Change log for linux-kvm package in Ubuntu

168 of 68 results
Published in bionic-proposed on 2018-12-07
linux-kvm (4.15.0-1028.28) bionic; urgency=medium

  * linux-kvm: 4.15.0-1028.28 -proposed tracker (LP: #1806667)

  [ Ubuntu: 4.15.0-43.46 ]

  * linux: 4.15.0-43.46 -proposed tracker (LP: #1806659)
  * System randomly hangs during suspend when mei_wdt is loaded (LP: #1803942)
    - SAUCE: base/dd: limit release function changes to vfio driver only
  * Workaround CSS timeout on AMD SNPS 3.0 xHC (LP: #1806838)
    - xhci: Allow more than 32 quirks
    - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
    - [Config] buildinfo -- add retpoline version markers
  * linux packages should own /usr/lib/linux/triggers (LP: #1770256)
    - [Packaging] own /usr/lib/linux/triggers
  * CVE-2018-12896
    - posix-timers: Sanitize overrun handling
  * CVE-2018-16276
    - USB: yurex: fix out-of-bounds uaccess in read handler
  * CVE-2018-10902
    - ALSA: rawmidi: Change resized buffers atomically
  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.
  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE
  * CVE-2018-14734
    - infiniband: fix a possible use-after-free bug
  * CVE-2018-18445
    - bpf: 32-bit RSH verification must truncate input before the ALU op
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

 -- Khalid Elmously <email address hidden>  Fri, 07 Dec 2018 04:34:12 +0000

Available diffs

Published in xenial-proposed on 2018-12-06
linux-kvm (4.4.0-1039.45) xenial; urgency=medium

  * linux-kvm: 4.4.0-1039.45 -proposed tracker (LP: #1806578)

  [ Ubuntu: 4.4.0-141.167 ]

  * linux: 4.4.0-141.167 -proposed tracker (LP: #1806569)
  *  Redpine: firmware assert upon assoc   timeout (LP: #1804360)
    - SAUCE: Redpine: fix for firmware assert upon assoc timeout
  * CVE-2018-12896
    - posix-timers: Sanitize overrun handling
  * CVE-2017-5753
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - usbip: vhci_sysfs: fix potential Spectre v1
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.
  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE
  * CVE-2017-18174
    - pinctrl: Add devm_ apis for pinctrl_{register, unregister}
    - pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration

 -- Khalid Elmously <email address hidden>  Thu, 06 Dec 2018 02:50:39 +0000

Available diffs

Published in disco-proposed 15 hours ago
Published in cosmic-proposed on 2018-12-06
linux-kvm (4.18.0-1006.6) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1006.6 -proposed tracker (LP: #1806424)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] update update.conf

  [ Ubuntu: 4.18.0-13.14 ]

  * linux: 4.18.0-13.14 -proposed tracker (LP: #1806409)
  * linux-buildinfo: pull out ABI information into its own package
    (LP: #1806380)
    - [Packaging] limit preparation to linux-libc-dev in headers
    - [Packaging] commonise debhelper invocation
    - [Packaging] ABI -- accumulate abi information at the end of the build
    - [Packaging] buildinfo -- add basic build information
    - [Packaging] buildinfo -- add firmware information to the flavour ABI
    - [Packaging] buildinfo -- add compiler information to the flavour ABI
    - [Packaging] buildinfo -- add buildinfo support to getabis
  * linux packages should own /usr/lib/linux/triggers (LP: #1770256)
    - [Packaging] own /usr/lib/linux/triggers
  * Regression: hinic performance degrades over time (LP: #1805248)
    - Revert "net-next/hinic: add checksum offload and TSO support"
  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.

 -- Stefan Bader <email address hidden>  Wed, 