: libahci: properly propagate return value of platform_get_irq() - neighbour: update neigh timestamps iff update is effective - arp: honour gratuitous ARP _replies_ - usb: chipidea: properly handle host or gadget initialization failure - USB: ene_usb6250: fix first command execution - net: x25: fix one potential use-after-free issue - USB: ene_usb6250: fix SCSI residue overwriting - serial: 8250: omap: Disable DMA for console UART - serial: sh-sci: Fix race condition causing garbage during shutdown - sh_eth: Use platform device for printing before register_netdev() - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash - ath5k: fix memory leak on buf on failed eeprom read - selftests/powerpc: Fix TM resched DSCR test with some compilers - xfrm: fix state migration copy replay sequence numbers - iio: hi8435: avoid garbage event at first enable - iio: hi8435: cleanup reset gpio - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors - md-cluster: fix potential lock issue in add_new_disk - ARM: davinci: da8xx: Create DSP device only when assigned memory - ray_cs: Avoid reading past end of buffer - leds: pca955x: Correct I2C Functionality - sched/numa: Use down_read_trylock() for the mmap_sem - net/mlx5: Tolerate irq_set_affinity_hint() failures - selinux: do not check open permission on sockets - block: fix an error code in add_partition() - mlx5: fix bug reading rss_hash_type from CQE - net: ieee802154: fix net_device reference release too early - libceph: NULL deref on crush_decode() error path - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() - ASoC: rsnd: SSI PIO adjust to 24bit mode - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() - fix race in drivers/char/random.c:get_reg() - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() - tcp: better validation of received ack sequences - net: move somaxconn init from sysctl code - Input: elan_i2c - clear INT before resetting controller - bonding: Don't update slave->link until ready to commit - KVM: nVMX: Fix handling of lmsw instruction - net: llc: add lock_sock in llc_ui_bind to avoid a race condition - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node - thermal: power_allocator: fix one race condition issue for thermal_instances list - perf probe: Add warning message if there is unexpected event name - l2tp: fix missing print session offset info - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path - hwmon: (ina2xx) Make calibration register value fixed - media: videobuf2-core: don't go out of the buffer range - ASoC: Intel: cht_bsw_rt5645: Analog Mic support - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. - vfb: fix video mode and line_length being set when loaded - gpio: label descriptors using the device name - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' - wl1251: check return from call to wl1251_acx_arp_ip_filter - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl - ovl: filter trusted xattr for non-admin - powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] - dmaengine: imx-sdma: Handle return value of clk_prepare_enable - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage - net/mlx5: avoid build warning for uniprocessor - cxgb4: FW upgrade fixes - rtc: opal: Handle disabled TPO in opal_get_tpo_time() - rtc: interface: Validate alarm-time before handling rollover - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() - net: freescale: fix potential null pointer dereference - KVM: SVM: do not zero out segment attributes if segment is unusable or not present - clk: scpi: fix return type of __scpi_dvfs_round_rate - clk: Fix __set_clk_rates error print-string - powerpc/spufs: Fix coredump of SPU contexts - perf trace: Add mmap alias for s390 - qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M - mISDN: Fix a sleep-in-atomic bug - drm/omap: fix tiled buffer stride calculations - cxgb4: fix incorrect cim_la output for T6 - Fix serial console on SNI RM400 machines - bio-integrity: Do not allocate integrity context for bio w/o data - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow - sit: reload iphdr in ipip6_rcv - net/mlx4: Fix the check in attaching steering rules - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport - perf header: Set proper module name when build-id event found - perf report: Ensure the perf DSO mapping matches what libdw sees - tags: honor COMPILED_SOURCE with apart output directory - e1000e: fix race condition around skb_tstamp_tx() - cx25840: fix unchecked return values - mceusb: sporadic RX truncation corruption fix - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support - ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails - perf/core: Correct event creation with PERF_FORMAT_GROUP - MIPS: mm: fixed mappings: correct initialisation - MIPS: mm: adjust PKMAP location - MIPS: kprobes: flush_insn_slot should flush only if probe initialised - Fix loop device flush before configure v3 - net: emac: fix reset timeout with AR8035 phy - skbuff: only inherit relevant tx_flags - xen: avoid type warning in xchg_xen_ulong - bnx2x: Allow vfs to disable txvlan offload - sctp: fix recursive locking warning in sctp_do_peeloff - sparc64: ldc abort during vds iso boot - iio: magnetometer: st_magn_spi: fix spi_device_id table - Bluetooth: Send HCI Set Event Mask Page 2 command only when needed - cpuidle: dt: Add missing 'of_node_put()' - ACPICA: Events: Add runtime stub support for event APIs - ACPICA: Disassembler: Abort on an invalid/unknown AML opcode - s390/dasd: fix hanging safe offline - vxlan: dont migrate permanent fdb entries during learn - bcache: stop writeback thread after detaching - bcache: segregate flash only volume write streams - scsi: libsas: fix memory leak in sas_smp_get_phy_events() - scsi: libsas: fix error when getting phy events - scsi: libsas: initialize sas_phy status according to response of DISCOVER - blk-mq: fix kernel oops in blk_mq_tag_idle() - tty: n_gsm: Allow ADM response in addition to UA for control dlci - EDAC, mv64x60: Fix an error handling path - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages - perf tools: Fix copyfile_offset update of output offset - ipsec: check return value of skb_to_sgvec always - rxrpc: check return value of skb_to_sgvec always - virtio_net: check return value of skb_to_sgvec always - virtio_net: check return value of skb_to_sgvec in one more location - random: use lockless method of accessing and updating f->reg_idx - futex: Remove requirement for lock_page() in get_futex_key() - Kbuild: provide a __UNIQUE_ID for clang - arp: fix arp_filter on l3slave devices - net: fix possible out-of-bound read in skb_network_protocol() - net/ipv6: Fix route leaking between VRFs - netlink: make sure nladdr has correct size in netlink_connect() - net/sched: fix NULL dereference in the error path of tcf_bpf_init() - pptp: remove a buggy dst release in pptp_connect() - sctp: do not leak kernel memory to user space - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 - vhost: correctly remove wait queue during poll failure - vlan: also check phy_driver ts_info for vlan's real device - bonding: fix the err path for dev hwaddr sync in bond_enslave - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave - bonding: process the err returned by dev_set_allmulti properly in bond_enslave - net: fool proof dev_valid_name() - ip_tunnel: better validate user provided tunnel names - ipv6: sit: better validate user provided tunnel names - ip6_gre: better validate user provided tunnel names - ip6_tunnel: better validate user provided tunnel names - vti6: better validate user provided tunnel names - r8169: fix setting driver_data after register_netdev - net sched actions: fix dumping which requires several messages to user space - net/ipv6: Increment OUTxxx counters after netfilter hook - ipv6: the entire IPv6 header chain must fit the first fragment - vrf: Fix use after free and double free in vrf_finish_output - Revert "xhci: plat: Register shutdown for xhci_plat" - Linux 4.4.128 * sky2 gigabit ethernet driver sometimes stops working after lid-open resume from sleep (88E8055) (LP: #1758507) // Xenial update to 4.4.128 stable release (LP: #1765010) - sky2: Increase D3 delay to sky2 stops working after suspend * Xenial update to 4.4.127 stable release (LP: #1765007) - mtd: jedec_probe: Fix crash in jedec_read_mfr() - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() - ALSA: pcm: potential uninitialized return values - partitions/msdos: Unable to mount UFS 44bsd partitions - usb: gadget: define free_ep_req as universal function - usb: gadget: change len to size_t on alloc_ep_req() - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align - usb: gadget: align buffer size when allocating for OUT endpoint - usb: gadget: f_hid: fix: Prevent accessing released memory - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline - ACPI, PCI, irq: remove redundant check for null string pointer - writeback: fix the wrong congested state variable definition - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant - dm ioctl: remove double parentheses - Input: mousedev - fix implicit conversion warning - netfilter: nf_nat_h323: fix logical-not-parentheses warning - genirq: Use cpumask_available() for check of cpumask variable - cpumask: Add helper cpumask_available() - selinux: Remove unnecessary check of array base in selinux_set_mapping() - fs: compat: Remove warning from COMPATIBLE_IOCTL - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp - frv: declare jiffies to be located in the .data section - audit: add tty field to LOGIN event - tty: provide tty_name() even without CONFIG_TTY - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch - selinux: Remove redundant check for unknown labeling behavior - arm64: avoid overflow in VA_START and PAGE_OFFSET - xfrm_user: uncoditionally validate esn replay attribute struct - RDMA/ucma: Check AF family prior resolving address - RDMA/ucma: Fix use-after-free access in ucma_close - RDMA/ucma: Ensure that CM_ID exists prior to access it - RDMA/ucma: Check that device is connected prior to access it - RDMA/ucma: Check that device exists prior to accessing it - RDMA/ucma: Don't allow join attempts for unsupported AF family - RDMA/ucma: Introduce safer rdma_addr_size() variants - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems - netfilter: bridge: ebt_among: add more missing match size checks - netfilter: x_tables: add and use xt_check_proc_name - Bluetooth: Fix missing encryption refresh on Security Request - llist: clang: introduce member_address_is_nonnull() - scsi: virtio_scsi: always read VPD pages for multiqueue too - usb: dwc2: Improve gadget state disconnection handling - USB: serial: ftdi_sio: add RT Systems VX-8 cable - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator - USB: serial: cp210x: add ELDAT Easywave RX09 id - mei: remove dev_err message on an unsupported ioctl - media: usbtv: prevent double free in error case - parport_pc: Add support for WCH CH382L PCI-E single parallel port card. - crypto: ahash - Fix early termination in hash walk - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one - fs/proc: Stop trying to report thread stacks - staging: comedi: ni_mio_common: ack ai fifo error interrupts. - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad - vt: change SGR 21 to follow the standards - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition - ARM: dts: dra7: Add power hold and power controller properties to palmas - ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property - md/raid10: reset the 'first' at the end of loop - net: hns: Fix ethtool private flags - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()" - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" - Revert "cpufreq: Fix governor module removal race" - Revert "mtip32xx: use runtime tag to initialize command header" - spi: davinci: fix up dma_mapping_error() incorrect patch - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata" - Revert "ip6_vti: adjust vti mtu according to mtu of lower device" - Linux 4.4.127 * Xenial update to 4.4.126 stable release (LP: #1764999) - scsi: sg: don't return bogus Sg_requests - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" - net: Fix hlist corruptions in inet_evict_bucket() - dccp: check sk for closed state in dccp_sendmsg() - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() - l2tp: do not accept arbitrary sockets - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface - net/iucv: Free memory obtained by kzalloc - netlink: avoid a double skb free in genlmsg_mcast() - net: Only honor ifindex in IP_PKTINFO if non-0 - skbuff: Fix not waking applications when errors are enqueued - team: Fix double free in error path - s390/qeth: free netdevice when removing a card - s390/qeth: when thread completes, wake up all waiters - s390/qeth: lock read device while queueing next buffer - s390/qeth: on channel error, reject further cmd requests - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() - net: fec: Fix unbalanced PM runtime calls - net: systemport: Rewrite __bcm_sysport_tx_reclaim() - Linux 4.4.126 * Xenial update to 4.4.125 stable release (LP: #1764973) - MIPS: ralink: Remove ralink_halt() - iio: st_pressure: st_accel: pass correct platform data to init - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit - ALSA: aloop: Sync stale timer before release - ALSA: aloop: Fix access to not-yet-ready substream via cable - ALSA: hda/realtek - Always immediately update mute LED with pin VREF - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L - ahci: Add PCI-id for the Highpoint Rocketraid 644L card - clk: bcm2835: Protect sections updating shared registers - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 - libata: fix length validation of ATAPI-relayed SCSI commands - libata: remove WARN() for DMA or PIO command without data - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs - libata: Enable queued TRIM for Samsung SSD 860 - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version - mm/vmalloc: add interfaces to free unmapped page table - x86/mm: implement free pmd/pte page interfaces - drm/vmwgfx: Fix a destoy-while-held mutex problem. - drm/radeon: Don't turn off DP sink when disconnected - drm: udl: Properly check framebuffer mmap offsets - acpi, numa: fix pxm to online numa node associations - brcmfmac: fix P2P_DEVICE ethernet address generation - rtlwifi: rtl8723be: Fix loss of signal - tracing: probeevent: Fix to support minus offset from symbol - mtd: nand: fsl_ifc: Fix nand waitfunc return value - staging: ncpfs: memory corruption in ncp_read_kernel() - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack - can: cc770: Fix queue stall & dropped RTR reply - can: cc770: Fix use after free in cc770_tx_interrupt() - tty: vt: fix up tabstops properly - x86/build/64: Force the linker to use 2MB page size - x86/boot/64: Verify alignment of the LOAD segment - perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period() - staging: lustre: ptlrpc: kfree used instead of kvfree - kbuild: disable clang's default use of -fmerge-all-constants - bpf: skip unnecessary capability check - bpf, x64: increase number of passes - Linux 4.4.125 * System fails to start (boot) on battery due to read-only root file-system (LP: #1726930) // Xenial update to 4.4.125 stable release (LP: #1764973) - libata: disable LPM for Crucial BX100 SSD 500GB drive * Xenial update to 4.4.124 stable release (LP: #1764762) - tpm: fix potential buffer overruns caused by bit glitches on the bus - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA - regulator: anatop: set default voltage selector for pcie - x86: i8259: export legacy_pic symbol - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs - Input: ar1021_i2c - fix too long name in driver's device table - time: Change posix clocks ops interfaces to use timespec64 - ACPI/processor: Fix error handling in __acpi_processor_start() - ACPI/processor: Replace racy task affinity logic - cpufreq/sh: Replace racy task affinity logic - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs - i2c: i2c-scmi: add a MS HID - net: ipv6: send unsolicited NA on admin up - media/dvb-core: Race condition when writing to CAM - spi: dw: Disable clock after unregistering the host - ath: Fix updating radar flags for coutry code India - clk: ns2: Correct SDIO bits - scsi: virtio_scsi: Always try to read VPD pages - KVM: PPC: Book3S PR: Exit KVM on failed mapping - ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER - iommu/omap: Register driver before setting IOMMU ops - md/raid10: wait up frozen array in handle_write_completed - NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete() - tcp: remove poll() flakes with FastOpen - e1000e: fix timing for 82579 Gigabit Ethernet controller - ALSA: hda - Fix headset microphone detection for ASUS N551 and N751 - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow - IB/ipoib: Update broadcast object if PKey value was changed in index 0 - HSI: ssi_protocol: double free in ssip_pn_xmit() - IB/mlx4: Take write semaphore when changing the vma struct - IB/mlx4: Change vma from shared to private - ASoC: Intel: Skylake: Uninitialized variable in probe_codec() - Fix driver usage of 128B WQEs when WQ_CREATE is V1. - netfilter: xt_CT: fix refcnt leak on error path - openvswitch: Delete conntrack entry clashing with an expectation. - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() - wan: pc300too: abort path on failure - qlcnic: fix unchecked return value - scsi: mac_esp: Replace bogus memory barrier with spinlock - infiniband/uverbs: Fix integer overflows - NFS: don't try to cross a mountpount when there isn't one there. - Revert "UBUNTU: SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor platform data properly" - iio: st_pressure: st_accel: Initialise sensor platform data properly - mt7601u: check return value of alloc_skb - rndis_wlan: add return value validation - Btrfs: send, fix file hole not being preserved due to inline extent - mac80211: don't parse encrypted management frames in ieee80211_frame_acked - mfd: palmas: Reset the POWERHOLD mux during power off - mtip32xx: use runtime tag to initialize command header - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y - staging: wilc1000: fix unchecked return value - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a - ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response - ACPI / PMIC: xpower: Fix power_table addresses - drm/nouveau/kms: Increase max retries in scanout position queries. - bnx2x: Align RX buffers - power: supply: pda_power: move from timer to delayed_work - Input: twl4030-pwrbutton - use correct device for irq request - md/raid10: skip spare disk as 'first' disk - ia64: fix module loading for gcc-5.4 - tcm_fileio: Prevent information leak for short reads - video: fbdev: udlfb: Fix buffer on stack - sm501fb: don't return zero on failure path in sm501fb_start() - net: hns: fix ethtool_get_strings overflow in hns driver - cifs: small underflow in cnvrtDosUnixTm() - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL - perf tests kmod-path: Don't fail if compressed modules aren't supported - Bluetooth: hci_qca: Avoid setup failure on missing rampatch - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt - drm/msm: fix leak in failed get_pages - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. - media: bt8xx: Fix err 'bt878_probe()' - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart - cros_ec: fix nul-termination for firmware build info - platform/chrome: Use proper protocol transfer function - mmc: avoid removing non-removable hosts during suspend - IB/ipoib: Avoid memory leak if the SA returns a different DGID - RDMA/cma: Use correct size when writing netlink stats - IB/umem: Fix use of npages/nmap fields - vgacon: Set VGA struct resource types - drm/omap: DMM: Check for DMM readiness after successful transaction commit - pty: cancel pty slave port buf's work in tty_release - coresight: Fix disabling of CoreSight TPIU - pinctrl: Really force states during suspend/resume - iommu/vt-d: clean up pr_irq if request_threaded_irq fails - ip6_vti: adjust vti mtu according to mtu of lower device - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS - nfsd4: permit layoutget of executable-only files - clk: si5351: Rename internal plls to avoid name collisions - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 - RDMA/ucma: Fix access to non-initialized CM_ID object - Linux 4.4.124 * Xenial update to 4.4.123 stable release (LP: #1764666) - blkcg: fix double free of new_blkg in blkcg_init_queue - Input: tsc2007 - check for presence and power down tsc2007 during probe - staging: speakup: Replace BUG_ON() with WARN_ON(). - staging: wilc1000: add check for kmalloc allocation failure. - HID: reject input outside logical range only if null state is set - drm: qxl: Don't alloc fbdev if emulation is not supported - ath10k: fix a warning during channel switch with multiple vaps - PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() - selinux: check for address length in selinux_socket_bind() - perf sort: Fix segfault with basic block 'cycles' sort dimension - i40e: Acquire NVM lock before reads on all devices - i40e: fix ethtool to get EEPROM data from X722 interface - perf tools: Make perf_event__synthesize_mmap_events() scale - drivers: net: xgene: Fix hardware checksum setting - drm: Defer disabling the vblank IRQ until the next interrupt (for instant- off) - ath10k: disallow DFS simulation if DFS channel is not enabled - perf probe: Return errno when not hitting any event - HID: clamp input to logical range if no null state - net/8021q: create device with all possible features in wanted_features - ARM: dts: Adjust moxart IRQ controller and flags - batman-adv: handle race condition for claims between gateways - of: fix of_device_get_modalias returned length when truncating buffers - solo6x10: release vb2 buffers in solo_stop_streaming() - scsi: ipr: Fix missed EH wakeup - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock - timers, sched_clock: Update timeout for clock wrap - sysrq: Reset the watchdog timers while displaying high-resolution timers - Input: qt1070 - add OF device ID table - sched: act_csum: don't mangle TCP and UDP GSO packets - ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer - tcp: sysctl: Fix a race to avoid unexpected 0 window from space - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped - driver: (adm1275) set the m,b and R coefficients correctly for power - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() - blk-throttle: make sure expire time isn't too big - f2fs: relax node version check for victim data in gc - bonding: refine bond_fold_stats() wrap detection - braille-console: Fix value returned by _braille_console_setup - drm/vmwgfx: Fixes to vmwgfx_fb - vxlan: vxlan dev should inherit lowerdev's gso_max_size - NFC: nfcmrvl: Include unaligned.h instead of access_ok.h - NFC: nfcmrvl: double free on error path - ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks - ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks - powerpc: Avoid taking a data miss on every userspace instruction miss - net/faraday: Add missing include of of.h - ARM: dts: koelsch: Correct clock frequency of X2 DU clock input - reiserfs: Make cancel_old_flush() reliable - ALSA: firewire-digi00x: handle all MIDI messages on streaming packets - fm10k: correctly check if interface is removed - apparmor: Make path_max parameter readonly - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range - video: ARM CLCD: fix dma allocation size - drm/radeon: Fail fb creation from imported dma-bufs. - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) - coresight: Fixes coresight DT parse to get correct output port ID. - MIPS: BPF: Quit clobbering callee saved registers in JIT code. - MIPS: BPF: Fix multiple problems in JIT skb access helpers. - MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification - MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters - regulator: isl9305: fix array size - md/raid6: Fix anomily when recovering a single device in RAID6. - usb: dwc2: Make sure we disconnect the gadget state - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() - drivers/perf: arm_pmu: handle no platform_device - perf inject: Copy events when reordering events in pipe mode - perf session: Don't rely on evlist in pipe mode - scsi: sg: check for valid direction before starting the request - scsi: sg: close race condition in sg_remove_sfp_usercontext() - kprobes/x86: Fix kprobe-booster not to boost far call instructions - kprobes/x86: Set kprobes pages read-only - pwm: tegra: Increase precision in PWM rate calculation - wil6210: fix memory access violation in wil_memcpy_from/toio_32 - drm/edid: set ELD connector type in drm_edid_to_eld() - video/hdmi: Allow "empty" HDMI infoframes - HID: elo: clear BTN_LEFT mapping - ARM: dts: exynos: Correct Trats2 panel reset line - sched: Stop switched_to_rt() from sending IPIs to offline CPUs - sched: Stop resched_cpu() from sending IPIs to offline CPUs - test_firmware: fix setting old custom fw path back on exit - net: xfrm: allow clearing socket xfrm policies. - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin - ath10k: update tdls teardown state to target - cpufreq: Fix governor module removal race - clk: qcom: msm8916: fix mnd_width for codec_digcodec - ath10k: fix invalid STS_CAP_OFFSET_MASK - tools/usbip: fixes build with musl libc toolchain - spi: sun6i: disable/unprepare clocks on remove - scsi: core: scsi_get_device_flags_keyed(): Always return device flags - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP - scsi: dh: add new rdac devices - media: cpia2: Fix a couple off by one bugs - veth: set peer GSO values - drm/amdkfd: Fix memory leaks in kfd topology - agp/intel: Flush all chipset writes after updating the GGTT - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED - mac80211: remove BUG() when interface type is invalid - ASoC: nuc900: Fix a loop timeout test - ipvlan: add L2 check for packets arriving via virtual devices - rcutorture/configinit: Fix build directory error message - ima: relax requiring a file signature for new files with zero length - selftests/x86/entry_from_vm86: Exit with 1 if we fail - selftests/x86: Add tests for User-Mode Instruction Prevention - selftests/x86: Add tests for the STR and SLDT instructions - selftests/x86/entry_from_vm86: Add test cases for POPF - x86/vm86/32: Fix POPF emulation - x86/mm: Fix vmalloc_fault to use pXd_large - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() - ALSA: hda - Revert power_save option default value - ALSA: seq: Fix possible UAF in snd_seq_check_queue() - ALSA: seq: Clear client entry before deleting else at closing - drm/amdgpu/dce: Don't turn off DP sink when disconnected - fs: Teach path_connected to handle nfs filesystems with multiple roots. - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it - fs/aio: Add explicit RCU grace period when freeing kioctx - fs/aio: Use RCU accessors for kioctx_table->table[] - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis - scsi: sg: fix SG_DXFER_FROM_DEV transfers - scsi: sg: fix static checker warning in sg_is_valid_dxfer - scsi: sg: only check for dxfer_len greater than 256M - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux - btrfs: alloc_chunk: fix DUP stripe size handling - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device - USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() - usb: gadget: bdc: 64-bit pointer capability check - Linux 4.4.123 * Xenial update to 4.4.123 stable release (LP: #1764666) // CVE-2017-16995 - Revert "bpf: fix incorrect sign extension in check_alu_op()" - bpf: fix incorrect sign extension in check_alu_op() * Xenial update to 4.4.122 stable release (LP: #1764627) - RDMA/ucma: Limit possible option size - RDMA/ucma: Check that user doesn't overflow QP state - RDMA/mlx5: Fix integer overflow while resizing CQ - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS - workqueue: Allow retrieval of current task's work struct - drm: Allow determining if current task is output poll worker - drm/nouveau: Fix deadlock on runtime suspend - drm/radeon: Fix deadlock on runtime suspend - drm/amdgpu: Fix deadlock on runtime suspend - drm/amdgpu: Notify sbios device ready before send request - drm/radeon: fix KV harvesting - drm/amdgpu: fix KV harvesting - MIPS: BMIPS: Do not mask IPIs during suspend - MIPS: ath25: Check for kzalloc allocation failure - MIPS: OCTEON: irq: Check for null return on kzalloc allocation - Input: matrix_keypad - fix race when disabling interrupts - loop: Fix lost writes caused by missing flag - kbuild: Handle builtin dtb file names containing hyphens - bcache: don't attach backing with duplicate UUID - x86/MCE: Serialize sysfs changes - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 - ALSA: seq: More protection for concurrent write and ioctl races - ALSA: hda: add dock and led support for HP EliteBook 820 G3 - ALSA: hda: add dock and led support for HP ProBook 640 G2 - watchdog: hpwdt: SMBIOS check - watchdog: hpwdt: Check source of NMI - watchdog: hpwdt: fix unused variable warning - netfilter: nfnetlink_queue: fix timestamp attribute - Input: tca8418_keypad - remove double read of key event register - tc358743: fix register i2c_rd/wr function fix - netfilter: add back stackpointer size checks - netfilter: x_tables: fix missing timer initialization in xt_LED - netfilter: nat: cope with negative port range - netfilter: IDLETIMER: be syzkaller friendly - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets - netfilter: bridge: ebt_among: add missing match size checks - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt - netfilter: use skb_to_full_sk in ip_route_me_harder - ext4: inplace xattr block update fails to deduplicate blocks - ubi: Fix race condition between ubi volume creation and udev - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport - NFS: Fix an incorrect type in struct nfs_direct_req - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux" - x86/module: Detect and skip invalid relocations - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 - serial: sh-sci: prevent lockup on full TTY buffers - tty/serial: atmel: add new version check for usart - uas: fix comparison for error code - staging: comedi: fix comedi_nsamples_left. - staging: android: ashmem: Fix lockdep issue during llseek - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h - usb: quirks: add control message delay for 1b1c:1b20 - USB: usbmon: remove assignment from IS_ERR argument - usb: usbmon: Read text within supplied buffer size - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device - fixup: sctp: verify size of a new chunk in _sctp_make_chunk() - Linux 4.4.122 * Xenial update to 4.4.122 stable release (LP: #1764627) // CVE-2018-1000004. - ALSA: seq: Don't allow resizing pool in use * Xenial update to 4.4.121 stable release (LP: #1764367) - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus - ALSA: usb-audio: Add a quirck for B&W PX headphones - ALSA: hda: Add a power_save blacklist - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() - media: m88ds3103: don't call a non-initalized function - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects - KVM: mmu: Fix overlap between public and private memslots - btrfs: Don't clear SGID when inheriting ACLs - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux - x86/apic/vector: Handle legacy irq data correctly - leds: do not overflow sysfs buffer in led_trigger_show - x86/spectre: Fix an error message - bridge: check brport attr show in brport_show - fib_semantics: Don't match route with mismatching tclassid - hdlc_ppp: carrier detect ok, don't turn off negotiation - ipv6 sit: work around bogus gcc-8 -Wrestrict warning - net: fix race on decreasing number of TX queues - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68 - netlink: ensure to loop over all netns in genlmsg_multicast_allns() - ppp: prevent unregistered channels from connecting to PPP units - udplite: fix partial checksum initialization - sctp: fix dst refcnt leak in sctp_v4_get_dst - sctp: fix dst refcnt leak in sctp_v6_get_dst() - s390/qeth: fix SETIP command handling - s390/qeth: fix IPA command submission race - sctp: verify size of a new chunk in _sctp_make_chunk() - net: mpls: Pull common label check into helper - dm io: fix duplicate bio completion due to missing ref count - bpf, x64: implement retpoline for tail call - btrfs: preserve i_mode if __btrfs_set_acl() fails - Linux 4.4.121 * Xenial update to 4.4.120 stable release (LP: #1764316) - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) - f2fs: fix a bug caused by NULL extent tree - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM - ipv6: icmp6: Allow icmp messages to be looped back - ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch - sget(): handle failures of register_shrinker() - drm/nouveau/pci: do a msi rearm on init - spi: atmel: fixed spin_lock usage inside atmel_spi_remove - net: arc_emac: fix arc_emac_rx() error paths - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error - ARM: dts: ls1021a: fix incorrect clock references - lib/mpi: Fix umul_ppmm() for MIPS64r6 - tg3: Add workaround to restrict 5762 MRRS to 2048 - tg3: Enable PHY reset in MTU change path for 5720 - bnx2x: Improve reliability in case of nested PCI errors - s390/dasd: fix wrongly assigned configuration data - IB/mlx4: Fix mlx4_ib_alloc_mr error flow - IB/ipoib: Fix race condition in neigh creation - xfs: quota: fix missed destroy of qi_tree_lock - xfs: quota: check result of register_shrinker() - e1000: fix disabling already-disabled warning - drm/ttm: check the return value of kzalloc - mac80211: mesh: drop frames appearing to be from us - can: flex_can: Correct the checking for frame length in flexcan_start_xmit() - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. - xen-netfront: enable device after manual module load - mdio-sun4i: Fix a memory leak - SolutionEngine771x: fix Ether platform data - xen/gntdev: Fix off-by-one error when unmapping with holes - xen/gntdev: Fix partial gntdev_mmap() cleanup - sctp: make use of pre-calculated len - net: gianfar_ptp: move set_fipers() to spinlock protecting area - MIPS: Implement __multi3 for GCC7 MIPS64r6 builds - Linux 4.4.120 * Xenial update to 4.4.119 stable release (LP: #1762453) - netfilter: drop outermost socket lock in getsockopt() - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR - PCI: keystone: Fix interrupt-controller-node lookup - ip_tunnel: replace dst_cache with generic implementation - ip_tunnel: fix preempt warning in ip tunnel creation/updating - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info - cfg80211: fix cfg80211_beacon_dup - iio: buffer: check if a buffer has been set up when poll is called - iio: adis_lib: Initialize trigger before requesting interrupt - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() - usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() - arm64: Disable unhandled signal log messages by default - Add delay-init quirk for Corsair K70 RGB keyboards - usb: dwc3: gadget: Set maxpacket size for ep0 IN - usb: ldusb: add PIDs for new CASSY devices supported by this driver - usb: gadget: f_fs: Process all descriptors during bind - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) - binder: add missing binder_unlock() - Linux 4.4.119 * [regression] Colour banding and artefacts appear system-wide on an Asus Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) // Xenial update to 4.4.119 stable release (LP: #1762453) - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA * Xenial update to 4.4.118 stable release (LP: #1756866) - net: add dst_cache support - [Config] Add CONFIG_DST_CACHE=y - net: replace dst_cache ip6_tunnel implementation with the generic one - cfg80211: check dev_set_name() return value - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. - xfrm: Fix stack-out-of-bounds read on socket policy lookup. - xfrm: check id proto in validate_tmpl() - blktrace: fix unlocked registration of tracepoints - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all - Provide a function to create a NUL-terminated string from unterminated data - selinux: ensure the context is NUL terminated in security_context_to_sid_core() - selinux: skip bounded transition processing if the policy isn't loaded - crypto: x86/twofish-3way - Fix %rbp usage - KVM: x86: fix escape of guest dr6 to the host - netfilter: x_tables: fix int overflow in xt_alloc_table_info() - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() - netfilter: on sockopt() acquire sock lock only in the required scope - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert - net: avoid skb_warn_bad_offload on IS_ERR - ASoC: ux500: add MODULE_LICENSE tag - video: fbdev/mmp: add MODULE_LICENSE - arm64: dts: add #cooling-cells to CPU nodes - Make DST_CACHE a silent config option - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock - staging: android: ashmem: Fix a race condition in pin ioctls - binder: check for binder_thread allocation failure in binder_poll() - staging: iio: adc: ad7192: fix external frequency setting - usbip: keep usbip_device sockfd state in sync with tcp_socket - usb: build drivers/usb/common/ when USB_SUPPORT is set - ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context - ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function - ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen - ARM: dts: am4372: Correct the interrupts_properties of McASP - perf top: Fix window dimensions change handling - perf bench numa: Fixup discontiguous/sparse numa nodes - media: s5k6aa: describe some function parameters - pinctrl: sunxi: Fix A80 interrupt pin bank - RDMA/cma: Make sure that PSN is not over max allowed - scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none - ipvlan: Add the skb->mark as flow4's member to lookup route - powerpc/perf: Fix oops when grouping different pmu events - s390/dasd: prevent prefix I/O error - gianfar: fix a flooded alignment reports because of padding issue. - net_sched: red: Avoid devision by zero - net_sched: red: Avoid illegal values - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree - 509: fix printing uninitialized stack memory when OID is empty - dmaengine: ioat: Fix error handling path - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved - clk: fix a panic error caused by accessing NULL pointer - ASoC: rockchip: disable clock on error - spi: sun4i: disable clocks in the remove function - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies. - drm/armada: fix leak of crtc structure - dmaengine: jz4740: disable/unprepare clk if probe fails - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses - xen: XEN_ACPI_PROCESSOR is Dom0-only - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close - virtio_balloon: prevent uninitialized variable use - isdn: icn: remove a #warning - vmxnet3: prevent building with 64K pages - [Config] ppc64el: Drop vmxnet3 module - gpio: intel-mid: Fix build warning when !CONFIG_PM - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning - video: fbdev: via: remove possibly unused variables - scsi: advansys: fix build warning for PCI=n - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y - arm64: define BUG() instruction without CONFIG_BUG - x86/fpu/math-emu: Fix possible uninitialized variable use - tools build: Add tools tree support for 'make -s' - x86/build: Silence the build with "make -s" - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies - x86: add MULTIUSER dependency for KVM - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG - scsi: advansys: fix uninitialized data access - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set - ALSA: hda/ca0132 - fix possible NULL pointer use - reiserfs: avoid a -Wmaybe-uninitialized warning - ssb: mark ssb_bus_register as __maybe_unused - thermal: spear: use __maybe_unused for PM functions - x86/boot: Avoid warning for zero-filling .bss - scsi: sim710: fix build warning - drivers/net: fix eisa_driver probe section mismatch - dpt_i2o: fix build warning - profile: hide unused functions when !CONFIG_PROC_FS - md: avoid warning for 32-bit sector_t - mtd: ichxrom: maybe-uninitialized with gcc-4.9 - mtd: maps: add __init attribute - mptfusion: hide unused seq_mpt_print_ioc_summary function - scsi: fdomain: drop fdomain_pci_tbl when built-in - video: fbdev: sis: remove unused variable - staging: ste_rmi4: avoid unused function warnings - fbdev: sis: enforce selection of at least one backend - video: Use bool instead int pointer for get_opt_bool() argument - scsi: mvumi: use __maybe_unused to hide pm functions - SCSI: initio: remove duplicate module device table - pwc: hide unused label - usb: musb/ux500: remove duplicate check for dma_is_compatible - tty: hvc_xen: hide xen_console_remove when unused - target/user: Fix cast from pointer to phys_addr_t - driver-core: use 'dev' argument in dev_dbg_ratelimited stub - fbdev: auo_k190x: avoid unused function warnings - amd-xgbe: Fix unused suspend handlers build warning - mtd: sh_flctl: pass FIFO as physical address - mtd: cfi: enforce valid geometry configuration - fbdev: s6e8ax0: avoid unused function warnings - modsign: hide openssl output in silent builds - fbdev: sm712fb: avoid unused function warnings - hwrng: exynos - use __maybe_unused to hide pm functions - USB: cdc_subset: only build when one driver is enabled - [Config] Add CONFIG_USB_NET_CDC_SUBSET_ENABLE=m - rtlwifi: fix gcc-6 indentation warning - staging: wilc1000: fix kbuild test robot error - x86/platform/olpc: Fix resume handler build warning - netfilter: ipvs: avoid unused variable warnings - ipv4: ipconfig: avoid unused ic_proto_used symbol - tc1100-wmi: fix build warning when CONFIG_PM not enabled - tlan: avoid unused label with PCI=n - drm/vmwgfx: use *_32_bits() macros - tty: cyclades: cyz_interrupt is only used for PCI - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg - ASoC: mediatek: add i2c dependency - iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels - infiniband: cxgb4: use %pR format string for printing resources - b2c2: flexcop: avoid unused function warnings - i2c: remove __init from i2c_register_board_info() - staging: unisys: visorinput depends on INPUT - tc358743: fix register i2c_rd/wr functions - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized - Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning - KVM: add X86_LOCAL_APIC dependency - go7007: add MEDIA_CAMERA_SUPPORT dependency - em28xx: only use mt9v011 if camera support is enabled - ISDN: eicon: reduce stack size of sig_ind function - ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume - serial: 8250_mid: fix broken DMA dependency - drm/gma500: Sanity-check pipe index - hdpvr: hide unused variable - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER - cw1200: fix bogus maybe-uninitialized warning - wireless: cw1200: use __maybe_unused to hide pm functions_ - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning - dmaengine: zx: fix build warning - net: hp100: remove unnecessary #ifdefs - gpio: xgene: mark PM functions as __maybe_unused - ncpfs: fix unused variable warning - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig" - power: bq27xxx_battery: mark some symbols __maybe_unused - isdn: sc: work around type mismatch warning - binfmt_elf: compat: avoid unused function warning - idle: i7300: add PCI dependency - usb: phy: msm add regulator dependency - ncr5380: shut up gcc indentation warning - ARM: tegra: select USB_ULPI from EHCI rather than platform - ASoC: Intel: Kconfig: fix build when ACPI is not enabled - netlink: fix nla_put_{u8,u16,u32} for KASAN - dell-wmi, dell-laptop: depends DMI - genksyms: Fix segfault with invalid declarations - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug - drm/gma500: remove helper function - kasan: rework Kconfig settings - KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously - x86/retpoline: Remove the esp/rsp thunk - module/retpoline: Warn about missing retpoline in module - x86/nospec: Fix header guards names - x86/bugs: Drop one "mitigation" from dmesg - x86/cpu/bugs: Make retpoline module warning conditional - x86/spectre: Check CONFIG_RETPOLINE in command line parser - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" - x86/paravirt: Remove 'noreplace-paravirt' cmdline option - x86/retpoline: Avoid retpolines for built-in __init functions - x86/spectre: Simplify spectre_v2 command line parsing - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL - KVM: nVMX: kmap() can't fail - KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types - KVM: VMX: clean up declaration of VPID/EPT invalidation types - KVM: nVMX: invvpid handling improvements - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode - net: dst_cache_per_cpu_dst_set() can be static - ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds - Linux 4.4.118 * ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627) - SAUCE: remove ibrs_dump sysctl interface -- Stefan Bader Wed, 09 May 2018 16:28:10 +0200 linux-kvm (4.4.0-1023.28) xenial; urgency=medium [ Ubuntu: 4.4.0-124.148 ] * CVE-2018-8897 - x86/entry/64: Don't use IST entry for #BP stack * CVE-2018-1087 - kvm/x86: fix icebp instruction handling * CVE-2018-1000199 - perf/hwbp: Simplify the perf-hwbp code, fix documentation [ Ubuntu: 4.4.0-122.146 ] * linux: 4.4.0-122.146 -proposed tracker (LP: #1766264) * Redpine: WiFi scan stopping issue observed with BLE (LP: #1757435) - SAUCE: Redpine: resolve wifi scan stop issue in stress tests [ Ubuntu: 4.4.0-121.145 ] * linux: 4.4.0-121.145 -proposed tracker (LP: #1763687) * Ubuntu-4.4.0-120.144 fails to boot on arm64* hardware (LP: #1763644) - [Config] arm64: disable BPF_JIT_ALWAYS_ON -- Stefan Bader Thu, 03 May 2018 16:01:08 +0200 linux-kvm (4.4.0-1021.26) xenial; urgency=medium * linux-kvm: 4.4.0-1021.26 -proposed tracker (LP: #1761445) * linux-kvm VFIO support for Kata containers (LP: #1759421) - kvm: [config] Enable VFIO [ Ubuntu: 4.4.0-120.144 ] * linux: 4.4.0-120.144 -proposed tracker (LP: #1761438) * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux- image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel) - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current thread" - x86/speculation: Use Indirect Branch Prediction Barrier in context switch * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876) - [Packaging] include the retpoline extractor in the headers * retpoline hints: primary infrastructure and initial hints (LP: #1758856) - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches - x86/speculation, objtool: Annotate indirect calls/jumps for objtool - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit - x86/paravirt, objtool: Annotate indirect calls - x86/asm: Stop depending on ptrace.h in alternative.h - [Packaging] retpoline -- add safe usage hint support - [Packaging] retpoline-check -- only report additions - [Packaging] retpoline -- widen indirect call/jmp detection - [Packaging] retpoline -- elide %rip relative indirections - [Packaging] retpoline -- clear hint information from packages - SAUCE: modpost: add discard to non-allocatable whitelist - KVM: x86: Make indirect calls in emulator speculation safe - KVM: VMX: Make indirect call speculation safe - x86/boot, objtool: Annotate indirect jump in secondary_startup_64() - SAUCE: early/late -- annotate indirect calls in early/late initialisation code - SAUCE: vga_set_mode -- avoid jump tables - [Config] retpoline -- switch to new format - [Packaging] final-checks -- remove check for empty retpoline files * Xenial update to 4.4.117 stable release (LP: #1756860) - IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports - PM / devfreq: Propagate error from devfreq_add_device() - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls - ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property - arm: spear600: Add missing interrupt-parent of rtc - arm: spear13xx: Fix dmas cells - arm: spear13xx: Fix spics gpio controller's warning - ALSA: seq: Fix regression by incorrect ioctl_mutex usages - KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods - x86/cpu: Change type of x86_cache_size variable to unsigned int - drm/radeon: adjust tested variable - rtc-opal: Fix handling of firmware error codes, prevent busy loops - ext4: save error to disk in __ext4_grp_locked_error() - ext4: correct documentation for grpid mount option - mm: hide a #warning for COMPILE_TEST - video: fbdev: atmel_lcdfb: fix display-timings lookup - console/dummy: leave .con_font_get set to NULL - rtlwifi: rtl8821ae: Fix connection lost problem correctly - Btrfs: fix deadlock in run_delalloc_nocow - Btrfs: fix crash due to not cleaning up tree log block's dirty bits - Btrfs: fix unexpected -EEXIST when creating new inode - ALSA: hda - Fix headset mic detection problem for two Dell machines - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute - ALSA: hda/realtek: PCI quirk for Fujitsu U7x7 - ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204 - ALSA: seq: Fix racy pool initializations - mvpp2: fix multicast address filter - dm: correctly handle chained bios in dec_pending() - x86: fix build warnign with 32-bit PAE - vfs: don't do RCU lookup of empty pathnames - ARM: pxa/tosa-bt: add MODULE_LICENSE tag - ARM: dts: s5pv210: add interrupt-parent for ohci - media: r820t: fix r820t_write_reg for KASAN - Linux 4.4.117 * zfs system process hung on container stop/delete (LP: #1754584) - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu19 - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584) * apparmor: fix bad __initdata tagging on, apparmor_initialized (LP: #1758471) - SAUCE: apparmor: fix bad __initdata tagging on, apparmor_initialized * Xenial update to 4.4.116 stable release (LP: #1756121) - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le - powerpc/64: Fix flush_(d|i)cache_range() called from modules - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC - powerpc: Simplify module TOC handling - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file - net: cdc_ncm: initialize drvflags before usage - ASoC: simple-card: Fix misleading error message - ASoC: rsnd: don't call free_irq() on Parent SSI - ASoC: rsnd: avoid duplicate free_irq() - drm: rcar-du: Use the VBK interrupt for vblank events - drm: rcar-du: Fix race condition when disabling planes at CRTC stop - x86/asm: Fix inline asm call constraints for GCC 4.4 - ip6mr: fix stale iterator - net: igmp: add a missing rcu locking section - qlcnic: fix deadlock bug - r8169: fix RTL8168EP take too long to complete driver initialization. - tcp: release sk_frag.page in tcp_disconnect - vhost_net: stop device during reset owner - media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE - KEYS: encrypted: fix buffer overread in valid_master_desc() - don't put symlink bodies in pagecache into highmem - crypto: tcrypt - fix S/G table for test_aead_speed() - x86/microcode: Do the family check first - powerpc/pseries: include linux/types.h in asm/hvcall.h - cifs: Fix missing put_xid in cifs_file_strict_mmap - cifs: Fix autonegotiate security settings mismatch - CIFS: zero sensitive data when freeing - dmaengine: dmatest: fix container_of member in dmatest_callback - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER - kaiser: fix compile error without vsyscall - netfilter: nf_queue: Make the queue_handler pernet - posix-timer: Properly check sigevent->sigev_notify - usb: gadget: uvc: Missing files for configfs interface - sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() - sched/rt: Up the root domain ref count when passing it around via IPIs - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner - mtd: cfi: convert inline functions to macros - mtd: nand: brcmnand: Disable prefetch by default - mtd: nand: Fix nand_do_read_oob() return value - mtd: nand: sunxi: Fix ECC strength choice - ubi: block: Fix locking for idr_alloc/idr_remove - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds - NFS: Add a cond_resched() to nfs_commit_release_pages() - NFS: commit direct writes even if they fail partially - NFS: reject request for id_legacy key without auxdata - kernfs: fix regression in kernfs_fop_write caused by wrong type - ahci: Annotate PCI ids for mobile Intel chipsets as such - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI - ahci: Add Intel Cannon Lake PCH-H PCI ID - crypto: hash - introduce crypto_hash_alg_has_setkey() - crypto: cryptd - pass through absence of ->setkey() - crypto: poly1305 - remove ->setkey() method - nsfs: mark dentry with DCACHE_RCUACCESS - media: v4l2-ioctl.c: don't copy back the result for -ENOTTY - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF - media: v4l2-compat-ioctl32.c: fix the indentation - media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 - media: v4l2-compat-ioctl32.c: avoid sizeof(type) - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type - media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic - crypto: caam - fix endless loop when DECO acquire fails - arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 - watchdog: imx2_wdt: restore previous timeout after suspend+resume - media: ts2020: avoid integer overflows on 32 bit machines - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH - kernel/async.c: revert "async: simplify lowest_in_progress()" - HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working - Bluetooth: btsdio: Do not bind to non-removable BCM43341 - Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version - signal/openrisc: Fix do_unaligned_access to send the proper signal - signal/sh: Ensure si_signo is initialized in do_divide_error - alpha: fix crash if pthread_create races with signal delivery - alpha: fix reboot on Avanti platform - xtensa: fix futex_atomic_cmpxchg_inatomic - EDAC, octeon: Fix an uninitialized variable warning - pktcdvd: Fix pkt_setup_dev() error path - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker - ACPI: sbshc: remove raw pointer from printk() message - ovl: fix failure to fsync lower dir - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy - ftrace: Remove incorrect setting of glob search field - Linux 4.4.116 * Xenial update to 4.4.116 stable release (LP: #1756121) // CVE-2017-5754 - Revert "UBUNTU: SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI" - Revert "UBUNTU: SAUCE: rfi-flush: Fix some RFI conversions in the KVM code" - Revert "UBUNTU: SAUCE: rfi-flush: Fix the 32-bit KVM build" - Revert "UBUNTU: SAUCE: rfi-flush: Fallback flush add load dependency" - Revert "UBUNTU: SAUCE: rfi-flush: Use rfi-flush in printks" - Revert "UBUNTU: SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options" - Revert "UBUNTU: SAUCE: rfi-flush: Refactor the macros so the nops are defined once" - Revert "UBUNTU: SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN" - Revert "UBUNTU: SAUCE: rfi-flush: Fix the fallback flush to actually activate" - Revert "UBUNTU: SAUCE: rfi-flush: Rework pseries logic to be more cautious" - Revert "UBUNTU: SAUCE: rfi-flush: Rework powernv logic to be more cautious" - Revert "UBUNTU: SAUCE: rfi-flush: Add barriers to the fallback L1D flushing" - Revert "UBUNTU: SAUCE: Fix compilation errors for arch/powerpc/lib/feature- fixups.c" - Revert "UBUNTU: SAUCE: Remove setup.h include file otherwise compilation complains about missing header file." - Revert "UBUNTU: SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files" - Revert "UBUNTU: SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush" - Revert "UBUNTU: SAUCE: rfi-flush: Allow HV to advertise multiple flush types" - Revert "UBUNTU: SAUCE: rfi-flush: Support more than one flush type at once" - Revert "UBUNTU: SAUCE: rfi-flush: Expand the RFI section to two nop slots" - Revert "UBUNTU: SAUCE: rfi-flush: Push the instruction selection down to the patching routine" - Revert "UBUNTU: SAUCE: rfi-flush: Make l1d_flush_type bit flags" - Revert "UBUNTU: SAUCE: rfi-flush: Implement congruence-first fallback flush" - Revert "UBUNTU: SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS" - Revert "UBUNTU: SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host" - Revert "UBUNTU: SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid" - Revert "UBUNTU: SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm" - Revert "UBUNTU: SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option" - Revert "UBUNTU: SAUCE: powerpc: Secure memory rfi flush" - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper - powerpc/64: Add macros for annotating the destination of rfid/hrfid - powerpc/64s: Simple RFI macro conversions - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL - powerpc/64s: Add support for RFI flush of L1-D cache - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti - powerpc/pseries: Query hypervisor for RFI flush settings - powerpc/powernv: Check device-tree for RFI flush settings - powerpc/64s: Wire up cpu_show_meltdown() - powerpc/64s: Allow control of RFI flush via debugfs * Intel i40e PF reset due to incorrect MDD detection (continues...) (LP: #1723127) - i40e/i40evf: Account for frags split over multiple descriptors in check linearize - i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K * Xenial update to 4.4.115 stable release (LP: #1755509) - x86: bpf_jit: small optimization in emit_bpf_tail_call() - bpf: fix bpf_tail_call() x64 JIT - [Config] CONFIG_BPF_JIT_ALWAYS_ON=y - bpf: introduce BPF_JIT_ALWAYS_ON config - bpf: arsh is not supported in 32 bit alu thus reject it - bpf: avoid false sharing of map refcount with max_entries - bpf: fix divides by zero - bpf: fix 32-bit divide by zero - bpf: reject stores into ctx via st and xadd - x86/pti: Make unpoison of pgd for trusted boot work for real - kaiser: fix intel_bts perf crashes - ALSA: seq: Make ioctls race-free - crypto: aesni - handle zero length dst buffer - crypto: af_alg - whitelist mask and type - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE - igb: Free IRQs when device is hotplugged - KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure - KVM: x86: Don't re-execute instruction when not passing CR2 value - KVM: X86: Fix operand/address-size during instruction decoding - KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race - KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered - KVM: x86: ioapic: Preserve read-only values in the redirection table - ACPI / bus: Leave modalias empty for devices which are not present - cpufreq: Add Loongson machine dependencies - bcache: check return value of register_shrinker - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode - drm/amdkfd: Fix SDMA ring buffer size calculation - drm/amdkfd: Fix SDMA oversubsription handling - openvswitch: fix the incorrect flow action alloc size - mac80211: fix the update of path metric for RANN frame - btrfs: fix deadlock when writing out space cache - KVM: VMX: Fix rflags cache during vCPU reset - xen-netfront: remove warning when unloading module - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) - nfsd: Ensure we check stateid validity in the seqid operation checks - grace: replace BUG_ON by WARN_ONCE in exit_net hook - nfsd: check for use of the closed special stateid - lockd: fix "list_add double add" caused by legacy signal interface - hwmon: (pmbus) Use 64bit math for DIRECT format values - powerpc/ppc64el -- Remove ll_temac module from 64-bit builds - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit - quota: Check for register_shrinker() failure. - SUNRPC: Allow connect to return EHOSTUNREACH - kmemleak: add scheduling point to kmemleak_scan() - drm/omap: Fix error handling path in 'omap_dmm_probe()' - xfs: ubsan fixes - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path - scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg - media: usbtv: add a new usbid - usb: gadget: don't dereference g until after it has been null checked - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID - usb: option: Add support for FS040U modem - USB: serial: pl2303: new device id for Chilitag - USB: cdc-acm: Do not log urb submission errors on disconnect - CDC-ACM: apply quirk for card reader - USB: serial: io_edgeport: fix possible sleep-in-atomic - usbip: prevent bind loops on devices attached to vhci_hcd - usbip: list: don't list devices attached to vhci_hcd - USB: serial: simple: add Motorola Tetra driver - usb: f_fs: Prevent gadget unbind if it is already unbound - usb: uas: unconditionally bring back host after reset - selinux: general protection fault in sock_has_perm - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS - spi: imx: do not access registers while clocks disabled - Linux 4.4.115 * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655) - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386 [ Ubuntu: 4.4.0-119.143 ] * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327) * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821) - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" [ Ubuntu: 4.4.0-118.142 ] * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607) * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869) - x86/microcode/AMD: Do not load when running on a hypervisor * CVE-2018-8043 - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() -- Kamal Mostafa Thu, 05 Apr 2018 09:14:44 -0700 linux-kvm (4.4.0-1020.25) xenial; urgency=medium * linux-kvm: 4.4.0-1020.25 -proposed tracker (LP: #1755219) * linux-kvm standard configs for Ubuntu Server workloads (LP: #1736561) - kvm: [config] enable NO_HZ_IDLE, HIGH_RES_TIMERS - kvm: [config] enable NUMA - kvm: [config] enable all CGROUPs - kvm: [config] enable all CONFIG_RD decompressors - kvm: [config] enable COREDUMP - kvm: [config] enable X86_X2APIC - kvm: [config] enable PREEMPT_VOLUNTARY - kvm: [config] enable HOTPLUG_CPU - kvm: [config] enable BLK_DEV_SD - kvm: [config] enable ATA, PATA, SATA - kvm: [config] enable BONDING, MACVLAN, TUN, VETH - kvm: [config] enable HW_RANDOM_{AMD,INTEL,TIMERIOMEM} - kvm: [config] enable EFI_VARS - kvm: [config] enable SQUASHFS - kvm: [retpoline] add new retpoline call sites * Xenial update to 4.4.114 stable release (LP: #1754592) - kvm: [config] enable X86_VSYSCALL_EMULATION * Xenial update to 4.4.110 stable release (LP: #1745071) - [config] updateconfigs for master changes * linux-kvm configs for Kata containers (LP: #1752147) - kvm: [config] Enable PCI Hotplug - kvm: [config] Add support for DPDK - kvm: [config] Enable DAX - kvm: [config] Enable 9P fs [ Ubuntu: 4.4.0-117.141 ] * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208) * Xenial update to 4.4.114 stable release (LP: #1754592) - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels - usbip: prevent vhci_hcd driver from leaking a socket pointer address - usbip: Fix implicit fallthrough warning - usbip: Fix potential format overflow in userspace tools - x86/microcode/intel: Fix BDW late-loading revision check - x86/retpoline: Fill RSB on context switch for affected CPUs - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once - PM / sleep: declare __tracedata symbols as char[] rather than char - time: Avoid undefined behaviour in ktime_add_safe() - timers: Plug locking race vs. timer migration - Prevent timer value 0 for MWAITX - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled - drivers: base: cacheinfo: fix boot error message when acpi is enabled - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID - PCI: layerscape: Fix MSG TLP drop setting - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version - fs/select: add vmalloc fallback for select(2) - hwpoison, memcg: forcibly uncharge LRU pages - cma: fix calculation of aligned offset - mm, page_alloc: fix potential false positive in __zone_watermark_ok - ipc: msg, make msgrcv work with LONG_MIN - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() - ACPI / processor: Avoid reserving IO regions too early - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching - ACPICA: Namespace: fix operand cache leak - netfilter: x_tables: speed up jump target validation - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags - netfilter: nf_ct_expect: remove the redundant slash when policy name is empty - netfilter: nfnetlink_queue: reject verdict request from different portid - netfilter: restart search if moved to other chain - netfilter: nf_conntrack_sip: extend request line validation - netfilter: use fwmark_reflect in nf_send_reset - ext2: Don't clear SGID when inheriting ACLs - reiserfs: fix race in prealloc discard - reiserfs: don't preallocate blocks for extended attributes - reiserfs: Don't clear SGID when inheriting ACLs - fs/fcntl: f_setown, avoid undefined behaviour - scsi: libiscsi: fix shifting of DID_REQUEUE host byte - Input: trackpoint - force 3 buttons if 0 button is reported - usb: usbip: Fix possible deadlocks reported by lockdep - usbip: fix stub_rx: get_pipe() to validate endpoint number - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input - usbip: prevent leaking socket pointer address in messages - um: link vmlinux with -no-pie - vsyscall: Fix permissions for emulate mode with KAISER/PTI - eventpoll.h: add missing epoll event masks - x86/microcode/intel: Extend BDW late-loading further with LLC size check - hrtimer: Reset hrtimer cpu base proper on CPU hotplug - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL - ipv6: fix udpv6 sendmsg crash caused by too small MTU - ipv6: ip6_make_skb() needs to clear cork.base.dst - lan78xx: Fix failure in USB Full Speed - net: igmp: fix source address check for IGMPv3 reports - tcp: __tcp_hdrlen() helper - net: qdisc_pkt_len_init() should be more robust - pppoe: take ->needed_headroom of lower device into account on xmit - r8169: fix memory corruption on retrieval of hardware statistics. - sctp: do not allow the v4 socket to bind a v4mapped v6 address - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf - vmxnet3: repair memory leak - net: Allow neigh contructor functions ability to modify the primary_key - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY - flow_dissector: properly cap thoff field - net: tcp: close sock if net namespace is exiting - nfsd: auth: Fix gid sorting when rootsquash enabled - Linux 4.4.114 * Xenial update to 4.4.113 stable release (LP: #1754375) - gcov: disable for COMPILE_TEST - scsi: sg: disable SET_FORCE_LOW_DMA - futex: Prevent overflow by strengthen input validation - ALSA: pcm: Remove yet superfluous WARN_ON() - ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant - ALSA: hda - Apply the existing quirk to iMac 14,1 - af_key: fix buffer overread in verify_address_len() - af_key: fix buffer overread in parse_exthdrs() - scsi: hpsa: fix volume offline state - sched/deadline: Zero out positive runtime after throttling constrained tasks - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit - x86/apic/vector: Fix off by one in error path - Input: 88pm860x-ts - fix child-node lookup - Input: twl6040-vibra - fix DT node memory management - Input: twl6040-vibra - fix child-node lookup - Input: twl4030-vibra - fix sibling-node lookup - tracing: Fix converting enum's from the map in trace_event_eval_update() - phy: work around 'phys' references to usb-nop-xceiv devices - ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 - can: peak: fix potential bug in packet fragmentation - dm btree: fix serious bug in btree_split_beneath() - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls - kbuild: modversions for EXPORT_SYMBOL() for asm - x86/pti: Document fix wrong index - MIPS: AR7: ensure the port type's FCR value is used - Linux 4.4.113 * Xenial update to 4.4.113 stable release (LP: #1754375) // CVE-2017-5753 (Spectre v1 Intel -> upstream) - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" - x86/cpu/AMD: Make LFENCE a serializing instruction - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076) - i2c: octeon: Prevent error message on bus error * qeth: fix calculation of required buffer elements for skb (LP: #1750810) - s390/qeth: fix underestimated count of buffer elements * Support rfkill-any led trigger for Fujitsu u727 (LP: #1745130) - rfkill: Add rfkill-any LED trigger * Redpine: Sometimes Wi-Fi connection shows "unavailable" after resume from WoWLAN S4. WLAN can be recover after reboot or reloading WIFI driver. (LP: #1753438) // Redpine: BLE scanning for nearby beacons per second is too low and result high loss rate. (LP: #1753439) - SAUCE: Redpine: resolve race while resuming from S4 - SAUCE: Redpine: Fix card write failure issue at S4 restore - SAUCE: Redpine: Add deep sleep enable before connection - SAUCE: Redpine: resolve power save issue after S4 resume * qeth: check not more than 16 SBALEs on the completion queue (LP: #1750568) - qeth: check not more than 16 SBALEs on the completion queue * qeth: fix L3 next-hop im xmit qeth hdr (LP: #1750813) - s390/qeth: fix L3 next-hop in xmit qeth hdr * qemu-efi-aarch64 in >= artful can't boot xenial cloud images (LP: #1744754) - irqchip/gic-v3: Refactor gic_of_init() for GICv3 driver - irqchip/gic-v3: Add ACPI support for GICv3/4 initialization - irqchip/gic-v3: ACPI: Add redistributor support via GICC structures - irqchip/gic-v3: Remove gic_root_node variable from the ITS code - irqchip/gic-v3-its: Mark its_init() and its children as __init - ACPICA: Headers: Add new constants for the DBG2 ACPI table - of/serial: move earlycon early_param handling to serial - ACPI: parse SPCR and enable matching console - [Config] CONFIG_ACPI_SPCR_TABLE=y - ARM64: ACPI: enable ACPI_SPCR_TABLE - serial: pl011: add console matching function * OOM and High CPU utilization in update_blocked_averages because of too many cfs_rqs in rq->leaf_cfs_rq_list (LP: #1747896) - sched/fair: Fix O(nr_cgroups) in load balance path * linux-tools: perf incorrectly linking libbfd (LP: #1748922) - SAUCE: tools -- add ability to disable libbfd - [Packaging] correct disablement of libbfd * retpoline abi files are empty on i386 (LP: #1751021) - [Packaging] retpoline-extract -- instantiate retpoline files for i386 - [Packaging] final-checks -- sanity checking ABI contents - [Packaging] final-checks -- check for empty retpoline files * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) // CVE-2018-1000026 - net: create skb_gso_validate_mac_len() - bnx2x: disable GSO where gso_size is too big for hardware * CVE-2017-17448 - netfilter: nfnetlink_cthelper: Add missing permission checks * TB16 dock ethernet corrupts data with hw checksum silently failing (LP: #1729674) - r8152: disable RX aggregation on Dell TB16 dock * linux < 4.8: x-netns vti is broken (LP: #1744078) - net: l3mdev: Add master device lookup by index - xfrm: Only add l3mdev oif to dst lookups * Xenial update to 4.4.112 stable release (LP: #1745266) - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) - can: gs_usb: fix return value of the "set_bittiming" callback - IB/srpt: Disable RDMA access by the initiator - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task - MIPS: Factor out NT_PRFPREG regset access helpers - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y - x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n - x86/acpi: Handle SCI interrupts above legacy space gracefully - iommu/arm-smmu-v3: Don't free page table ops twice - ALSA: pcm: Remove incorrect snd_BUG_ON() usages - ALSA: pcm: Add missing error checks in OSS emulation plugin builder - ALSA: pcm: Abort properly at pending signal in OSS read/write loops - ALSA: pcm: Allow aborting mutex lock at OSS read/write loops - ALSA: aloop: Release cable upon open error path - ALSA: aloop: Fix inconsistent format due to incomplete rule - ALSA: aloop: Fix racy hw constraints adjustment - x86/acpi: Reduce code duplication in mp_override_legacy_irq() - mm/compaction: fix invalid free_pfn and compact_cached_free_pfn - mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page - mm/page-writeback: fix dirty_ratelimit calculation - mm/zswap: use workqueue to destroy pool - zswap: don't param_set_charp while holding spinlock - locks: don't check for race with close when setting OFD lock - futex: Replace barrier() in unqueue_me() with READ_ONCE() - locking/mutex: Allow next waiter lockless wakeup - usbvision fix overflow of interfaces array - usb: musb: ux500: Fix NULL pointer dereference at system PM - r8152: fix the wake event - r8152: use test_and_clear_bit - r8152: adjust ALDPS function - lan78xx: use skb_cow_head() to deal with cloned skbs - sr9700: use skb_cow_head() to deal with cloned skbs - smsc75xx: use skb_cow_head() to deal with cloned skbs - cx82310_eth: use skb_cow_head() to deal with cloned skbs - x86/mm/pat, /dev/mem: Remove superfluous error message - hwrng: core - sleep interruptible in read - sysrq: Fix warning in sysrq generated crash. - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory" - x86/pti/efi: broken conversion from efi to kernel page table - 8021q: fix a memory leak for VLAN 0 device - ip6_tunnel: disable dst caching if tunnel is dual-stack - net: core: fix module type in sock_diag_bind - RDS: Heap OOB write in rds_message_alloc_sgs() - sh_eth: fix TSU resource handling - sh_eth: fix SH7757 GEther initialization - net: stmmac: enable EEE in MII, GMII or RGMII only - ipv6: fix possible mem leaks in ipv6_make_skb() - crypto: algapi - fix NULL dereference in crypto_remove_spawns() - rbd: set max_segments to USHRT_MAX - x86/microcode/intel: Extend BDW late-loading with a revision check - KVM: x86: Add memory barrier on vmcs field lookup - drm/vmwgfx: Potential off by one in vmw_view_add() - kaiser: Set _PAGE_NX only if supported - bpf: don't (ab)use instructions to store state - bpf: move fixup_bpf_calls() function - bpf: refactor fixup_bpf_calls() - bpf: adjust insn_aux_data when patching insns - bpf: prevent out-of-bounds speculation - bpf, array: fix overflow in max_entries and undefined behavior in index_mask - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ - USB: serial: cp210x: add new device ID ELV ALC 8xxx - usb: misc: usb3503: make sure reset is low for at least 100us - USB: fix usbmon BUG trigger - usbip: remove kernel addresses from usb device and urb debug msgs - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl - Bluetooth: Prevent stack info leak from the EFS element. - uas: ignore UAS for Norelsys NS1068(X) chips - e1000e: Fix e1000_check_for_copper_link_ich8lan return value. - x86/Documentation: Add PTI description - sysfs/cpu: Fix typos in vulnerability documentation - x86/alternatives: Fix optimize_nops() checking - selftests/x86: Add test_vsyscall - Linux 4.4.112 * Xenial update to 4.4.111 stable release (LP: #1745263) - x86/kasan: Write protect kasan zero shadow - kernel/acct.c: fix the acct->needcheck check in check_free_space() - crypto: n2 - cure use after free - crypto: chacha20poly1305 - validate the digest size - crypto: pcrypt - fix freeing pcrypt instances - sunxi-rsb: Include OF based modalias in device uevent - fscache: Fix the default for fscache_maybe_release_page() - kernel: make groups_sort calling a responsibility group_info allocators - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() - ARC: uaccess: dont use "l" gcc inline asm constraint modifier - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel - genksyms: Handle string literals with spaces in reference files - module: Issue warnings when tainting kernel - proc: much faster /proc/vmstat - Fix build error in vma.c - Linux 4.4.111 * x86/net/bpf: return statement missing value (LP: #1745364) - SAUCE: (no-up) arch/x86/bpf: Fix missed return statement * Ubuntu 16.04 - s390/cpuinfo: show facilities as reported by stfle (LP: #1744736) - s390/bitops: add for_each_set_bit_inv helper - s390/cpuinfo: show facilities as reported by stfle * Xenial update to 4.4.110 stable release (LP: #1745071) - KPTI: Rename to PAGE_TABLE_ISOLATION - SAUCE: Replace CONFIG_KAISER with CONFIG_PAGE_TABLE_ISOLATION - Linux 4.4.110 * Xenial update to 4.4.109 stable release (LP: #1745069) - ACPI: APEI / ERST: Fix missing error handling in erst_reader() - crypto: mcryptd - protect the per-CPU queue with a lock - mfd: cros ec: spi: Don't send first message too soon - mfd: twl4030-audio: Fix sibling-node lookup - mfd: twl6040: Fix child-node lookup - ALSA: rawmidi: Avoid racy info ioctl via ctl device - ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU - PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() - parisc: Hide Diva-built-in serial aux and graphics card - spi: xilinx: Detect stall with Unknown commands - KVM: X86: Fix load RFLAGS w/o the fixed bit - powerpc/perf: Dereference BHRB entries safely - net: mvneta: clear interface link status on port disable - tracing: Remove extra zeroing out of the ring buffer page - tracing: Fix possible double free on failure of allocating trace buffer - tracing: Fix crash when it fails to alloc ring buffer - ring-buffer: Mask out the info bits when returning buffer page length - iw_cxgb4: Only validate the MSN for successful completions - ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure - ASoC: twl4030: fix child-node lookup - ALSA: hda: Drop useless WARN_ON() - ALSA: hda - fix headset mic detection issue on a Dell machine - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() - x86/mm: Remove flush_tlb() and flush_tlb_current_task() - x86/mm: Make flush_tlb_mm_range() more predictable - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code - x86/mm: Add the 'nopcid' boot option to turn off PCID - x86/mm/64: Fix reboot interaction with CR4.PCIDE - kbuild: add '-fno-stack-check' to kernel build options - ipv4: igmp: guard against silly MTU values - ipv6: mcast: better catch silly mtu values - net: igmp: Use correct source address on IGMPv3 reports - netlink: Add netns check on taps - net: qmi_wwan: add Sierra EM7565 1199:9091 - net: reevalulate autoflowlabel setting after sysctl setting - tcp md5sig: Use skb's saddr when replying to an incoming segment - tg3: Fix rx hang on MTU change with 5717/5719 - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case - sctp: Replace use of sockets_allocated with specified macro. - ipv4: Fix use-after-free when flushing FIB tables - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround - sock: free skb in skb_complete_tx_timestamp on error - usbip: fix usbip bind writing random string after command in match_busid - usbip: stub: stop printing kernel pointer addresses in messages - usbip: vhci: stop printing kernel pointer addresses in messages - USB: serial: ftdi_sio: add id for Airbus DS P8GR - USB: serial: qcserial: add Sierra Wireless EM7565 - USB: serial: option: add support for Telit ME910 PID 0x1101 - USB: serial: option: adding support for YUGA CLM920-NC5 - usb: Add device quirk for Logitech HD Pro Webcam C925e - usb: add RESET_RESUME for ELSA MicroLink 56K - USB: Fix off by one in type-specific length check of BOS SSP capability - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() - x86/smpboot: Remove stale TLB flush invocations - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP - Linux 4.4.109 * Xenial update to 4.4.108 stable release (LP: #1745054) - arm64: Initialise high_memory global variable earlier - cxl: Check if vphb exists before iterating over AFU devices - x86/mm: Fix INVPCID asm constraint - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID - mm/rmap: batched invalidations should use existing api - mm/mmu_context, sched/core: Fix mmu_context.h assumption - sched/core: Add switch_mm_irqs_off() and use it in the scheduler - x86/mm, sched/core: Turn off IRQs in switch_mm() - ARM: Hide finish_arch_post_lock_switch() from modules - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() - x86/irq: Do not substract irq_tlb_count from irq_call_count - ALSA: hda - add support for docking station for HP 820 G2 - ALSA: hda - add support for docking station for HP 840 G3 - arm: kprobes: Fix the return address of multiple kretprobes - arm: kprobes: Align stack to 8-bytes in test code - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex - sch_dsmark: fix invalid skb_cow() usage - bna: integer overflow bug in debugfs - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed - usb: gadget: udc: remove pointer dereference after free - netfilter: nfnl_cthelper: fix runtime expectation policy updates - netfilter: nfnl_cthelper: Fix memory leak - inet: frag: release spinlock before calling icmp_send() - pinctrl: st: add irq_request/release_resources callbacks - scsi: lpfc: Fix PT2PT PRLI reject - KVM: x86: correct async page present tracepoint - KVM: VMX: Fix enable VPID conditions - ARM: dts: ti: fix PCI bus dtc warnings - hwmon: (asus_atk0110) fix uninitialized data access - HID: xinmo: fix for out of range for THT 2P arcade controller. - r8152: prevent the driver from transmitting packets with carrier off - s390/qeth: no ETH header for outbound AF_IUCV - bna: avoid writing uninitialized data into hw registers - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces - i40e: Do not enable NAPI on q_vectors that have no rings - RDMA/iser: Fix possible mr leak on device removal event - irda: vlsi_ir: fix check for DMA mapping errors - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register - ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend - KVM: pci-assign: do not map smm memory slot pages in vt-d page tables - isdn: kcapi: avoid uninitialized data - xhci: plat: Register shutdown for xhci_plat - netfilter: nfnetlink_queue: fix secctx memory leak - ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory - cpuidle: powernv: Pass correct drv->cpumask for registration - bnxt_en: Fix NULL pointer dereference in reopen failure path - backlight: pwm_bl: Fix overflow condition - crypto: crypto4xx - increase context and scatter ring buffer elements - rtc: pl031: make interrupt optional - net: phy: at803x: Change error to EINVAL for invalid MAC - PCI: Avoid bus reset if bridge itself is broken - scsi: cxgb4i: fix Tx skb leak - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive - PCI: Create SR-IOV virtfn/physfn links before attaching driver - igb: check memory allocation failure - ixgbe: fix use of uninitialized padding - PCI/AER: Report non-fatal errors only to the affected endpoint - scsi: lpfc: Fix secure firmware updates - scsi: lpfc: PLOGI failures during NPIV testing - fm10k: ensure we process SM mbx when processing VF mbx - tcp: fix under-evaluated ssthresh in TCP Vegas - rtc: set the alarm to the next expiring timer - cpuidle: fix broadcast control when broadcast can not be entered - thermal: hisilicon: Handle return value of clk_prepare_enable - MIPS: math-emu: Fix final emulation phase for certain instructions - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" - ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit() - ALSA: hda - Degrade i915 binding failure message - ALSA: hda - Fix yet another i915 pointer leftover in error path - alpha: fix build failures - Linux 4.4.108 * Xenial update to 4.4.107 stable release (LP: #1745052) - crypto: hmac - require that the underlying hash algorithm is unkeyed - crypto: salsa20 - fix blkcipher_walk API usage - autofs: fix careless error in recent commit - tracing: Allocate mask_str buffer dynamically - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID - USB: core: prevent malicious bNumInterfaces overflow - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer - ceph: drop negative child dentries before try pruning inode's alias - Bluetooth: btusb: driver to enable the usb-wakeup feature - xhci: Don't add a virt_dev to the devs array before it's fully allocated - sched/rt: Do not pull from current CPU if only one CPU to pull - dmaengine: dmatest: move callback wait queue to thread context - ext4: fix fdatasync(2) after fallocate(2) operation - ext4: fix crash when a directory's i_size is too small - KEYS: add missing permission check for request_key() destination - mac80211: Fix addition of mesh configuration element - usb: phy: isp1301: Add OF device ID table - md-cluster: free md_cluster_info if node leave cluster - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE - userfaultfd: selftest: vm: allow to build in vm/ directory - net: initialize msg.msg_flags in recvfrom - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values - net: bcmgenet: correct MIB access of UniMAC RUNT counters - net: bcmgenet: reserved phy revisions must be checked first - net: bcmgenet: power down internal phy if open or resume fails - net: bcmgenet: Power up the internal PHY before probing the MII - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) - NFSD: fix nfsd_reset_versions for NFSv4. - Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers - netfilter: bridge: honor frag_max_size when refragmenting - writeback: fix memory leak in wb_queue_work() - net: wimax/i2400m: fix NULL-deref at probe - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() - net: Resend IGMP memberships upon peer notification. - mlxsw: reg: Fix SPVM max record count - mlxsw: reg: Fix SPVMLR max record count - intel_th: pci: Add Gemini Lake support - openrisc: fix issue handling 8 byte get_user calls - scsi: hpsa: update check for logical volume status - scsi: hpsa: limit outstanding rescans - fjes: Fix wrong netdevice feature flags - drm/radeon/si: add dpm quirk for Oland - sched/deadline: Make sure the replenishment timer fires in the next period - sched/deadline: Throttle a constrained deadline task activated after the deadline - sched/deadline: Use deadline instead of period when calculating overflow - mmc: mediatek: Fixed bug where clock frequency could be set wrong - drm/radeon: reinstate oland workaround for sclk - afs: Fix missing put_page() - afs: Populate group ID from vnode status - afs: Adjust mode bits processing - afs: Flush outstanding writes when an fd is closed - afs: Migrate vlocation fields to 64-bit - afs: Prevent callback expiry timer overflow - afs: Fix the maths in afs_fs_store_data() - afs: Populate and use client modification time - afs: Fix page leak in afs_write_begin() - afs: Fix afs_kill_pages() - perf symbols: Fix symbols__fixup_end heuristic for corner cases - efi/esrt: Cleanup bad memory map log messages - NFSv4.1 respect server's max size in CREATE_SESSION - btrfs: add missing memset while reading compressed inline extents - target: Use system workqueue for ALUA transitions - target: fix ALUA transition timeout handling - target: fix race during implicit transition work flushes - sfc: don't warn on successful change of MAC - fbdev: controlfb: Add missing modes to fix out of bounds access - video: udlfb: Fix read EDID timeout - video: fbdev: au1200fb: Release some resources if a memory allocation fails - video: fbdev: au1200fb: Return an error code if a memory allocation fails - rtc: pcf8563: fix output clock rate - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type - PCI/PME: Handle invalid data when reading Root Status - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo - netfilter: ipvs: Fix inappropriate output of procfs - powerpc/opal: Fix EBUSY bug in acquiring tokens - powerpc/ipic: Fix status get and status clear - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() - target:fix condition return in core_pr_dump_initiator_port() - target/file: Do not return error for UNMAP if length is zero - arm-ccn: perf: Prevent module unload while PMU is in use - crypto: tcrypt - fix buffer lengths in test_aead_speed() - mm: Handle 0 flags in _calc_vm_trans() macro - clk: mediatek: add the option for determining PLL source clock - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU - clk: tegra: Fix cclk_lp divisor register - ppp: Destroy the mutex when cleanup - thermal/drivers/step_wise: Fix temperature regulation misbehavior - GFS2: Take inode off order_write list when setting jdata flag - bcache: explicitly destroy mutex while exiting - bcache: fix wrong cache_misses statistics - l2tp: cleanup l2tp_tunnel_delete calls - xfs: fix log block underflow during recovery cycle verification - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real - PCI: Detach driver before procfs & sysfs teardown on device remove - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading - scsi: hpsa: destroy sas transport properties before scsi_host - powerpc/perf/hv-24x7: Fix incorrect comparison in memord - tty fix oops when rmmod 8250 - usb: musb: da8xx: fix babble condition handling - pinctrl: adi2: Fix Kconfig build problem - raid5: Set R5_Expanded on parity devices as well as data. - scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend - scsi: sd: change manage_start_stop to bool in sysfs interface - scsi: sd: change allow_restart to bool in sysfs interface - scsi: bfa: integer overflow in debugfs - udf: Avoid overflow when session starts at large offset - macvlan: Only deliver one copy of the frame to the macvlan interface - RDMA/cma: Avoid triggering undefined behavior - IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop - ath9k: fix tx99 potential info leak - Linux 4.4.107 * Xenial update to 4.4.106 stable release (LP: #1745047) - can: ti_hecc: Fix napi poll return value for repoll - can: kvaser_usb: free buf in error paths - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() - can: kvaser_usb: ratelimit errors if incomplete messages are received - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO - can: ems_usb: cancel urb on -EPIPE and -EPROTO - can: esd_usb2: cancel urb on -EPIPE and -EPROTO - can: usb_8dev: cancel urb on -EPIPE and -EPROTO - virtio: release virtio index when fail to device_register - hv: kvp: Avoid reading past allocated blocks from KVP file - isa: Prevent NULL dereference in isa_bus driver callbacks - scsi: libsas: align sata_device's rps_resp on a cacheline - efi: Move some sysfs files to be read-only by root - ASN.1: fix out-of-bounds read when parsing indefinite length item - ASN.1: check for error from ASN1_OP_END__ACT actions - X.509: reject invalid BIT STRING for subjectPublicKey - x86/PCI: Make broadcom_postcore_init() check acpi_disabled - ALSA: pcm: prevent UAF in snd_pcm_info - ALSA: seq: Remove spurious WARN_ON() at timer check - ALSA: usb-audio: Fix out-of-bound error - ALSA: usb-audio: Add check return value for usb_string() - iommu/vt-d: Fix scatterlist offset handling - s390: fix compat system call table - kdb: Fix handling of kallsyms_symbol_next() return value - drm: extra printk() wrapper macros - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU - media: dvb: i2c transfers over usb cannot be done from stack - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts - arm64: fpsimd: Prevent registers leaking from dead tasks - ARM: BUG if jumping to usermode address in kernel mode - ARM: avoid faulting on qemu - thp: reduce indentation level in change_huge_pmd() - thp: fix MADV_DONTNEED vs. numa balancing race - mm: drop unused pmdp_huge_get_and_clear_notify() - Revert "drm/armada: Fix compile fail" - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" - Revert "s390/kbuild: enable modversions for symbols exported from asm" - vti6: Don't report path MTU below IPV6_MIN_MTU. - ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure - x86/hpet: Prevent might sleep splat on resume - selftest/powerpc: Fix false failures for skipped tests - module: set __jump_table alignment to 8 - ARM: OMAP2+: Fix device node reference counts - ARM: OMAP2+: Release device node after it is no longer needed. - gpio: altera: Use handle_level_irq when configured as a level_high - HID: chicony: Add support for another ASUS Zen AiO keyboard - usb: gadget: configs: plug memory leak - USB: gadgetfs: Fix a potential memory leak in 'dev_config()' - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down - libata: drop WARN from protocol error in ata_sff_qc_issue() - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters - irqchip/crossbar: Fix incorrect type of register size - KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset - arm: KVM: Survive unknown traps from guests - arm64: KVM: Survive unknown traps from guests - spi_ks8995: fix "BUG: key accdaa28 not in .data!" - bnx2x: prevent crash when accessing PTP with interface down - bnx2x: fix possible overrun of VFPF multicast addresses array - bnx2x: do not rollback VF MAC/VLAN filters we did not configure - ipv6: reorder icmpv6_init() and ip6_mr_init() - crypto: s5p-sss - Fix completing crypto request in IRQ handler - i2c: riic: fix restart condition - zram: set physical queue limits to avoid array out of bounds accesses - netfilter: don't track fragmented packets - axonram: Fix gendisk handling - drm/amd/amdgpu: fix console deadlock if late init failed - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested - EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro - EDAC, i5000, i5400: Fix definition of NRECMEMB register - kbuild: pkg: use --transform option to prefix paths in tar - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() - route: also update fnhe_genid when updating a route cache - route: update fnhe_expires for redirect when the fnhe exists - lib/genalloc.c: make the avail variable an atomic_long_t - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 - NFS: Fix a typo in nfs_rename() - sunrpc: Fix rpc_task_begin trace point - block: wake up all tasks blocked in get_request() - sparc64/mm: set fields in deferred pages - sctp: do not free asoc when it is already dead in sctp_sendmsg - sctp: use the right sk after waking up from wait_buf sleep - atm: horizon: Fix irq release error - jump_label: Invoke jump_label_test() via early_initcall() - xfrm: Copy policy family in clone_policy - IB/mlx4: Increase maximal message size under UD QP - IB/mlx5: Assign send CQ and recv CQ of UMR QP - afs: Connect up the CB.ProbeUuid - ipvlan: fix ipv6 outbound device - audit: ensure that 'audit=1' actually enables audit for PID 1 - ipmi: Stop timers before cleaning up the module - s390: always save and restore all registers on context switch - tipc: fix memory leak in tipc_accept_from_sock() - rds: Fix NULL pointer dereference in __rds_rdma_map - sit: update frag_off info - packet: fix crash in fanout_demux_rollover() - net/packet: fix a race in packet_bind() and packet_notifier() - Revert "x86/efi: Build our own page table structures" - Revert "x86/efi: Hoist page table switching code into efi_call_virt()" - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping - Linux 4.4.106 * Xenial update to 4.4.105 stable release (LP: #1745046) - bcache: only permit to recovery read error when cache device is clean - bcache: recover data from backing when data is clean - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub - serial: 8250_pci: Add Amazon PCI serial device ID - s390/runtime instrumentation: simplify task exit handling - USB: serial: option: add Quectel BG96 id - ima: fix hash algorithm initialization - s390/pci: do not require AIS facility - selftests/x86/ldt_get: Add a few additional tests for limits - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() - spi: sh-msiof: Fix DMA transfer size check - usb: phy: tahvo: fix error handling in tahvo_usb_probe() - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() - EDAC, sb_edac: Fix missing break in switch - sysrq : fix Show Regs call trace on ARM - perf test attr: Fix ignored test case result - kprobes/x86: Disable preemption in ftrace-based jprobes - net: systemport: Utilize skb_put_padto() - net: systemport: Pad packet before inserting TSB - ARM: OMAP1: DMA: Correct the number of logical channels - vti6: fix device register to report IFLA_INFO_KIND - net/appletalk: Fix kernel memory disclosure - ravb: Remove Rx overflow log messages - nfs: Don't take a reference on fl->fl_file for LOCK operation - KVM: arm/arm64: Fix occasional warning from the timer work function - NFSv4: Fix client recovery when server reboots multiple times - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement - net: sctp: fix array overrun read on sctp_timer_tbl - tipc: fix cleanup at module unload - dmaengine: pl330: fix double lock - tcp: correct memory barrier usage in tcp_check_space() - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers - xen-netfront: Improve error handling during initialization - net: fec: fix multicast filtering hardware setup - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()" - usb: hub: Cycle HUB power when initialization fails - usb: xhci: fix panic in xhci_free_virt_devices_depth_first - usb: ch9: Add size macro for SSP dev cap descriptor - USB: core: Add type-specific length check of BOS descriptors - USB: Increase usbfs transfer limit - USB: devio: Prevent integer overflow in proc_do_submiturb() - USB: usbfs: Filter flags passed in from user space - usb: host: fix incorrect updating of offset - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() - Linux 4.4.105 * Xenial update to 4.4.104 stable release (LP: #1745043) - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers - x86/efi: Hoist page table switching code into efi_call_virt() - x86/efi: Build our own page table structures - ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio - x86/efi-bgrt: Fix kernel panic when mapping BGRT data - x86/efi-bgrt: Replace early_memremap() with memremap() - mm/madvise.c: fix madvise() infinite loop under special circumstances - btrfs: clear space cache inode generation always - KVM: x86: pvclock: Handle first-time write to pvclock-page contains random junk - KVM: x86: Exit to user-mode on #UD intercept when emulator requires - KVM: x86: inject exceptions produced by x86_decode_insn - mmc: core: Do not leave the block driver in a suspended state - eeprom: at24: check at24_read/write arguments - bcache: Fix building error on MIPS - Revert "drm/radeon: dont switch vt on suspend" - drm/radeon: fix atombios on big endian - drm/panel: simple: Add missing panel_simple_unprepare() calls - mtd: nand: Fix writing mtdoops to nand flash. - NFS: revalidate "." etc correctly on "open". - drm/i915: Don't try indexed reads to alternate slave addresses - drm/i915: Prevent zero length "index" write - nfsd: Make init_open_stateid() a bit more whole - nfsd: Fix stateid races between OPEN and CLOSE - nfsd: Fix another OPEN stateid race - Linux 4.4.104 * Xenial update to 4.4.103 stable release (LP: #1744873) - s390: fix transactional execution control register handling - s390/runtime instrumention: fix possible memory corruption - s390/disassembler: add missing end marker for e7 table - s390/disassembler: increase show_code buffer size - AF_VSOCK: Shrink the area influenced by prepare_to_wait - vsock: use new wait API for vsock_stream_sendmsg() - sched: Make resched_cpu() unconditional - lib/mpi: call cond_resched() from mpi_powm() loop - x86/decoder: Add new TEST instruction pattern - ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE - ARM: 8721/1: mm: dump: check hardware RO bit for LPAE - MIPS: ralink: Fix MT7628 pinmux - MIPS: ralink: Fix typo in mt7628 pinmux function - ALSA: hda: Add Raven PCI ID - dm bufio: fix integer overflow when limiting maximum cache size - dm: fix race between dm_get_from_kobject() and __dm_destroy() - MIPS: Fix an n32 core file generation regset support regression - MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 - autofs: don't fail mount for transient error - nilfs2: fix race condition that causes file system corruption - eCryptfs: use after free in ecryptfs_release_messaging() - bcache: check ca->alloc_thread initialized before wake up it - isofs: fix timestamps beyond 2027 - NFS: Fix typo in nomigration mount option - nfs: Fix ugly referral attributes - nfsd: deal with revoked delegations appropriately - rtlwifi: rtl8192ee: Fix memory leak when loading firmware - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time - ata: fixes kernel crash while tracing ata_eh_link_autopsy event - ext4: fix interaction between i_size, fallocate, and delalloc after a crash - ALSA: pcm: update tstamp only if audio_tstamp changed - ALSA: usb-audio: Add sanity checks to FE parser - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU - ALSA: usb-audio: Add sanity checks in v2 clock parsers - ALSA: timer: Remove kernel warning at compat ioctl error paths - ALSA: hda/realtek - Fix ALC700 family no sound issue - fix a page leak in vhost_scsi_iov_to_sgl() error recovery - fs/9p: Compare qid.path in v9fs_test_inode - iscsi-target: Fix non-immediate TMR reference leak - target: Fix QUEUE_FULL + SCSI task attribute handling - KVM: nVMX: set IDTR and GDTR limits when loading L1 host state - KVM: SVM: obey guest PAT - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status - clk: ti: dra7-atl-clock: Fix of_node reference counting - clk: ti: dra7-atl-clock: fix child-node lookups - libnvdimm, namespace: fix label initialization to use valid seq numbers - libnvdimm, namespace: make 'resource' attribute only readable by root - IB/srpt: Do not accept invalid initiator port names - IB/srp: Avoid that a cable pull can trigger a kernel crash - NFC: fix device-allocation error return - i40e: Use smp_rmb rather than read_barrier_depends - igb: Use smp_rmb rather than read_barrier_depends - igbvf: Use smp_rmb rather than read_barrier_depends - ixgbevf: Use smp_rmb rather than read_barrier_depends - i40evf: Use smp_rmb rather than read_barrier_depends - fm10k: Use smp_rmb rather than read_barrier_depends - ixgbe: Fix skb list corruption on Power systems - parisc: Fix validity check of pointer size argument in new CAS implementation - powerpc/signal: Properly handle return value from uprobe_deny_signal() - media: Don't do DMA on stack for firmware upload in the AS102 driver - media: rc: check for integer overflow - cx231xx-cards: fix NULL-deref on missing association descriptor - media: v4l2-ctrl: Fix flags field on Control events - sched/rt: Simplify the IPI based RT balancing logic - fscrypt: lock mutex before checking for bounce page pool - net/9p: Switch to wait_event_killable() - PM / OPP: Add missing of_node_put(np) - e1000e: Fix error path in link detection - e1000e: Fix return value test - RDS: RDMA: return appropriate error on rdma map failures - PCI: Apply _HPX settings only to relevant devices - dmaengine: zx: set DMA_CYCLIC cap_mask bit - net: Allow IP_MULTICAST_IF to set index to L3 slave - net: 3com: typhoon: typhoon_init_one: make return values more specific - net: 3com: typhoon: typhoon_init_one: fix incorrect return values - drm/armada: Fix compile fail - ath10k: fix incorrect txpower set by P2P_DEVICE interface - ath10k: ignore configuring the incorrect board_id - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() - ath10k: set CTS protection VDEV param only if VDEV is up - ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE - drm: Apply range restriction after color adjustment when allocation - mac80211: Remove invalid flag operations in mesh TSF synchronization - mac80211: Suppress NEW_PEER_CANDIDATE event if no room - iio: light: fix improper return value - staging: iio: cdc: fix improper return value - spi: SPI_FSL_DSPI should depend on HAS_DMA - netfilter: nft_queue: use raw_smp_processor_id() - netfilter: nf_tables: fix oob access - ASoC: rsnd: don't double free kctrl - btrfs: return the actual error value from from btrfs_uuid_tree_iterate - ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data - s390/kbuild: enable modversions for symbols exported from asm - xen: xenbus driver must not accept invalid transaction ids - Revert "sctp: do not peel off an assoc from one netns to another one" - Linux 4.4.103 * ppc64el: Do not call ibm,os-term on panic (LP: #1736954) - powerpc: Do not call ppc_md.panic in fadump panic notifier * Xenial update to 4.4.102 stable release (LP: #1744870) - mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites" - Linux 4.4.102 * Xenial update to 4.4.101 stable release (LP: #1744794) - tcp: do not mangle skb->cb[] in tcp_make_synack() - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed - bonding: discard lowest hash bit for 802.3ad layer3+4 - vlan: fix a use-after-free in vlan_device_event() - af_netlink: ensure that NLMSG_DONE never fails in dumps - sctp: do not peel off an assoc from one netns to another one - fealnx: Fix building error on MIPS - net/sctp: Always set scope_id in sctp_inet6_skb_msgname - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS - serial: omap: Fix EFR write on RTS deassertion - arm64: fix dump_instr when PAN and UAO are in use - ocfs2: should wait dio before inode lock in ocfs2_setattr() - ipmi: fix unsigned long underflow - mm/page_alloc.c: broken deferred calculation - coda: fix 'kernel memory exposure attempt' in fsync - mm: check the return value of lookup_page_ext for all call sites - mm/page_ext.c: check if page_ext is not prepared - mm/pagewalk.c: report holes in hugetlb ranges - Linux 4.4.101 * Xenial update to 4.4.100 stable release (LP: #1744639) - media: imon: Fix null-ptr-deref in imon_probe - media: dib0700: fix invalid dvb_detach argument - KVM: x86: fix singlestepping over syscall - net: cdc_ether: fix divide by 0 on bad descriptors - net: qmi_wwan: fix divide by 0 on bad descriptors - arm: crypto: reduce priority of bit-sliced AES cipher - Bluetooth: btusb: fix QCA Rome suspend/resume - dmaengine: dmatest: warn user when dma test times out - extcon: palmas: Check the parent instance to prevent the NULL - fm10k: request reset when mbx->state changes - ARM: dts: Fix compatible for ti81xx uarts for 8250 - ARM: dts: Fix am335x and dm814x scm syscon to probe children - ARM: OMAP2+: Fix init for multiple quirks for the same SoC - ARM: dts: Fix omap3 off mode pull defines - ata: ATA_BMDMA should depend on HAS_DMA - ata: SATA_HIGHBANK should depend on HAS_DMA - ata: SATA_MV should depend on HAS_DMA - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache - igb: reset the PHY before reading the PHY ID - igb: close/suspend race in netif_device_detach - igb: Fix hw_dbg logging in igb_update_flash_i210 - scsi: ufs-qcom: Fix module autoload - scsi: ufs: add capability to keep auto bkops always enabled - staging: rtl8188eu: fix incorrect ERROR tags from logs - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort - scsi: lpfc: Correct host name in symbolic_name field - scsi: lpfc: Correct issue leading to oops during link reset - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload - ALSA: vx: Don't try to update capture stream before running - ALSA: vx: Fix possible transfer overflow - backlight: lcd: Fix race condition during register - backlight: adp5520: Fix error handling in adp5520_bl_probe() - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap - ALSA: hda/realtek - Add new codec ID ALC299 - arm64: dts: NS2: reserve memory for Nitro firmware - ixgbe: fix AER error handling - ixgbe: handle close/suspend race with netif_device_detach/present - ixgbe: Reduce I2C retry count on X550 devices - ixgbe: add mask for 64 RSS queues - ixgbe: do not disable FEC from the driver - staging: rtl8712: fixed little endian problem - MIPS: End asm function prologue macros with .insn - mm: add PHYS_PFN, use it in __phys_to_pfn() - MIPS: init: Ensure bootmem does not corrupt reserved memory - MIPS: init: Ensure reserved memory regions are not added to bootmem - MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds - Revert "crypto: xts - Add ECB dependency" - Revert "uapi: fix linux/rds.h userspace compilation errors" - uapi: fix linux/rds.h userspace compilation error - uapi: fix linux/rds.h userspace compilation errors - USB: usbfs: compute urb->actual_length for isochronous - USB: Add delay-init quirk for Corsair K70 LUX keyboards - USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update - USB: serial: garmin_gps: fix I/O after failed probe and remove - USB: serial: garmin_gps: fix memory leak on probe errors - Linux 4.4.100 * Xenial update to 4.4.99 stable release (LP: #1744636) - mac80211: accept key reinstall without changing anything - mac80211: use constant time comparison with keys - mac80211: don't compare TKIP TX MIC key in reinstall prevention - usb: usbtest: fix NULL pointer dereference - Input: ims-psu - check if CDC union descriptor is sane - ALSA: seq: Cancel pending autoload work at unbinding device - tun/tap: sanitize TUNSETSNDBUF input - tcp: fix tcp_mtu_probe() vs highest_sack - l2tp: check ps->sock before running pppol2tp_session_ioctl() - tun: call dev_get_valid_name() before register_netdevice() - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect - packet: avoid panic in packet_getsockopt() - ipv6: flowlabel: do not leave opt->tot_len with garbage - net/unix: don't show information about sockets from other namespaces - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err - tun: allow positive return values on dev_get_valid_name() call - sctp: reset owner sk for data chunks on out queues when migrating a sock - ppp: fix race in ppp device destruction - ipip: only increase err_count for some certain type icmp in ipip_err - tcp/dccp: fix ireq->opt races - tcp/dccp: fix lockdep splat in inet_csk_route_req() - tcp/dccp: fix other lockdep splats accessing ireq_opt - security/keys: add CONFIG_KEYS_COMPAT to Kconfig - tipc: fix link attribute propagation bug - brcmfmac: remove setting IBSS mode when stopping AP - target/iscsi: Fix iSCSI task reassignment handling - target: Fix node_acl demo-mode + uncached dynamic shutdown regression - misc: panel: properly restore atomic counter on error path - Linux 4.4.99 * elantech touchpad of Lenovo L480/580 failed to detect hw_version (LP: #1733605) - Input: elantech - add new icbody type 15 * Disabling zfs does not always disable module checks for the zfs modules (LP: #1737176) - [Packaging] disable zfs module checks when zfs is disabled * Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 (LP: #1735977) - integrity: convert digsig to akcipher api * CVE-2017-17450 - netfilter: xt_osf: Add missing permission checks * CVE-2017-15129 - net: Fix double free and memory corruption in get_net_ns_by_id() * CVE-2018-5344 - loop: fix concurrent lo_open/lo_release * [KVM] Lower the default for halt_poll_ns to 200000 ns (LP: #1724614) - KVM: x86: lower default for halt_poll_ns * $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted (LP: #1744077) - [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly * Redpine: Wifi/BT not functioning after s3 resume (LP: #1742090) // [16.04][classic] Redpine: wowlan feature doesn't work (LP: #1742094) - SAUCE: Redpine: fix for wowlan wakeup failure - SAUCE: Redpine: fix data issue with non-uapsd APs - SAUCE: Redpine: fix reset card issue - SAUCE: Redpine: fix wowlan issue * Using an NVMe drive causes huge power drain (LP: #1664602) // Samsung SSD 960 EVO 500GB refused to change power state (LP: #1705748) - nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A * Using an NVMe drive causes huge power drain (LP: #1664602) - nvme/scsi: Remove power management support - nvme: return the whole CQE through the request passthrough interface - nvme: factor out a add nvme_is_write helper - nvme: Modify and export sync command submission for fabrics - nvme: Fix nvme_get/set_features() with a NULL result pointer - nvme: Pass pointers, not dma addresses, to nvme_get/set_features() - nvme: Add a quirk mechanism that uses identify_ctrl - nvme: Enable autonomous power state transitions - nvme: Adjust the Samsung APST quirk - nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA" - nvme: only consider exit latency when choosing useful non-op power states - nvme: relax APST default max latency to 100ms - nvme: Quirk APST on Intel 600P/P3100 devices * CVE-2017-17862 - bpf: fix branch pruning logic * CVE-2017-16995 - bpf: fix incorrect sign extension in check_alu_op() * CVE-2017-17741 - KVM: Fix stack-out-of-bounds read in write_mmio * CVE-2018-5333 - RDS: null pointer dereference in rds_atomic_free_op * the kernel is blackholing IPv6 packets to linkdown nexthops (LP: #1738219) - ipv6: Do not consider linkdown nexthops during multipath * /dev/bcache/by-uuid links not created after reboot (LP: #1729145) - SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent * e1000e in 4.4.0-97-generic breaks 82574L under heavy load. (LP: #1730550) - e1000e: Avoid receiver overrun interrupt bursts - e1000e: Separate signaling for link check/link up * ath10k: enhance rf signal strength (LP: #1736317) - ath10k: add max_tx_power for QCA6174 WLAN.RM.2.0 firmware * User reports excessive ALUA retry messages (LP: #1720228) - scsi_dh_alua: uninitialized variable in alua_rtpg() * Add installer support for new Broadcom network drivers. (LP: #1734757) - d-i: Add bnxt_en_bpo to nic-modules. * Transparent hugepages should default to enabled=madvise (LP: #1703742) - SAUCE: use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default -- Kleber Sacilotto de Souza Mon, 19 Mar 2018 10:54:09 +0000 linux-kvm (4.4.0-1019.24) xenial; urgency=medium * linux-kvm: 4.4.0-1019.24 -proposed tracker (LP: #1749092) [ Ubuntu: 4.4.0-116.140 ] * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990) * BUG: unable to handle kernel NULL pointer dereference at 0000000000000009 (LP: #1748671) - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport [ Ubuntu: 4.4.0-115.139 ] * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745) * CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present" - SAUCE: turn off IBRS when full retpoline is present - [Packaging] retpoline files must be sorted - [Packaging] pull in retpoline files [ Ubuntu: 4.4.0-114.137 ] * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484) * ALSA backport missing NVIDIA GPU codec IDs to patch table to Ubuntu 16.04 LTS Kernel (LP: #1744117) - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table * Shutdown hang on 16.04 with iscsi targets (LP: #1569925) - scsi: libiscsi: Allow sd_shutdown on bad transport * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053) - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb) (LP: #1747090) - KVM: s390: wire up bpb feature - KVM: s390: Enable all facility bits that are known good for passthrough * CVE-2017-5715 (Spectre v2 Intel) - SAUCE: drop lingering gmb() macro - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - SAUCE: Fix spec_ctrl support in KVM - SAUCE: turn off IBPB when full retpoline is present -- Stefan Bader Tue, 13 Feb 2018 11:29:15 +0100 linux-kvm (4.4.0-1018.23) xenial; urgency=low * linux-kvm: 4.4.0-1018.23 -proposed tracker (LP: #1746944) [ Ubuntu: 4.4.0-113.136 ] * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936) * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC (LP: #1743638) - [d-i] Add qede to nic-modules udeb * CVE-2017-5753 (Spectre v1 Intel) - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - SAUCE: reinstate MFENCE_RDTSC feature definition - locking/barriers: introduce new observable speculation barrier - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - ipv4: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - userns: prevent speculative execution - SAUCE: claim mitigation via observable speculation barrier - SAUCE: powerpc: add osb barrier - SAUCE: s390/spinlock: add osb memory barrier - SAUCE: arm64: no osb() implementation yet - SAUCE: arm: no osb() implementation yet * CVE-2017-5715 (Spectre v2 retpoline) - x86/cpuid: Provide get_scattered_cpuid_leaf() - x86/cpu: Factor out application of forced CPU caps - x86/cpufeatures: Make CPU bugs sticky - x86/cpufeatures: Add X86_BUG_CPU_INSECURE - x86/cpu, x86/pti: Do not enable PTI on AMD processors - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] - x86/cpu: Merge bugs.c and bugs_64.c - sysfs/cpu: Add vulnerability folder - x86/cpu: Implement CPU vulnerabilites sysfs functions - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier - x86/asm: Use register variable to get stack pointer value - x86/kbuild: enable modversions for symbols exported from asm - x86/asm: Make asm/alternative.h safe from assembly - EXPORT_SYMBOL() for asm - kconfig.h: use __is_defined() to check if MODULE is defined - x86/retpoline: Add initial retpoline support - x86/spectre: Add boot time option to select Spectre v2 mitigation - x86/retpoline/crypto: Convert crypto assembler indirect jumps - x86/retpoline/entry: Convert entry assembler indirect jumps - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps - x86/retpoline/hyperv: Convert assembler indirect jumps - x86/retpoline/xen: Convert Xen hypercall indirect jumps - x86/retpoline/checksum32: Convert assembler indirect jumps - x86/retpoline/irq32: Convert assembler indirect jumps - x86/retpoline: Fill return stack buffer on vmexit - x86/retpoline: Remove compile time warning - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - module: Add retpoline tag to VERMAGIC - x86/mce: Make machine check speculation protected - retpoline: Introduce start/end markers of indirect thunk - kprobes/x86: Blacklist indirect thunk functions for kprobes - kprobes/x86: Disable optimizing on the function jumps to indirect thunk - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB - [Config] CONFIG_RETPOLINE=y - [Packaging] retpoline -- add call site validation - [Config] disable retpoline checks for first upload * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed) - Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM" - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()" - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit" - Revert "Revert "x86/svm: Add code to clear registers on VM exit"" - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature -- repair missmerge" - Revert "arm: no gmb() implementation yet" - Revert "arm64: no gmb() implementation yet" - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit" - Revert "s390/spinlock: add gmb memory barrier" - Revert "powerpc: add gmb barrier" - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature" - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized" - Revert "x86/svm: Add code to clear registers on VM exit" - Revert "x86/svm: Add code to clobber the RSB on VM exit" - Revert "KVM: x86: Add speculative control CPUID support for guests" - Revert "x86/svm: Set IBPB when running a different VCPU" - Revert "x86/svm: Set IBRS value on VM entry and exit" - Revert "KVM: SVM: Do not intercept new speculative control MSRs" - Revert "x86/microcode: Extend post microcode reload to support IBPB feature" - Revert "x86/cpu/AMD: Add speculative control support for AMD" - Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR" - Revert "x86/entry: Use retpoline for syscall's indirect calls" - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible syscall entrance" - Revert "x86/syscall: Clear unused extra registers on syscall entrance" - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control" - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature" - Revert "x86/kvm: Pad RSB on VM transition" - Revert "x86/kvm: Toggle IBRS on VM entry and exit" - Revert "x86/kvm: Set IBPB when switching VM" - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm" - Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform" - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current thread" - Revert "x86/mm: Set IBPB upon context switch" - Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup" - Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup" - Revert "x86/enter: Use IBRS on syscall and interrupts" - Revert "x86/enter: MACROS to set/clear IBRS and set IBPB" - Revert "x86/feature: Report presence of IBPB and IBRS control" - Revert "x86/feature: Enable the x86 feature to control Speculation" - Revert "udf: prevent speculative execution" - Revert "net: mpls: prevent speculative execution" - Revert "fs: prevent speculative execution" - Revert "ipv6: prevent speculative execution" - Revert "userns: prevent speculative execution" - Revert "Thermal/int340x: prevent speculative execution" - Revert "qla2xxx: prevent speculative execution" - Revert "carl9170: prevent speculative execution" - Revert "uvcvideo: prevent speculative execution" - Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled" - Revert "bpf: prevent speculative execution in eBPF interpreter" * CVE-2017-17712 - net: ipv4: fix for a race condition in raw_sendmsg * upload urgency should be medium by default (LP: #1745338) - [Packaging] update urgency to medium by default * CVE-CVE-2017-12190 - more bio_map_user_iov() leak fixes * CVE-2015-8952 - mbcache2: reimplement mbcache - ext2: convert to mbcache2 - ext4: convert to mbcache2 - mbcache2: limit cache size - mbcache2: Use referenced bit instead of LRU - ext4: kill ext4_mballoc_ready - ext4: shortcut setting of xattr to the same value - mbcache: remove mbcache - mbcache2: rename to mbcache - mbcache: get rid of _e_hash_list_head - mbcache: add reusable flag to cache entries * CVE-2017-15115 - sctp: do not peel off an assoc from one netns to another one * CVE-2017-8824 - dccp: CVE-2017-8824: use-after-free in DCCP code [ Ubuntu: 4.4.0-112.135 ] * linux: 4.4.0-112.135 -proposed tracker (LP: #1744244) * CVE-2017-5715 // CVE-2017-5753 - x86/cpuid: Provide get_scattered_cpuid_leaf() - SAUCE: Fix spec_ctrl support in KVM - SAUCE: s390: improve cpu alternative handling for gmb and nobp - SAUCE: s390: print messages for gmb and nobp - [Config] KERNEL_NOBP=y [ Ubuntu: 4.4.0-111.134 ] * linux: 4.4.0-111.134 -proposed tracker (LP: #1743362) * Do not duplicate changelog entries assigned to more than one bug or CVE (LP: #1743383) - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better * CVE-2017-5715 // CVE-2017-5753 - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature -- repair missmerge - Revert "x86/svm: Add code to clear registers on VM exit" - kvm: vmx: Scrub hardware GPRs at VM-exit * CVE-2017-5754 - SAUCE: powerpc: use sync instead of hwsync mnemonic -- Kleber Sacilotto de Souza Thu, 08 Feb 2018 12:30:28 +0100 linux-kvm (4.4.0-1017.22) xenial; urgency=low * linux-kvm: 4.4.0-1016.21 -proposed tracker (LP: #1743002) [ Ubuntu: 4.4.0-110.133 ] * linux: 4.4.0-110.133 -proposed tracker (LP: #1742995) * CVE-2017-5753 - x86/microcode/AMD: Add support for fam17h microcode loading - bpf: add bpf_patch_insn_single helper - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis - bpf: add generic constant blinding for use in jits - locking/barriers: introduce new memory barrier gmb() - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - uvcvideo: prevent speculative execution - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - userns: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/kvm: Pad RSB on VM transition - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/syscall: Clear unused extra registers on syscall entrance - x86/syscall: Clear unused extra registers on 32-bit compatible syscall entrance - x86/entry: Use retpoline for syscall's indirect calls - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - x86/svm: Add code to clobber the RSB on VM exit - x86/svm: Add code to clear registers on VM exit - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - powerpc: add gmb barrier - s390/spinlock: add gmb memory barrier - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit - arm64: no gmb() implementation yet - arm: no gmb() implementation yet * CVE-2017-5715 - x86/microcode/AMD: Add support for fam17h microcode loading - bpf: add bpf_patch_insn_single helper - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis - bpf: add generic constant blinding for use in jits - locking/barriers: introduce new memory barrier gmb() - bpf: prevent speculative execution in eBPF interpreter - x86, bpf, jit: prevent speculative execution when JIT is enabled - uvcvideo: prevent speculative execution - carl9170: prevent speculative execution - qla2xxx: prevent speculative execution - Thermal/int340x: prevent speculative execution - userns: prevent speculative execution - ipv6: prevent speculative execution - fs: prevent speculative execution - net: mpls: prevent speculative execution - udf: prevent speculative execution - x86/feature: Enable the x86 feature to control Speculation - x86/feature: Report presence of IBPB and IBRS control - x86/enter: MACROS to set/clear IBRS and set IBPB - x86/enter: Use IBRS on syscall and interrupts - x86/idle: Disable IBRS entering idle and enable it on wakeup - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup - x86/mm: Set IBPB upon context switch - x86/mm: Only set IBPB when the new thread cannot ptrace current thread - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm - x86/kvm: Set IBPB when switching VM - x86/kvm: Toggle IBRS on VM entry and exit - x86/kvm: Pad RSB on VM transition - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control - x86/syscall: Clear unused extra registers on syscall entrance - x86/syscall: Clear unused extra registers on 32-bit compatible syscall entrance - x86/entry: Use retpoline for syscall's indirect calls - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR - x86/cpu/AMD: Add speculative control support for AMD - x86/microcode: Extend post microcode reload to support IBPB feature - KVM: SVM: Do not intercept new speculative control MSRs - x86/svm: Set IBRS value on VM entry and exit - x86/svm: Set IBPB when running a different VCPU - KVM: x86: Add speculative control CPUID support for guests - x86/svm: Add code to clobber the RSB on VM exit - x86/svm: Add code to clear registers on VM exit - x86/cpu/AMD: Make the LFENCE instruction serialized - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature - powerpc: add gmb barrier - s390/spinlock: add gmb memory barrier - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit - arm64: no gmb() implementation yet - arm: no gmb() implementation yet * powerpc: flush L1D on return to use (LP: #1742772) - SAUCE: powerpc: Secure memory rfi flush - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS - SAUCE: rfi-flush: Implement congruence-first fallback flush - SAUCE: rfi-flush: Make l1d_flush_type bit flags - SAUCE: rfi-flush: Push the instruction selection down to the patching routine - SAUCE: rfi-flush: Expand the RFI section to two nop slots - SAUCE: rfi-flush: Support more than one flush type at once - SAUCE: rfi-flush: Allow HV to advertise multiple flush types - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files - SAUCE: Remove setup.h include file otherwise compilation complains about missing header file. - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing - SAUCE: rfi-flush: Rework powernv logic to be more cautious - SAUCE: rfi-flush: Rework pseries logic to be more cautious - SAUCE: rfi-flush: Fix the fallback flush to actually activate - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN - SAUCE: rfi-flush: Refactor the macros so the nops are defined once - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options - SAUCE: rfi-flush: Use rfi-flush in printks - SAUCE: rfi-flush: Fallback flush add load dependency - SAUCE: rfi-flush: Fix the 32-bit KVM build - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI * s390: add ppa to kernel entry/exit (LP: #1742771) - s390: introduce CPU alternatives - s390: add ppa to kernel entry / exit * CVE-2017-5754 - x86/tlb: Drop the _GPL from the cpu_tlbstate export - Map the vsyscall page with _PAGE_USER - s390: introduce CPU alternatives - s390: add ppa to kernel entry / exit - SAUCE: powerpc: Secure memory rfi flush - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS - SAUCE: rfi-flush: Implement congruence-first fallback flush - SAUCE: rfi-flush: Make l1d_flush_type bit flags - SAUCE: rfi-flush: Push the instruction selection down to the patching routine - SAUCE: rfi-flush: Expand the RFI section to two nop slots - SAUCE: rfi-flush: Support more than one flush type at once - SAUCE: rfi-flush: Allow HV to advertise multiple flush types - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files - SAUCE: Remove setup.h include file otherwise compilation complains about missing header file. - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing - SAUCE: rfi-flush: Rework powernv logic to be more cautious - SAUCE: rfi-flush: Rework pseries logic to be more cautious - SAUCE: rfi-flush: Fix the fallback flush to actually activate - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN - SAUCE: rfi-flush: Refactor the macros so the nops are defined once - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options - SAUCE: rfi-flush: Use rfi-flush in printks - SAUCE: rfi-flush: Fallback flush add load dependency - SAUCE: rfi-flush: Fix the 32-bit KVM build - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI -- Kamal Mostafa Fri, 12 Jan 2018 13:09:55 -0800 linux-kvm (4.4.0-1016.21) xenial; urgency=low * linux-kvm: 4.4.0-1016.21 -proposed tracker (LP: #1742260) [ Ubuntu: 4.4.0-109.132 ] * linux: 4.4.0-109.132 -proposed tracker (LP: #1742252) * Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix) (LP: #1741934) - SAUCE: kaiser: fix perf crashes - fix to original commit [ Ubuntu: 4.4.0-108.131 ] * linux: 4.4.0-108.131 -proposed tracker (LP: #1741727) * CVE-2017-5754 - x86/mm: Disable PCID on 32-bit kernels -- Marcelo Henrique Cerri Tue, 09 Jan 2018 19:21:03 -0200 linux-kvm (4.4.0-1015.20) xenial; urgency=low * linux-kvm: 4.4.0-1015.20 -proposed tracker (LP: #1741651) [ Ubuntu: 4.4.0-107.130 ] * linux: 4.4.0-107.130 -proposed tracker (LP: #1741643) * CVE-2017-5754 - Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso" - KPTI: Report when enabled - x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap - x86/kasan: Clear kasan_zero_page after TLB flush - kaiser: Set _PAGE_NX only if supported [ Ubuntu: 4.4.0-106.129 ] * linux: 4.4.0-106.129 -proposed tracker (LP: #1741528) * CVE-2017-5754 - KAISER: Kernel Address Isolation - kaiser: merged update - kaiser: do not set _PAGE_NX on pgd_none - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE - kaiser: fix build and FIXME in alloc_ldt_struct() - kaiser: KAISER depends on SMP - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER - kaiser: fix perf crashes - kaiser: ENOMEM if kaiser_pagetable_walk() NULL - kaiser: tidied up asm/kaiser.h somewhat - kaiser: tidied up kaiser_add/remove_mapping slightly - kaiser: kaiser_remove_mapping() move along the pgd - kaiser: cleanups while trying for gold link - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET - kaiser: delete KAISER_REAL_SWITCH option - kaiser: vmstat show NR_KAISERTABLE as nr_overhead - x86/mm: Enable CR4.PCIDE on supported systems - x86/mm: Build arch/x86/mm/tlb.c even on !SMP - x86/mm, sched/core: Uninline switch_mm() - x86/mm: Add INVPCID helpers - x86/mm: If INVPCID is available, use it to flush global mappings - kaiser: enhanced by kernel and user PCIDs - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user - kaiser: PCID 0 for kernel and 128 for user - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user - kaiser: paranoid_entry pass cr3 need to paranoid_exit - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls - kaiser: fix unlikely error in alloc_ldt_struct() - kaiser: add "nokaiser" boot option, using ALTERNATIVE - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling - x86/boot: Add early cmdline parsing for options with arguments - x86/kaiser: Check boottime cmdline params - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush - kaiser: drop is_atomic arg to kaiser_pagetable_walk() - kaiser: asm/tlbflush.h handle noPGE at lower level - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID - x86/paravirt: Dont patch flush_tlb_single - x86/kaiser: Reenable PARAVIRT - kaiser: disabled on Xen PV - x86/kaiser: Move feature detection up - kvm: x86: fix RSM when PCID is non-zero - SAUCE: arch/x86/entry/vdso: temporarily disable vdso - [Config]: CONFIG_KAISER=y -- Kamal Mostafa Sat, 06 Jan 2018 14:10:06 -0800 linux-kvm (4.4.0-1013.18) xenial; urgency=low * linux-kvm: 4.4.0-1013.18 -proposed tracker (LP: #1737518) [ Ubuntu: 4.4.0-104.127 ] * linux: 4.4.0-104.127 -proposed tracker (LP: #1737511) * upgrading linux-image package to 4.4.0-103.126 breaks Ceph network file system connection (LP: #1737033) - Revert "libceph: MOSDOpReply v7 encoding" - Revert "libceph: advertise support for TUNABLES5" - Revert "crush: decode and initialize chooseleaf_stable" - Revert "crush: add chooseleaf_stable tunable" - Revert "crush: ensure take bucket value is valid" - Revert "crush: ensure bucket id is valid before indexing buckets array" -- Thadeu Lima de Souza Cascardo Mon, 11 Dec 2017 12:57:47 -0200 linux-kvm (4.4.0-1012.17) xenial; urgency=low * linux-kvm: 4.4.0-1012.17 -proposed tracker (LP: #1736189) [ Ubuntu: 4.4.0-103.126 ] * linux: 4.4.0-103.126 -proposed tracker (LP: #1736181) * CVE-2017-1000405 - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() * CVE-2017-16939 - netlink: add a start callback for starting a netlink dump - ipsec: Fix aborted xfrm policy dump crash -- Stefan Bader Tue, 05 Dec 2017 11:45:11 +0100 linux-kvm (4.4.0-1011.16) xenial; urgency=low * linux-kvm: 4.4.0-1011.16 -proposed tracker (LP: #1734968) * linux-kvm standard configs for kernel test suite (LP: #1729681) - kvm: [config] enable AIO - kvm: [config] enable HUGETLBFS - kvm: [config] enable IA32_EMULATION - kvm: [config] enable SWAP - kvm: [config] enable USERFAULTFD - kvm: [config] enable FANOTIFY - kvm: [config] enable EVENTFD - kvm: [config] enable POSIX_MQUEUE - kvm: [config] enable MEMBARRIER - kvm: [config] enable CONNECTOR, PROC_EVENTS - kvm: [config] enable ADVISE_SYSCALLS - kvm: [config] enable SECURITY, SECURITY_APPARMOR - kvm: [config] enable DEVPTS_MULTIPLE_INSTANCES - kvm: [config] enable IP_ADVANCED_ROUTER - kvm: [config] enable RELOCATABLE, RANDOMIZE_BASE - kvm: [config] enable CC_STACKPROTECTOR_STRONG - kvm: [config] enable SELINUX, SMACK, TOMOYO, YAMA - kvm: [config] enable OPENVSWITCH [ Ubuntu: 4.4.0-102.125 ] * linux: 4.4.0-102.125 -proposed tracker (LP: #1733541) * tar -x sometimes fails on overlayfs (LP: #1728489) - ovl: check if all layers are on the same fs - ovl: persistent inode number for directories * NVMe timeout is too short (LP: #1729119) - nvme: update timeout module parameter type * Set PANIC_TIMEOUT=10 on Power Systems (LP: #1730660) - [Config]: Set PANIC_TIMEOUT=10 on ppc64el * Cannot pair BLE remote devices when using combo BT SoC (LP: #1731467) - Bluetooth: increase timeout for le auto connections * CIFS errors on 4.4.0-98, but not on 4.4.0-97 with same config (LP: #1729337) - SMB3: Validate negotiate request must always be signed * Plantronics P610 does not support sample rate reading (LP: #1719853) - ALSA: usb-audio: Add sample rate quirk for Plantronics P610 * Invalid btree pointer causes the kernel NULL pointer dereference (LP: #1729256) - xfs: reinit btree pointer on attr tree inactivation walk * Samba mount/umount in docker container triggers kernel Oops (LP: #1729637) - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER - ipv6: fix NULL dereference in ip6_route_dev_notify() * [kernel] tty/hvc: Use opal irqchip interface if available (LP: #1728098) - tty/hvc: Use opal irqchip interface if available * Device hotplugging with MPT SAS cannot work for VMWare ESXi (LP: #1730852) - scsi: mptsas: Fixup device hotplug for VMWare ESXi * NMI watchdog: BUG: soft lockup on Guest upon boot (KVM) (LP: #1727331) - KVM: PPC: Book3S: Treat VTB as a per-subcore register, not per-thread * Attempt to map rbd image from ceph jewel/luminous hangs (LP: #1728739) - crush: ensure bucket id is valid before indexing buckets array - crush: ensure take bucket value is valid - crush: add chooseleaf_stable tunable - crush: decode and initialize chooseleaf_stable - libceph: advertise support for TUNABLES5 - libceph: MOSDOpReply v7 encoding * Xenial update to 4.4.98 stable release (LP: #1732698) - adv7604: Initialize drive strength to default when using DT - video: fbdev: pmag-ba-fb: Remove bad `__init' annotation - PCI: mvebu: Handle changes to the bridge windows while enabled - xen/netback: set default upper limit of tx/rx queues to 8 - drm: drm_minor_register(): Clean up debugfs on failure - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter - iommu/arm-smmu-v3: Clear prior settings when updating STEs - powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 - ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 - crypto: vmx - disable preemption to enable vsx in aes_ctr.c - iio: trigger: free trigger resource correctly - phy: increase size of MII_BUS_ID_SIZE and bus_id - serial: sh-sci: Fix register offsets for the IRDA serial port - usb: hcd: initialize hcd->flags to 0 when rm hcd - netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family - IPsec: do not ignore crypto err in ah4 input - Input: mpr121 - handle multiple bits change of status register - Input: mpr121 - set missing event capability - IB/ipoib: Change list_del to list_del_init in the tx object - s390/qeth: issue STARTLAN as first IPA command - (config) Add NET_DSA=n - net: dsa: select NET_SWITCHDEV - platform/x86: hp-wmi: Fix detection for dock and tablet mode - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices - KEYS: trusted: sanitize all key material - KEYS: trusted: fix writing past end of buffer in trusted_read() - platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state - platform/x86: hp-wmi: Do not shadow error values - x86/uaccess, sched/preempt: Verify access_ok() context - workqueue: Fix NULL pointer dereference - crypto: x86/sha1-mb - fix panic due to unaligned access - KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] - ARM: 8720/1: ensure dump_instr() checks addr_limit - ALSA: seq: Fix OSS sysex delivery in OSS emulation - ALSA: seq: Avoid invalid lockdep class warning - MIPS: microMIPS: Fix incorrect mask in insn_table_MM - MIPS: Fix CM region target definitions - MIPS: SMP: Use a completion event to signal CPU up - MIPS: Fix race on setting and getting cpu_online_mask - MIPS: SMP: Fix deadlock & online race - test: firmware_class: report errors properly on failure - selftests: firmware: add empty string and async tests - selftests: firmware: send expected errors to /dev/null - tools: firmware: check for distro fallback udev cancel rule - MIPS: AR7: Defer registration of GPIO - MIPS: AR7: Ensure that serial ports are properly set up - Input: elan_i2c - add ELAN060C to the ACPI table - drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue - rbd: use GFP_NOIO for parent stat and data requests - can: sun4i: handle overrun in RX FIFO - can: c_can: don't indicate triple sampling support for D_CAN - x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context - PKCS#7: fix unitialized boolean 'want' - Linux 4.4.98 * ELANTECH Touchpad is not detected in 'Lenovo Ideapad 320 14AST' after fresh install (LP: #1727544) - Input: elan_i2c - add ELAN060C to the ACPI table * Xenial update to 4.4.97 stable release (LP: #1731915) - ALSA: timer: Add missing mutex lock for compat ioctls - ALSA: seq: Fix nested rwsem annotation for lockdep splat - cifs: check MaxPathNameComponentLength != 0 before using it - KEYS: return full count in keyring_read() if buffer is too small - KEYS: fix out-of-bounds read during ASN.1 parsing - ASoC: adau17x1: Workaround for noise bug in ADC - arm64: ensure __dump_instr() checks addr_limit - ARM: dts: mvebu: pl310-cache disable double-linefill - ARM: 8715/1: add a private asm/unaligned.h - ocfs2: fstrim: Fix start offset of first cluster group during fstrim - perf tools: Fix build failure on perl script context - drm/msm: Fix potential buffer overflow issue - drm/msm: fix an integer overflow test - tracing/samples: Fix creation and deletion of simple_thread_fn creation - Fix tracing sample code warning. - PM / wakeirq: report a wakeup_event on dedicated wekup irq - mmc: s3cmci: include linux/interrupt.h for tasklet_struct - ARM: pxa: Don't rely on public mmc header to include leds.h - mfd: ab8500-sysctrl: Handle probe deferral - mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped - staging: rtl8712u: Fix endian settings for structs describing network packets - ext4: fix stripe-unaligned allocations - ext4: do not use stripe_width if it is not set - i2c: riic: correctly finish transfers - drm/amdgpu: when dpm disabled, also need to stop/start vce. - perf tools: Only increase index if perf_evsel__new_idx() succeeds - cx231xx: Fix I2C on Internal Master 3 Bus - xen/manage: correct return value check on xenbus_scanf() - scsi: aacraid: Process Error for response I/O - platform/x86: intel_mid_thermal: Fix module autoload - staging: lustre: llite: don't invoke direct_IO for the EOF case - staging: lustre: hsm: stack overrun in hai_dump_data_field - staging: lustre: ptlrpc: skip lock if export failed - exynos4-is: fimc-is: Unmap region obtained by of_iomap() - mei: return error on notification request to a disconnected client - s390/dasd: check for device error pointer within state change interrupts - bt8xx: fix memory leak - xen: don't print error message in case of missing Xenstore entry - staging: r8712u: Fix Sparse warning in rtl871x_xmit.c - Linux 4.4.97 * Xenial update to 4.4.96 stable release (LP: #1731882) - workqueue: replace pool->manager_arb mutex with a flag - ALSA: hda/realtek - Add support for ALC236/ALC3204 - ALSA: hda - fix headset mic problem for Dell machines with alc236 - ceph: unlock dangling spinlock in try_flush_caps() - usb: xhci: Handle error condition in xhci_stop_device() - spi: uapi: spidev: add missing ioctl header - fuse: fix READDIRPLUS skipping an entry - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() - Input: elan_i2c - add ELAN0611 to the ACPI table - Input: gtco - fix potential out-of-bound access - assoc_array: Fix a buggy node-splitting case - scsi: zfcp: fix erp_action use-before-initialize in REC action trace - scsi: sg: Re-fix off by one in sg_fill_request_table() - can: sun4i: fix loopback mode - can: kvaser_usb: Correct return value in printout - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages - regulator: fan53555: fix I2C device ids - x86/microcode/intel: Disable late loading on model 79 - ecryptfs: fix dereference of NULL user_key_payload - Revert "drm: bridge: add DT bindings for TI ths8135" - Linux 4.4.96 * Touchpad not detected - Lenovo ideapad 320-15IKB (LP: #1723736) - Input: elan_i2c - add ELAN0611 to the ACPI table [ Ubuntu: 4.4.0-101.124 ] * linux: 4.4.0-101.124 -proposed tracker (LP: #1731264) * s390/mm: fix write access check in gup_huge_pmd() (LP: #1730596) - s390/mm: fix write access check in gup_huge_pmd() -- Kamal Mostafa Tue, 28 Nov 2017 09:42:13 -0800 linux-kvm (4.4.0-1010.15) xenial; urgency=low * linux-kvm: 4.4.0-1010.15 -proposed tracker (LP: #1729287) * linux-kvm needs CONFIG_USER_NS (LP: #1729023) - kvm: [config] enable USER_NS * no network after boot (LP: #1724359) - kvm: [config] enable DMI, DMIID * lack of random bits on linux-kvm (LP: #1729021) - kvm: [config] enable HW_RANDOM * lxd fails to run on linux-kvm (LP: #1723527) - kvm: [config] enable BRIDGE, NETFILTER, IPTABLES [ Ubuntu: 4.4.0-100.123 ] * linux: 4.4.0-100.123 -proposed tracker (LP: #1729273) * Xenial update to 4.4.95 stable release (LP: #1729107) - USB: devio: Revert "USB: devio: Don't corrupt user memory" - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() - USB: serial: metro-usb: add MS7820 device id - usb: cdc_acm: Add quirk for Elatec TWN3 - usb: quirks: add quirk for WORLDE MINI MIDI keyboard - usb: hub: Allow reset retry for USB2 devices on connect bounce - ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital - can: gs_usb: fix busy loop if no more TX context is available - usb: musb: sunxi: Explicitly release USB PHY on exit - usb: musb: Check for host-mode using is_host_active() on reset interrupt - can: esd_usb2: Fix can_dlc value for received RTR, frames - drm/nouveau/bsp/g92: disable by default - drm/nouveau/mmu: flush tlbs before deleting page tables - ALSA: seq: Enable 'use' locking in all configurations - ALSA: hda: Remove superfluous '-' added by printk conversion - i2c: ismt: Separate I2C block read from SMBus block read - brcmsmac: make some local variables 'static const' to reduce stack size - bus: mbus: fix window size calculation for 4GB windows - clockevents/drivers/cs5535: Improve resilience to spurious interrupts - rtlwifi: rtl8821ae: Fix connection lost problem - KEYS: encrypted: fix dereference of NULL user_key_payload - lib/digsig: fix dereference of NULL user_key_payload - KEYS: don't let add_key() update an uninstantiated key - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. - parisc: Avoid trashing sr2 and sr3 in LWS code - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task() - f2fs crypto: replace some BUG_ON()'s with error checks - f2fs crypto: add missing locking for keyring_key access - fscrypt: fix dereference of NULL user_key_payload - KEYS: Fix race between updating and finding a negative key - fscrypto: require write access to mount to set encryption policy - FS-Cache: fix dereference of NULL user_key_payload - Linux 4.4.95 * Xenial update to 4.4.94 stable release (LP: #1729105) - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts - drm/dp/mst: save vcpi with payloads - MIPS: Fix minimum alignment requirement of IRQ stack - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() - bpf/verifier: reject BPF_ALU64|BPF_END - udpv6: Fix the checksum computation when HW checksum does not apply - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header - net: emac: Fix napi poll list corruption - packet: hold bind lock when rebinding to fanout hook - bpf: one perf event close won't free bpf program attached by another perf event - isdn/i4l: fetch the ppp_write buffer in one shot - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit - l2tp: Avoid schedule while atomic in exit_net - l2tp: fix race condition in l2tp_tunnel_delete - tun: bail out from tun_get_user() if the skb is empty - packet: in packet_do_bind, test fanout with bind_lock held - packet: only test po->has_vnet_hdr once in packet_snd - net: Set sk_prot_creator when cloning sockets to the right proto - tipc: use only positive error codes in messages - Revert "bsg-lib: don't free job in bsg_prepare_job" - locking/lockdep: Add nest_lock integrity test - watchdog: kempld: fix gcc-4.3 build - irqchip/crossbar: Fix incorrect type of local variables - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length - mac80211: fix power saving clients handling in iwlwifi - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value. - iio: adc: xilinx: Fix error handling - Btrfs: send, fix failure to rename top level inode due to name collision - f2fs: do not wait for writeback in write_begin - md/linear: shutup lockdep warnning - sparc64: Migrate hvcons irq to panicked cpu - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs - crypto: xts - Add ECB dependency - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock - slub: do not merge cache if slub_debug contains a never-merge flag - scsi: scsi_dh_emc: return success in clariion_std_inquiry() - net: mvpp2: release reference to txq_cpu[] entry after unmapping - i2c: at91: ensure state is restored after suspending - ceph: clean up unsafe d_parent accesses in build_dentry_path - uapi: fix linux/rds.h userspace compilation errors - uapi: fix linux/mroute6.h userspace compilation errors - target/iscsi: Fix unsolicited data seq_end_offset calculation - nfsd/callback: Cleanup callback cred on shutdown - cpufreq: CPPC: add ACPI_PROCESSOR dependency - Revert "tty: goldfish: Fix a parameter of a call to free_irq" - Linux 4.4.94 [ Ubuntu: 4.4.0-99.122 ] * linux: 4.4.0-99.122 -proposed tracker (LP: #1728945) * Remove vmbus-rdma driver from Xenial kernel (LP: #1721538) - SAUCE: remove hv_network_direct driver - [Config]: Remove hv_network_direct driver * usb 3-1: 2:1: cannot get freq at ep 0x1 (LP: #1708499) - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M * Plantronics Blackwire C520-M - Cannot get freq at ep 0x1, 0x81 (LP: #1709282) - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M * wait-for-root fails to detect nbd root (LP: #696435) - nbd: Create size change events for userspace * Fix OpenNSL GPL bugs found by CoverityScan static analysis (LP: #1718388) - SAUCE: opennsl: bcm-knet: check for null sinfo to avoid a null pointer dereference - SAUCE: opennsl: bcm-knet: remove redundant null checks on dev->name - SAUCE: opennsl: bde: check for out-of-bounds index io.dev * HID: multitouch: Correct ALPS PTP Stick and Touchpad devices ID (LP: #1722719) - Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A" * Xenial update to 4.4.93 stable release (LP: #1724836) - brcmfmac: add length check in brcmf_cfg80211_escan_handler() - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets - CIFS: Reconnect expired SMB sessions - nl80211: Define policy for packet pattern attributes - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD - rcu: Allow for page faults in NMI handlers - USB: dummy-hcd: Fix deadlock caused by disconnect detection - MIPS: math-emu: Remove pr_err() calls from fpu_emu() - dmaengine: edma: Align the memcpy acnt array size with the transfer - HID: usbhid: fix out-of-bounds bug - crypto: shash - Fix zero-length shash ahash digest crash - KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet - iommu/amd: Finish TLB flush in amd_iommu_unmap() - ALSA: usb-audio: Kill stray URB at exiting - ALSA: seq: Fix use-after-free at creating a port - ALSA: seq: Fix copy_from_user() call inside lock - ALSA: caiaq: Fix stray URB at probe error path - ALSA: line6: Fix leftover URB at error-path during probe - usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options - direct-io: Prevent NULL pointer access in submit_page_section - fix unbalanced page refcounting in bio_map_user_iov - USB: serial: ftdi_sio: add id for Cypress WICED dev board - USB: serial: cp210x: add support for ELV TFD500 - USB: serial: option: add support for TP-Link LTE module - Revert "UBUNTU: SAUCE: USB: serial: qcserial: add Dell DW5818, DW5819" - USB: serial: qcserial: add Dell DW5818, DW5819 - USB: serial: console: fix use-after-free after failed setup - x86/alternatives: Fix alt_max_short macro to really be a max() - Linux 4.4.93 * NULL pointer dereference in tty_write() in kernel 4.4.0-93.116+ (LP: #1721065) - tty: Prepare for destroying line discipline on hangup * Xenial update to 4.4.92 stable release (LP: #1724783) - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write - USB: gadgetfs: Fix crash caused by inadequate synchronization - USB: gadgetfs: fix copy_to_user while holding spinlock - usb: gadget: udc: atmel: set vbus irqflags explicitly - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor - usb: pci-quirks.c: Corrected timeout values used in handshake - USB: dummy-hcd: fix connection failures (wrong speed) - USB: dummy-hcd: fix infinite-loop resubmission bug - USB: dummy-hcd: Fix erroneous synchronization change - USB: devio: Don't corrupt user memory - usb: gadget: mass_storage: set msg_registered after msg registered - USB: g_mass_storage: Fix deadlock when driver is unbound - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak - ALSA: compress: Remove unused variable - ALSA: usx2y: Suppress kernel warning at page allocation failures - driver core: platform: Don't read past the end of "driver_override" buffer - Drivers: hv: fcopy: restore correct transfer length - stm class: Fix a use-after-free - ftrace: Fix kmemleak in unregister_ftrace_graph - HID: i2c-hid: allocate hid buffers for real worst case - iwlwifi: add workaround to disable wide channels in 5GHz - scsi: sd: Do not override max_sectors_kb sysfs setting - USB: uas: fix bug in handling of alternate settings - USB: core: harden cdc_parse_cdc_header - usb: Increase quirk delay for USB devices - USB: fix out-of-bounds in usb_set_configuration - xhci: fix finding correct bus_state structure for USB 3.1 hosts - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' - iio: ad_sigma_delta: Implement a dedicated reset function - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack. - iio: core: Return error for failed read_reg - iio: ad7793: Fix the serial interface reset - iio: adc: mcp320x: Fix readout of negative voltages - iio: adc: mcp320x: Fix oops on module unload - uwb: properly check kthread_run return value - uwb: ensure that endpoint is interrupt - brcmfmac: setup passive scan if requested by user-space - drm/i915/bios: ignore HDMI on port A - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs - ext4: fix data corruption for mmap writes - ext4: Don't clear SGID when inheriting ACLs - ext4: don't allow encrypted operations without keys - Linux 4.4.92 * Xenial update to 4.4.91 stable release (LP: #1724772) - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define - drm: bridge: add DT bindings for TI ths8135 - GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next - RDS: RDMA: Fix the composite message user notification - ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes - MIPS: Ensure bss section ends on a long-aligned address - MIPS: ralink: Fix incorrect assignment on ralink_soc - igb: re-assign hw address pointer on reset after PCI error - extcon: axp288: Use vbus-valid instead of -present to determine cable presence - sh_eth: use correct name for ECMR_MPDE bit - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications - iio: adc: hx711: Add DT binding for avia,hx711 - ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM - tty: goldfish: Fix a parameter of a call to free_irq - IB/ipoib: Fix deadlock over vlan_mutex - IB/ipoib: rtnl_unlock can not come after free_netdev - IB/ipoib: Replace list_del of the neigh->list with list_del_init - drm/amdkfd: fix improper return value on error - USB: serial: mos7720: fix control-message error handling - USB: serial: mos7840: fix control-message error handling - partitions/efi: Fix integer overflow in GPT size calculation - ASoC: dapm: handle probe deferrals - audit: log 32-bit socketcalls - usb: chipidea: vbus event may exist before starting gadget - ASoC: dapm: fix some pointer error handling - MIPS: Lantiq: Fix another request_mem_region() return code check - net: core: Prevent from dereferencing null pointer when releasing SKB - net/packet: check length in getsockopt() called with PACKET_HDRLEN - team: fix memory leaks - usb: plusb: Add support for PL-27A1 - mmc: sdio: fix alignment issue in struct sdio_func - bridge: netlink: register netdevice before executing changelink - netfilter: invoke synchronize_rcu after set the _hook_ to NULL - MIPS: IRQ Stack: Unwind IRQ stack onto task stack - exynos-gsc: Do not swap cb/cr for semi planar formats - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max - parisc: perf: Fix potential NULL pointer dereference - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it - rds: ib: add error handle - md/raid10: submit bio directly to replacement disk - i2c: meson: fix wrong variable usage in meson_i2c_put_data - xfs: remove kmem_zalloc_greedy - libata: transport: Remove circular dependency at free time - drivers: firmware: psci: drop duplicate const from psci_of_match - IB/qib: fix false-postive maybe-uninitialized warning - ARM: remove duplicate 'const' annotations' - ALSA: au88x0: avoid theoretical uninitialized access - ttpci: address stringop overflow warning - Linux 4.4.91 -- Kleber Sacilotto de Souza Fri, 03 Nov 2017 12:33:41 +0100 linux-kvm (4.4.0-1009.14) xenial; urgency=low * linux-kvm: 4.4.0-1009.14 -proposed tracker (LP: #1722310) [ Ubuntu: 4.4.0-98.121 ] * linux: 4.4.0-98.121 -proposed tracker (LP: #1722299) * Controller lockup detected on ProLiant DL380 Gen9 with P440 Controller (LP: #1720359) - scsi: hpsa: limit transfer length to 1MB * [Dell Docking IE][0bda:8153] Realtek USB Ethernet leads to system hang (LP: #1720977) - r8152: fix the list rx_done may be used without initialization * Add installer support for Broadcom BCM573xx network drivers. (LP: #1720466) - d-i: Add bnxt_en to nic-modules. * snapcraft.yaml: add dpkg-dev to the build deps (LP: #1718886) - snapcraft.yaml: add dpkg-dev to the build deps * Support setting I2C_TIMEOUT via ioctl for i2c-designware (LP: #1718578) - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT * 5U84 - ses driver isn't binding right - cannot blink lights on 1 of the 2 5u84 (LP: #1693369) - scsi_transport_sas: add function to get SAS endpoint address - ses: fix discovery of SATA devices in SAS enclosures - scsi: sas: provide stub implementation for scsi_is_sas_rphy - scsi: ses: Fix SAS device detection in enclosure * multipath -ll is not showing the disks which are actually multipath (LP: #1718397) - fs: aio: fix the increment of aio-nr and counting against aio-max-nr * Support Dell Wireless DW5819/5818 WWAN devices (LP: #1721455) - SAUCE: USB: serial: qcserial: add Dell DW5818, DW5819 * CVE-2017-10911 - xen-blkback: don't leak stack data via response ring * implement 'complain mode' in seccomp for developer mode with snaps (LP: #1567597) - seccomp: Provide matching filter for introspection - seccomp: Sysctl to display available actions - seccomp: Operation for checking if an action is available - seccomp: Sysctl to configure actions that are allowed to be logged - seccomp: Selftest for detection of filter flag support - seccomp: Action to log before allowing * implement errno action logging in seccomp for strict mode with snaps (LP: #1721676) - seccomp: Provide matching filter for introspection - seccomp: Sysctl to display available actions - seccomp: Operation for checking if an action is available - seccomp: Sysctl to configure actions that are allowed to be logged - seccomp: Selftest for detection of filter flag support - seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW * [Xenial] update OpenNSL kernel modules to 6.5.10 (LP: #1721511) - SAUCE: update OpenNSL kernel modules to 6.5.10 * Xenial update to 4.4.90 stable release (LP: #1721550) - cifs: release auth_key.response for reconnect. - mac80211: flush hw_roc_start work before cancelling the ROC - KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() - tracing: Fix trace_pipe behavior for instance traces - tracing: Erase irqsoff trace with empty write - md/raid5: fix a race condition in stripe batch - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly - crypto: talitos - Don't provide setkey for non hmac hashing algs. - crypto: talitos - fix sha224 - KEYS: fix writing past end of user-supplied buffer in keyring_read() - KEYS: prevent creating a different user's keyrings - KEYS: prevent KEYCTL_READ on negative key - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() - Fix SMB3.1.1 guest authentication to Samba - SMB: Validate negotiate (to protect against downgrade) even if signing off - SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets - nl80211: check for the required netlink attributes presence - bsg-lib: don't free job in bsg_prepare_job - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() - arm64: Make sure SPsel is always set - arm64: fault: Route pte translation faults via do_translation_fault - KVM: VMX: Do not BUG() on out-of-bounds guest IRQ - kvm: nVMX: Don't allow L2 to access the hardware CR8 - PCI: Fix race condition with driver_override - btrfs: fix NULL pointer dereference from free_reloc_roots() - btrfs: propagate error to btrfs_cmp_data_prepare caller - btrfs: prevent to set invalid default subvolid - x86/fpu: Don't let userspace set bogus xcomp_bv - gfs2: Fix debugfs glocks dump - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 - KVM: VMX: do not change SN bit in vmx_update_pi_irte() - KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt - cxl: Fix driver use count - dmaengine: mmp-pdma: add number of requestors - ARM: pxa: add the number of DMA requestor lines - ARM: pxa: fix the number of DMA requestor lines - KVM: VMX: use cmpxchg64 - video: fbdev: aty: do not leak uninitialized padding in clk to userspace - swiotlb-xen: implement xen_swiotlb_dma_mmap callback - fix xen_swiotlb_dma_mmap prototype - Linux 4.4.90 * Xenial update to 4.4.89 stable release (LP: #1721477) - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() - ipv6: add rcu grace period before freeing fib6_node - ipv6: fix sparse warning on rt6i_node - qlge: avoid memcpy buffer overflow - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" - Revert "net: use lib/percpu_counter API for fragmentation mem accounting" - Revert "net: fix percpu memory leaks" - gianfar: Fix Tx flow control deactivation - ipv6: fix memory leak with multiple tables during netns destruction - ipv6: fix typo in fib6_net_exit() - f2fs: check hot_data for roll-forward recovery - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps - md/raid5: release/flush io in raid5_do_work() - nfsd: Fix general protection fault in release_lock_stateid() - mm: prevent double decrease of nr_reserved_highatomic - tty: improve tty_insert_flip_char() fast path - tty: improve tty_insert_flip_char() slow path - tty: fix __tty_insert_flip_char regression - Input: i8042 - add Gigabyte P57 to the keyboard reset table - MIPS: math-emu: .: Fix quiet NaN propagation - MIPS: math-emu: .: Fix cases of both inputs zero - MIPS: math-emu: .: Fix cases of both inputs negative - MIPS: math-emu: .: Fix cases of input values with opposite signs - MIPS: math-emu: .: Fix cases of both infinite inputs - MIPS: math-emu: MINA.: Fix some cases of infinity and zero inputs - crypto: AF_ALG - remove SGL terminator indicator when chaining - ext4: fix incorrect quotaoff if the quota feature is enabled - ext4: fix quota inconsistency during orphan cleanup for read-only mounts - powerpc: Fix DAR reporting when alignment handler faults - block: Relax a check in blk_start_queue() - md/bitmap: disable bitmap_resize for file-backed bitmaps. - skd: Avoid that module unloading triggers a use-after-free - skd: Submit requests to firmware before triggering the doorbell - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead - scsi: storvsc: fix memory leak on ring buffer busy - scsi: sg: remove 'save_scat_len' - scsi: sg: use standard lists for sg_requests - scsi: sg: off by one in sg_ioctl() - scsi: sg: factor out sg_fill_request_table() - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE - scsi: qla2xxx: Fix an integer overflow in sysfs code - ftrace: Fix selftest goto location on error - tracing: Apply trace_clock changes to instance max buffer - ARC: Re-enable MMU upon Machine Check exception - PCI: shpchp: Enable bridge bus mastering if MSI is enabled - media: v4l2-compat-ioctl32: Fix timespec conversion - media: uvcvideo: Prevent heap overflow when accessing mapped controls - bcache: initialize dirty stripes in flash_dev_run() - bcache: Fix leak of bdev reference - bcache: do not subtract sectors_to_gc for bypassed IO - bcache: correct cache_dirty_target in __update_writeback_rate() - bcache: Correct return value for sysfs attach errors - bcache: fix for gc and write-back race - bcache: fix bch_hprint crash and improve output - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled - Linux 4.4.89 * ETPS/2 Elantech Touchpad inconsistently detected (Gigabyte P57W laptop) (LP: #1594214) - Input: i8042 - add Gigabyte P57 to the keyboard reset table * Xenial update to 4.4.88 stable release (LP: #1718195) - usb: quirks: add delay init quirk for Corsair Strafe RGB keyboard - USB: serial: option: add support for D-Link DWM-157 C1 - usb: Add device quirk for Logitech HD Pro Webcam C920-C - usb:xhci:Fix regression when ATI chipsets detected - USB: core: Avoid race of async_completed() w/ usbdev_release() - staging/rts5208: fix incorrect shift to extract upper nybble - driver core: bus: Fix a potential double free - intel_th: pci: Add Cannon Lake PCH-H support - intel_th: pci: Add Cannon Lake PCH-LP support - ath10k: fix memory leak in rx ring buffer allocation - rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter - Bluetooth: Add support of 13d3:3494 RTL8723BE device - dlm: avoid double-free on error path in dlm_device_{register,unregister} - mwifiex: correct channel stat buffer overflows - drm/nouveau/pci/msi: disable MSI on big-endian platforms by default - workqueue: Fix flag collision - cs5536: add support for IDE controller variant - scsi: sg: protect against races between mmap() and SG_SET_RESERVED_SIZE - scsi: sg: recheck MMAP_IO request length with lock held - drm: adv7511: really enable interrupts for EDID detection - drm/bridge: adv7511: Fix mutex deadlock when interrupts are disabled - drm/bridge: adv7511: Use work_struct to defer hotplug handing to out of irq context - drm/bridge: adv7511: Switch to using drm_kms_helper_hotplug_event() - drm/bridge: adv7511: Re-write the i2c address before EDID probing - btrfs: resume qgroup rescan on rw remount - locktorture: Fix potential memory leak with rw lock test - ALSA: msnd: Optimize / harden DSP and MIDI loops - ARM: 8692/1: mm: abort uaccess retries upon fatal signal - NFS: Fix 2 use after free issues in the I/O code - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present - Linux 4.4.88 * Kernel has troule recognizing Corsair Strafe RGB keyboard (LP: #1678477) - usb: quirks: add delay init quirk for Corsair Strafe RGB keyboard -- Thadeu Lima de Souza Cascardo Wed, 11 Oct 2017 16:15:12 -0300 linux-kvm (4.4.0-1008.13) xenial; urgency=low * linux-kvm: 4.4.0-1008.13 -proposed tracker (LP: #1718157) [ Ubuntu: 4.4.0-97.120 ] * linux: 4.4.0-97.120 -proposed tracker (LP: #1718149) * blk-mq: possible deadlock on CPU hot(un)plug (LP: #1670634) - [Config] s390x -- disable CONFIG_{DM, SCSI}_MQ_DEFAULT * Xenial update to 4.4.87 stable release (LP: #1715678) - irqchip: mips-gic: SYNC after enabling GIC region - i2c: ismt: Don't duplicate the receive length for block reads - i2c: ismt: Return EMSGSIZE for block reads with bogus length - ceph: fix readpage from fscache - cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs - cpuset: Fix incorrect memory_pressure control file mapping - alpha: uapi: Add support for __SANE_USERSPACE_TYPES__ - CIFS: remove endian related sparse warning - wl1251: add a missing spin_lock_init() - xfrm: policy: check policy direction value - drm/ttm: Fix accounting error when fail to get pages for pool - kvm: arm/arm64: Fix race in resetting stage2 PGD - kvm: arm/arm64: Force reading uncached stage2 PGD - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() - crypto: algif_skcipher - only call put_page on referenced and used pages - Linux 4.4.87 * Xenial update to 4.4.86 stable release (LP: #1715430) - scsi: isci: avoid array subscript warning - ALSA: au88x0: Fix zero clear of stream->resources - btrfs: remove duplicate const specifier - i2c: jz4780: drop superfluous init - gcov: add support for gcc version >= 6 - gcov: support GCC 7.1 - lightnvm: initialize ppa_addr in dev_to_generic_addr() - p54: memset(0) whole array - lpfc: Fix Device discovery failures during switch reboot test. - arm64: mm: abort uaccess retries upon fatal signal - x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl - arm64: fpsimd: Prevent registers leaking across exec - scsi: sg: protect accesses to 'reserved' page array - scsi: sg: reset 'res_in_use' after unlinking reserved array - drm/i915: fix compiler warning in drivers/gpu/drm/i915/intel_uncore.c - Linux 4.4.86 * Xenial update to 4.4.85 stable release (LP: #1714298) - af_key: do not use GFP_KERNEL in atomic contexts - dccp: purge write queue in dccp_destroy_sock() - dccp: defer ccid_hc_tx_delete() at dismantle time - ipv4: fix NULL dereference in free_fib_info_rcu() - net_sched/sfq: update hierarchical backlog when drop packet - ipv4: better IP_MAX_MTU enforcement - sctp: fully initialize the IPv6 address in sctp_v6_to_addr() - tipc: fix use-after-free - ipv6: reset fn->rr_ptr when replacing route - ipv6: repair fib6 tree in failure case - tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP - irda: do not leak initialized list.dev to userspace - net: sched: fix NULL pointer dereference when action calls some targets - net_sched: fix order of queue length updates in qdisc_replace() - mei: me: add broxton pci device ids - mei: me: add lewisburg device ids - Input: trackpoint - add new trackpoint firmware ID - Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310 - ALSA: core: Fix unexpected error at replacing user TLV - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) - ARCv2: PAE40: Explicitly set MSB counterpart of SLC region ops addresses - i2c: designware: Fix system suspend - drm: Release driver tracking before making the object available again - drm/atomic: If the atomic check fails, return its value first - drm: rcar-du: lvds: Fix PLL frequency-related configuration - drm: rcar-du: lvds: Rename PLLEN bit to PLLON - drm: rcar-du: Fix crash in encoder failure error path - drm: rcar-du: Fix display timing controller parameter - drm: rcar-du: Fix H/V sync signal polarity configuration - tracing: Fix freeing of filter in create_filter() when set_str is false - cifs: Fix df output for users with quota limits - cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup() - nfsd: Limit end of page list when decoding NFSv4 WRITE - perf/core: Fix group {cpu,task} validation - Bluetooth: hidp: fix possible might sleep error in hidp_session_thread - Bluetooth: cmtp: fix possible might sleep error in cmtp_session - Bluetooth: bnep: fix possible might sleep error in bnep_session - binder: use group leader instead of open thread - binder: Use wake up hint for synchronous transactions. - ANDROID: binder: fix proc->tsk check. - iio: imu: adis16480: Fix acceleration scale factor for adis16480 - iio: hid-sensor-trigger: Fix the race with user space powering up sensors - staging: rtl8188eu: add RNX-N150NUB support - ASoC: simple-card: don't fail if sysclk setting is not supported - ASoC: rsnd: disable SRC.out only when stop timing - ASoC: rsnd: avoid pointless loop in rsnd_mod_interrupt() - ASoC: rsnd: Add missing initialization of ADG req_rate - ASoC: rsnd: ssi: 24bit data needs right-aligned settings - ASoC: rsnd: don't call update callback if it was NULL - ntb_transport: fix qp count bug - ntb_transport: fix bug calculating num_qps_mw - ACPI: ioapic: Clear on-stack resource before using it - ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal - Linux 4.4.85 * Xenial update to 4.4.84 stable release (LP: #1713729) - audit: Fix use after free in audit_remove_watch_rule() - parisc: pci memory bar assignment fails with 64bit kernels on dino/cujo - crypto: x86/sha1 - Fix reads beyond the number of blocks passed - Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB - ALSA: seq: 2nd attempt at fixing race creating a queue - Revert "UBUNTU: SAUCE: (no-up) ALSA: usb-audio: Add quirk for sennheiser officerunner" - ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset - ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices - mm/mempolicy: fix use after free when calling get_mempolicy - xen: fix bio vec merging - x86/asm/64: Clear AC on NMI entries - irqchip/atmel-aic: Fix unbalanced of_node_put() in aic_common_irq_fixup() - irqchip/atmel-aic: Fix unbalanced refcount in aic_common_rtc_irq_fixup() - Sanitize 'move_pages()' permission checks - pids: make task_tgid_nr_ns() safe - perf/x86: Fix LBR related crashes on Intel Atom - usb: optimize acpi companion search for usb port devices - usb: qmi_wwan: add D-Link DWM-222 device ID - Linux 4.4.84 * Intel i40e PF reset due to incorrect MDD detection (LP: #1713553) - i40e: Limit TX descriptor count in cases where frag size is greater than 16K * Neighbour confirmation broken, breaks ARP cache aging (LP: #1715812) - sock: add sk_dst_pending_confirm flag - net: add dst_pending_confirm flag to skbuff - sctp: add dst_pending_confirm flag - tcp: replace dst_confirm with sk_dst_confirm - net: add confirm_neigh method to dst_ops - net: use dst_confirm_neigh for UDP, RAW, ICMP, L2TP - net: pending_confirm is not used anymore * CVE-2017-14106 - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 * [CIFS] Fix maximum SMB2 header size (LP: #1713884) - CIFS: Fix maximum SMB2 header size * Middle button of trackpoint doesn't work (LP: #1715271) - Input: trackpoint - assume 3 buttons when buttons detection fails * kernel BUG at /build/linux-lts-xenial-_hWfOZ/linux-lts- xenial-4.4.0/security/apparmor/include/context.h:69! (LP: #1626984) - SAUCE: fix oops when disabled and module parameters, are accessed * Touchpad not detected (LP: #1708852) - Input: elan_i2c - add ELAN0608 to the ACPI table -- Kleber Sacilotto de Souza Wed, 20 Sep 2017 14:56:32 +0200 linux-kvm (4.4.0-1007.12) xenial; urgency=low * linux-kvm: 4.4.0-1007.12 -proposed tracker (LP: #1716622) [ Ubuntu: 4.4.0-96.119 ] * linux: 4.4.0-96.119 -proposed tracker (LP: #1716613) * kernel panic -not syncing: Fatal exception: panic_on_oops (LP: #1708399) - s390/mm: no local TLB flush for clearing-by-ASCE IDTE - SAUCE: s390/mm: fix local TLB flushing vs. detach of an mm address space - SAUCE: s390/mm: fix race on mm->context.flush_mm * CVE-2017-1000251 - Bluetooth: Properly check L2CAP config option output buffer length -- Stefan Bader Tue, 12 Sep 2017 20:10:48 +0200 linux-kvm (4.4.0-1006.11) xenial; urgency=low * linux-kvm: 4.4.0-1006.11 -proposed tracker (LP: #1715659) [ Ubuntu: 4.4.0-95.118 ] * linux: 4.4.0-95.118 -proposed tracker (LP: #1715651) * Xenial update to 4.4.78 stable release broke Address Sanitizer (LP: #1715636) - mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes -- Kleber Sacilotto de Souza Fri, 08 Sep 2017 13:46:54 +0200 linux-kvm (4.4.0-1005.10) xenial; urgency=low * linux-kvm: 4.4.0-1005.10 -proposed tracker (LP: #1713469) * Include Broadcom GPL modules in Xenial Kernel (LP: #1665783) - [config] update config for master changes * Backport more recent Broadcom bnxt_en driver (LP: #1711056) - [config] update config for master changes [ Ubuntu: 4.4.0-94.117 ] * linux: 4.4.0-94.117 -proposed tracker (LP: #1713462) * mwifiex causes kernel oops when AP mode is enabled (LP: #1712746) - SAUCE: net/wireless: do not dereference invalid pointer - SAUCE: mwifiex: do not dereference invalid pointer * Backport more recent Broadcom bnxt_en driver (LP: #1711056) - SAUCE: bnxt_en_bpo: Import bnxt_en driver version 1.8.1 - SAUCE: bnxt_en_bpo: Drop distro out-of-tree detection logic - SAUCE: bnxt_en_bpo: Remove unnecessary compile flags - SAUCE: bnxt_en_bpo: Move config settings to Kconfig - SAUCE: bnxt_en_bpo: Remove PCI_IDs handled by the regular driver - SAUCE: bnxt_en_bpo: Rename the backport driver to bnxt_en_bpo - bnxt_en_bpo: [Config] Enable CONFIG_BNXT_BPO=m * HID: multitouch: Support ALPS PTP Stick and Touchpad devices (LP: #1712481) - HID: multitouch: Support PTP Stick and Touchpad device - SAUCE: HID: multitouch: Support ALPS PTP stick with pid 0x120A * igb: Support using Broadcom 54616 as PHY (LP: #1712024) - SAUCE: igb: add support for using Broadcom 54616 as PHY * IPR driver causes multipath to fail paths/stuck IO on Medium Errors (LP: #1682644) - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION * accessing /dev/hvc1 with stress-ng on Ubuntu xenial causes crash (LP: #1711401) - tty/hvc: Use IRQF_SHARED for OPAL hvc consoles * memory-hotplug test needs to be fixed (LP: #1710868) - selftests: typo correction for memory-hotplug test - selftests: check hot-pluggagble memory for memory-hotplug test - selftests: check percentage range for memory-hotplug test - selftests: add missing test name in memory-hotplug test - selftests: fix memory-hotplug test * HP lt4132 LTE/HSPA+ 4G Module (03f0:a31d) does not work (LP: #1707643) - net: cdc_mbim: apply "NDP to end" quirk to HP lt4132 * Migrating KSM page causes the VM lock up as the KSM page merging list is too large (LP: #1680513) - ksm: introduce ksm_max_page_sharing per page deduplication limit - ksm: fix use after free with merge_across_nodes = 0 - ksm: cleanup stable_node chain collapse case - ksm: swap the two output parameters of chain/chain_prune - ksm: optimize refile of stable_node_dup at the head of the chain * sort ABI files with C.UTF-8 locale (LP: #1712345) - [Packaging] sort ABI files with C.UTF-8 locale * Include Broadcom GPL modules in Xenial Kernel (LP: #1665783) - [Config] OpenNSL Kconfig/Makefile - Import OpenNSL v3.1.0.17 - [Config] CONFIG_OPENNSL=y for amd64 - OpenNSL: Enable Kconfig and build - SAUCE: opennsl: add proper CFLAGS * Xenial update to 4.4.83 stable release (LP: #1711557) - cpuset: fix a deadlock due to incomplete patching of cpusets_enabled() - mm: ratelimit PFNs busy info message - iscsi-target: fix memory leak in iscsit_setup_text_cmd() - iscsi-target: Fix iscsi_np reset hung task during parallel delete - fuse: initialize the flock flag in fuse_file on allocation - nfs/flexfiles: fix leak of nfs4_ff_ds_version arrays - USB: serial: option: add D-Link DWM-222 device ID - USB: serial: cp210x: add support for Qivicon USB ZigBee dongle - USB: serial: pl2303: add new ATEN device id - usb: musb: fix tx fifo flush handling again - USB: hcd: Mark secondary HCD as dead if the primary one died - staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read - iio: accel: bmc150: Always restore device to normal mode after suspend- resume - iio: light: tsl2563: use correct event code - uas: Add US_FL_IGNORE_RESIDUE for Initio Corporation INIC-3069 - USB: Check for dropped connection before switching to full speed - usb: core: unlink urbs from the tail of the endpoint's urb_list - usb: quirks: Add no-lpm quirk for Moshi USB to Ethernet Adapter - usb:xhci:Add quirk for Certain failing HP keyboard on reset after resume - iio: adc: vf610_adc: Fix VALT selection value for REFSEL bits - pnfs/blocklayout: require 64-bit sector_t - pinctrl: sunxi: add a missing function of A10/A20 pinctrl driver - pinctrl: samsung: Remove bogus irq_[un]mask from resource management - Linux 4.4.83 * Xenial update to 4.4.82 stable release (LP: #1711535) - tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states - net: fix keepalive code vs TCP_FASTOPEN_CONNECT - bpf, s390: fix jit branch offset related to ldimm64 - net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target - tcp: fastopen: tcp_connect() must refresh the route - net: avoid skb_warn_bad_offload false positives on UFO - sparc64: Prevent perf from running during super critical sections - KVM: arm/arm64: Handle hva aging while destroying the vm - mm/mempool: avoid KASAN marking mempool poison checks as use-after-free - Linux 4.4.82 * Xenial update to 4.4.81 stable release (LP: #1711526) - libata: array underflow in ata_find_dev() - workqueue: restore WQ_UNBOUND/max_active==1 to be ordered - ALSA: hda - Fix speaker output from VAIO VPCL14M1R - ASoC: do not close shared backend dailink - KVM: async_pf: make rcu irq exit if not triggered from idle task - mm/page_alloc: Remove kernel address exposure in free_reserved_area() - ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize - ext4: fix overflow caused by missing cast in ext4_resize_fs() - ARM: dts: armada-38x: Fix irq type for pca955 - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl - target: Avoid mappedlun symlink creation during lun shutdown - iscsi-target: Always wait for kthread_should_stop() before kthread exit - iscsi-target: Fix early sk_data_ready LOGIN_FLAGS_READY race - iscsi-target: Fix initial login PDU asynchronous socket close OOPs - iscsi-target: Fix delayed logout processing greater than SECONDS_FOR_LOGOUT_COMP - iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done - mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries - media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds - f2fs: sanity check checkpoint segno and blkoff - drm: rcar-du: fix backport bug - saa7164: fix double fetch PCIe access condition - ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check() - net: Zero terminate ifr_name in dev_ifname(). - ipv6: avoid overflow of offset in ip6_find_1stfragopt - ipv4: initialize fib_trie prior to register_netdev_notifier call. - rtnetlink: allocate more memory for dev_set_mac_address() - mcs7780: Fix initialization when CONFIG_VMAP_STACK is enabled - openvswitch: fix potential out of bound access in parse_ct - packet: fix use-after-free in prb_retire_rx_blk_timer_expired() - ipv6: Don't increase IPSTATS_MIB_FRAGFAILS twice in ip6_fragment() - net: ethernet: nb8800: Handle all 4 RGMII modes identically - dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly - dccp: fix a memleak that dccp_ipv4 doesn't put reqsk properly - dccp: fix a memleak for dccp_feat_init err process - sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}() - sctp: fix the check for _sctp_walk_params and _sctp_walk_errors - net/mlx5: Fix command bad flow on command entry allocation failure - net: phy: Correctly process PHY_HALTED in phy_stop_machine() - net: phy: Fix PHY unbind crash - xen-netback: correctly schedule rate-limited queues - sparc64: Measure receiver forward progress to avoid send mondo timeout - wext: handle NULL extra data in iwe_stream_add_point better - sh_eth: R8A7740 supports packet shecksumming - net: phy: dp83867: fix irq generation - tg3: Fix race condition in tg3_get_stats64(). - x86/boot: Add missing declaration of string functions - phy state machine: failsafe leave invalid RUNNING state - scsi: qla2xxx: Get mutex lock before checking optrom_state - drm/virtio: fix framebuffer sparse warning - virtio_blk: fix panic in initialization error path - ARM: 8632/1: ftrace: fix syscall name matching - mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER - lib/Kconfig.debug: fix frv build failure - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. - mm: don't dereference struct page fields of invalid pages - workqueue: implicit ordered attribute should be overridable - Linux 4.4.81 * Xenial update to 4.4.80 stable release (LP: #1710646) - af_key: Add lock to key dump - pstore: Make spinlock per zone instead of global - powerpc/pseries: Fix of_node_put() underflow during reconfig remove - crypto: authencesn - Fix digest_null crash - md/raid5: add thread_group worker async_tx_issue_pending_all - drm/vmwgfx: Fix gcc-7.1.1 warning - drm/nouveau/bar/gf100: fix access to upper half of BAR2 - KVM: PPC: Book3S HV: Context-switch EBB registers properly - KVM: PPC: Book3S HV: Restore critical SPRs to host values on guest exit - KVM: PPC: Book3S HV: Reload HTM registers explicitly - KVM: PPC: Book3S HV: Save/restore host values of debug registers - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" - Staging: comedi: comedi_fops: Avoid orphaned proc entry - drm/rcar: Nuke preclose hook - drm: rcar-du: Perform initialization/cleanup at probe/remove time - drm: rcar-du: Simplify and fix probe error handling - perf intel-pt: Fix ip compression - perf intel-pt: Fix last_ip usage - perf intel-pt: Use FUP always when scanning for an IP - perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero - xfs: don't BUG() on mixed direct and mapped I/O - nfc: fdp: fix NULL pointer dereference - net: phy: Do not perform software reset for Generic PHY - isdn: Fix a sleep-in-atomic bug - isdn/i4l: fix buffer overflow - ath10k: fix null deref on wmi-tlv when trying spectral scan - wil6210: fix deadlock when using fw_no_recovery option - mailbox: always wait in mbox_send_message for blocking Tx mode - mailbox: skip complete wait event if timer expired - mailbox: handle empty message in tx_tick - mpt3sas: Don't overreach ioc->reply_post[] during initialization - kaweth: fix firmware download - kaweth: fix oops upon failed memory allocation - sched/cgroup: Move sched_online_group() back into css_online() to fix crash - PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present - RDMA/uverbs: Fix the check for port number - libnvdimm, btt: fix btt_rw_page not returning errors - ipmi/watchdog: fix watchdog timeout set on reboot - v4l: s5c73m3: fix negation operator - pstore: Allow prz to control need for locking - pstore: Correctly initialize spinlock and flags - pstore: Use dynamic spinlock initializer - net: skb_needs_check() accepts CHECKSUM_NONE for tx - sched/cputime: Fix prev steal time accouting during CPU hotplug - xen/blkback: don't free be structure too early - xen/blkback: don't use xen_blkif_get() in xen-blkback kthread - tpm: fix a kernel memory leak in tpm-sysfs.c - tpm: Replace device number bitmap with IDR - x86/mce/AMD: Make the init code more robust - r8169: add support for RTL8168 series add-on card. - ARM: dts: n900: Mark eMMC slot with no-sdio and no-sd flags - net/mlx4: Remove BUG_ON from ICM allocation routine - drm/msm: Ensure that the hardware write pointer is valid - drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set - vfio-pci: use 32-bit comparisons for register address for gcc-4.5 - irqchip/keystone: Fix "scheduling while atomic" on rt - ASoC: tlv320aic3x: Mark the RESET register as volatile - spi: dw: Make debugfs name unique between instances - ASoC: nau8825: fix invalid configuration in Pre-Scalar of FLL - irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND - openrisc: Add _text symbol to fix ksym build error - dmaengine: ioatdma: Add Skylake PCI Dev ID - dmaengine: ioatdma: workaround SKX ioatdma version - dmaengine: ti-dma-crossbar: Add some 'of_node_put()' in error path. - ARM64: zynqmp: Fix W=1 dtc 1.4 warnings - ARM64: zynqmp: Fix i2c node's compatible string - ARM: s3c2410_defconfig: Fix invalid values for NF_CT_PROTO_* - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching - usb: gadget: Fix copy/pasted error message - Btrfs: adjust outstanding_extents counter properly when dio write is split - tools lib traceevent: Fix prev/next_prio for deadline tasks - xfrm: Don't use sk_family for socket policy lookups - perf tools: Install tools/lib/traceevent plugins with install-bin - perf symbols: Robustify reading of build-id from sysfs - video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap - vfio-pci: Handle error from pci_iomap - arm64: mm: fix show_pte KERN_CONT fallout - nvmem: imx-ocotp: Fix wrong register size - sh_eth: enable RX descriptor word 0 shift on SH7734 - ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion - HID: ignore Petzl USB headlamp - scsi: fnic: Avoid sending reset to firmware when another reset is in progress - scsi: snic: Return error code on memory allocation failure - ASoC: dpcm: Avoid putting stream state to STOP when FE stream is paused - Linux 4.4.80 * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for kernels able to boot without initramfs (LP: #1700972) - [Debian] Don't depend on initramfs-tools [ Ubuntu: 4.4.0-93.116 ] * linux: 4.4.0-93.116 -proposed tracker (LP: #1709296) * Creating conntrack entry failure with kernel 4.4.0-89 (LP: #1709032) - Revert "Revert "netfilter: synproxy: fix conntrackd interaction"" - netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister * CVE-2017-1000112 - Revert "udp: consistently apply ufo or fragmentation" - udp: consistently apply ufo or fragmentation * CVE-2017-1000111 - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE" - packet: fix tp_reserve race in packet_set_ring * kernel BUG at [tty_ldisc_reinit] mm/slub.c! (LP: #1709126) - tty: Simplify tty_set_ldisc() exit handling - tty: Reset c_line from driver's init_termios - tty: Handle NULL tty->ldisc - tty: Move tty_ldisc_kill() - tty: Use 'disc' for line discipline index name - tty: Refactor tty_ldisc_reinit() for reuse - tty: Destroy ldisc instance on hangup * atheros bt failed after S3 (LP: #1706833) - SAUCE: Bluetooth: Make request workqueue freezable * The Precision Touchpad(PTP) button sends incorrect event code (LP: #1708372) - HID: multitouch: handle external buttons for Precision Touchpads * Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430) - [Config] CONFIG_SATA_HIGHBANK=y * xfs slab objects (memory) leak when xfs shutdown is called (LP: #1706132) - xfs: fix xfs_log_ticket leak in xfs_end_io() after fs shutdown * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495) - [Packaging] tests -- reduce rebuild test to one flavour * CVE-2017-7495 - ext4: fix data exposure after a crash * ubuntu/rsi driver downlink wifi throughput drops to 5-6 Mbps when BT keyboard is connected (LP: #1706991) - SAUCE: Redpine: enable power save by default for coex mode - SAUCE: Redpine: uapsd configuration changes * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (LP: #1690174) - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing * ath10k doesn't report full RSSI information (LP: #1706531) - ath10k: add per chain RSSI reporting * ideapad_laptop don't support v310-14isk (LP: #1705378) - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill * [8087:0a2b] Failed to load bluetooth firmware(might affect some other Intel bt devices) (LP: #1705633) - Bluetooth: btintel: Create common Intel Version Read function - Bluetooth: Use switch statement for Intel hardware variants - Bluetooth: Replace constant hw_variant from Intel Bluetooth firmware filename - Bluetooth: hci_intel: Fix firmware file name to use hw_variant - Bluetooth: btintel: Add MODULE_FIRMWARE entries for iBT 3.5 controllers * xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 13 (LP: #1667750) - xhci: Bad Ethernet performance plugged in ASM1042A host * OpenPower: Some multipaths temporarily have only a single path (LP: #1696445) - scsi: ses: don't get power status of SES device slot on probe * Hotkeys on new Thinkpad systems aren't working (LP: #1705169) - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad - platform/x86: thinkpad_acpi: guard generic hotkey case - platform/x86: thinkpad_acpi: add mapping for new hotkeys * CVE-2015-7837 - SAUCE: (no-up) kexec/uefi: copy secure_boot flag in boot params across kexec reboot * misleading kernel warning skb_warn_bad_offload during checksum calculation (LP: #1705447) - net: reduce skb_warn_bad_offload() noise * bonding: stack dump when unregistering a netdev (LP: #1704102) - bonding: avoid NETDEV_CHANGEMTU event when unregistering slave * Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673) - drivers: net: xgene: Fix redundant prefetch buffer cleanup * Ubuntu16.04: NVMe 4K+T10 DIF/DIX format returns I/O error on dd with split op (LP: #1689946) - blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op * linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds (LP: #1697892) - bonding: add 802.3ad support for 100G speeds - bonding: fix 802.3ad aggregator reselection - bonding: add 802.3ad support for 25G speeds - bonding: fix 802.3ad support for 5G and 50G speeds * Xenial update to 4.4.79 stable release (LP: #1707233) - disable new gcc-7.1.1 warnings for now - ir-core: fix gcc-7 warning on bool arithmetic - s5p-jpeg: don't return a random width/height - thermal: cpu_cooling: Avoid accessing potentially freed structures - ath9k: fix tx99 use after free - ath9k: fix tx99 bus error - NFC: fix broken device allocation - NFC: nfcmrvl_uart: add missing tty-device sanity check - NFC: nfcmrvl: do not use device-managed resources - NFC: nfcmrvl: use nfc-device for firmware download - NFC: nfcmrvl: fix firmware-management initialisation - nfc: Ensure presence of required attributes in the activate_target handler - nfc: Fix the sockaddr length sanitization in llcp_sock_connect - NFC: Add sockaddr length checks before accessing sa_family in bind handlers - perf intel-pt: Move decoder error setting into one condition - perf intel-pt: Improve sample timestamp - perf intel-pt: Fix missing stack clear - perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP - perf intel-pt: Clear FUP flag on error - Bluetooth: use constant time memory comparison for secret values - wlcore: fix 64K page support - ASoC: compress: Derive substream from stream based on direction - PM / Domains: Fix unsafe iteration over modified list of device links - PM / Domains: Fix unsafe iteration over modified list of domain providers - scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails. - iscsi-target: Add login_keys_workaround attribute for non RFC initiators - powerpc/64: Fix atomic64_inc_not_zero() to return an int - powerpc: Fix emulation of mcrf in emulate_step() - powerpc: Fix emulation of mfocrf in emulate_step() - powerpc/asm: Mark cr0 as clobbered in mftb() - af_key: Fix sadb_x_ipsecrequest parsing - PCI/PM: Restore the status of PCI devices across hibernation - ipvs: SNAT packet replies only for NATed connections - xhci: fix 20000ms port resume timeout - xhci: Fix NULL pointer dereference when cleaning up streams for removed host - usb: storage: return on error to avoid a null pointer dereference - USB: cdc-acm: add device-id for quirky printer - usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL - usb: renesas_usbhs: gadget: disable all eps when the driver stops - md: don't use flush_signals in userspace processes - x86/xen: allow userspace access during hypercalls - cx88: Fix regression in initial video standard setting - Raid5 should update rdev->sectors after reshape - s390/syscalls: Fix out of bounds arguments access - drm/amd/amdgpu: Return error if initiating read out of range on vram - drm/radeon/ci: disable mclk switching for high refresh rates (v2) - drm/radeon: Fix eDP for single-display iMac10,1 (v2) - ipmi: use rcu lock around call to intf->handlers->sender() - ipmi:ssif: Add missing unlock in error branch - f2fs: Don't clear SGID when inheriting ACLs - vfio: Fix group release deadlock - vfio: New external user group/file match - ftrace: Fix uninitialized variable in match_records() - MIPS: Fix mips_atomic_set() retry condition - MIPS: Fix mips_atomic_set() with EVA - MIPS: Negate error syscall return in trace - x86/acpi: Prevent out of bound access caused by broken ACPI tables - x86/ioapic: Pass the correct data to unmask_ioapic_irq() - MIPS: Fix MIPS I ISA /proc/cpuinfo reporting - MIPS: Save static registers before sysmips - MIPS: Actually decode JALX in `__compute_return_epc_for_insn' - MIPS: Fix unaligned PC interpretation in `compute_return_epc' - MIPS: math-emu: Prevent wrong ISA mode instruction emulation - MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn' - MIPS: Rename `sigill_r6' to `sigill_r2r6' in `__compute_return_epc_for_insn' - MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn' - MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message - Input: i8042 - fix crash at boot time - NFS: only invalidate dentrys that are clearly invalid. - udf: Fix deadlock between writeback and udf_setsize() - target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce - perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target - Revert "perf/core: Drop kernel samples even though :u is specified" - staging: rtl8188eu: add TL-WN722N v2 support - ceph: fix race in concurrent readdir - RDMA/core: Initialize port_num in qp_attr - drm/mst: Fix error handling during MST sideband message reception - drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req() - drm/mst: Avoid processing partially received up/down message transactions - of: device: Export of_device_{get_modalias, uvent_modalias} to modules - spmi: Include OF based modalias in device uevent - tracing: Fix kmemleak in instance_rmdir - alarmtimer: don't rate limit one-shot timers - Linux 4.4.79 * Xenial update to 4.4.78 stable release (LP: #1705707) - net_sched: fix error recovery at qdisc creation - net: sched: Fix one possible panic when no destroy callback - net/phy: micrel: configure intterupts after autoneg workaround - ipv6: avoid unregistering inet6_dev for loopback - net: dp83640: Avoid NULL pointer dereference. - tcp: reset sk_rx_dst in tcp_disconnect() - net: prevent sign extension in dev_get_stats() - bpf: prevent leaking pointer via xadd on unpriviledged - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() - ipv6: dad: don't remove dynamic addresses if link is down - net: ipv6: Compare lwstate in detecting duplicate nexthops - vrf: fix bug_on triggered by rx when destroying a vrf - rds: tcp: use sock_create_lite() to create the accept socket - brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES - cfg80211: Check if PMKID attribute is of expected size - irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity - parisc: Report SIGSEGV instead of SIGBUS when running out of stack - parisc: use compat_sys_keyctl() - parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs - parisc/mm: Ensure IRQs are off in switch_mm() - tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/: Depth - kernel/extable.c: mark core_kernel_text notrace - mm/list_lru.c: fix list_lru_count_node() to be race free - fs/dcache.c: fix spin lockup issue on nlru->lock - checkpatch: silence perl 5.26.0 unescaped left brace warnings - binfmt_elf: use ELF_ET_DYN_BASE only for PIE - arm: move ELF_ET_DYN_BASE to 4MB - arm64: move ELF_ET_DYN_BASE to 4GB / 4MB - powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB - s390: reduce ELF_ET_DYN_BASE - exec: Limit arg stack to at most 75% of _STK_LIM - vt: fix unchecked __put_user() in tioclinux ioctls - mnt: In umount propagation reparent in a separate pass - mnt: In propgate_umount handle visiting mounts in any order - mnt: Make propagate_umount less slow for overlapping mount propagation trees - selftests/capabilities: Fix the test_execve test - tpm: Get rid of chip->pdev - tpm: Provide strong locking for device removal - Add "shutdown" to "struct class". - tpm: Issue a TPM2_Shutdown for TPM2 devices. - mm: fix overflow check in expand_upwards() - crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD - crypto: atmel - only treat EBUSY as transient if backlog - crypto: sha1-ssse3 - Disable avx2 - crypto: caam - fix signals handling - sched/topology: Fix overlapping sched_group_mask - sched/topology: Optimize build_group_mask() - PM / wakeirq: Convert to SRCU - PM / QoS: return -EINVAL for bogus strings - tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results - KVM: x86: disable MPX if host did not enable MPX XSAVE features - kvm: vmx: Do not disable intercepts for BNDCFGS - kvm: x86: Guest BNDCFGS requires guest MPX support - kvm: vmx: Check value written to IA32_BNDCFGS - kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS - Linux 4.4.78 * Xenial update to 4.4.77 stable release (LP: #1705238) - fs: add a VALID_OPEN_FLAGS - fs: completely ignore unknown open flags - driver core: platform: fix race condition with driver_override - bgmac: reset & enable Ethernet core before using it - mm: fix classzone_idx underflow in shrink_zones() - tracing/kprobes: Allow to create probe with a module name starting with a digit - usb: dwc3: replace %p with %pK - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - Add USB quirk for HVR-950q to avoid intermittent device resets - usb: usbip: set buffer pointers to NULL after free - usb: Fix typo in the definition of Endpoint[out]Request - mac80211_hwsim: Replace bogus hrtimer clockid - sysctl: don't print negative flag for proc_douintvec - sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec - pinctrl: sh-pfc: r8a7791: Fix SCIF2 pinmux data - pinctrl: meson: meson8b: fix the NAND DQS pins - pinctrl: sunxi: Fix SPDIF function name for A83T - pinctrl: mxs: atomically switch mux and drive strength config - pinctrl: sh-pfc: Update info pointer after SoC-specific init - USB: serial: option: add two Longcheer device ids - USB: serial: qcserial: new Sierra Wireless EM7305 device ID - gfs2: Fix glock rhashtable rcu bug - x86/tools: Fix gcc-7 warning in relocs.c - x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings - ath10k: override CE5 config for QCA9377 - KEYS: Fix an error code in request_master_key() - RDMA/uverbs: Check port number supplied by user verbs cmds - mqueue: fix a use-after-free in sys_mq_notify() - tools include: Add a __fallthrough statement - tools string: Use __fallthrough in perf_atoll() - tools strfilter: Use __fallthrough - perf top: Use __fallthrough - perf intel-pt: Use __fallthrough - perf thread_map: Correctly size buffer used with dirent->dt_name - perf scripting perl: Fix compile error with some perl5 versions - perf tests: Avoid possible truncation with dirent->d_name + snprintf - perf bench numa: Avoid possible truncation when using snprintf() - perf tools: Use readdir() instead of deprecated readdir_r() - perf thread_map: Use readdir() instead of deprecated readdir_r() - perf script: Use readdir() instead of deprecated readdir_r() - perf tools: Remove duplicate const qualifier - perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed - perf pmu: Fix misleadingly indented assignment (whitespace) - perf dwarf: Guard !x86_64 definitions under #ifdef else clause - perf trace: Do not process PERF_RECORD_LOST twice - perf tests: Remove wrong semicolon in while loop in CQM test - perf tools: Use readdir() instead of deprecated readdir_r() again - md: fix incorrect use of lexx_to_cpu in does_sb_need_changing - md: fix super_offset endianness in super_1_rdev_size_change - tcp: fix tcp_mark_head_lost to check skb len before fragmenting - staging: vt6556: vnt_start Fix missing call to vnt_key_init_table. - staging: comedi: fix clean-up of comedi_class in comedi_init() - ext4: check return value of kstrtoull correctly in reserved_clusters_store - x86/mm/pat: Don't report PAT on CPUs that don't support it - saa7134: fix warm Medion 7134 EEPROM read - Linux 4.4.77 -- Kleber Sacilotto de Souza Wed, 30 Aug 2017 10:15:28 +0200 linux-kvm (4.4.0-1004.9) xenial; urgency=low * linux-kvm: 4.4.0-1004.9 -proposed tracker (LP: #1712881) * sysv ipc disabled in linux-kvm, needed for installed-by-default server packages (LP: #1712679) - kvm: [config] enable System V IPC [ Ubuntu: 4.4.0-92.115 ] * linux: 4.4.0-92.115 -proposed tracker (LP: #1709812) * Creating conntrack entry failure with kernel 4.4.0-89 (LP: #1709032) - Revert "netfilter: synproxy: fix conntrackd interaction" -- Marcelo Henrique Cerri Thu, 24 Aug 2017 14:50:20 -0300 linux-kvm (4.4.0-1003.8) xenial; urgency=low * Rebase to Ubuntu-4.4.0-91.114. * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for kernels able to boot without initramfs (LP: #1700972) - [Debian] Don't abort installation if update-initramfs is missing * sock_recvmsg has dropped size argument (LP: #1701697) - Packaging: Breaks unfixed iscsitarget versions * Upgrade Redpine WLAN/BT driver to ver. 1.2.RC4 (LP: #1669672) - SAUCE: Redpine: add copyright to kernel packages * Missing libunwind support in perf (LP: #1248289) - [Config] add binutils-dev to the Build-Depends: to fix perf unwinding * Miscellaneous Ubuntu changes - kvm: [config] enable ZFS - kvm: [config] enable MODULE_SIG - kvm: [config] enable common filesystems - kvm: [config] enable common BLK_DEV's - kvm: [config] enable full NLS_ support -- Kamal Mostafa Fri, 18 Aug 2017 11:05:11 -0700 linux-kvm (4.4.0-1002.3) xenial; urgency=low [ Packaging ] * Please only recommend or suggest initramfs-tools | linux-initramfs-tool for kernels able to boot without initramfs (LP: #1700972) - [Debian] Don't depend on initramfs-tools * Disable module-check -- Kamal Mostafa Wed, 02 Aug 2017 11:50:20 -0700 linux-kvm (4.4.0-1001.1) xenial; urgency=low [ Kamal Mostafa ] * Initial linux-kvm packaging based on xenial (4.4.0-87.110) -- Kamal Mostafa Tue, 18 Jul 2017 11:16:33 -0700 linux-kvm (4.4.0-1000.0) xenial; urgency=low * Empty entry -- Kamal Mostafa Wed, 12 Jul 2017 11:02:05 -0700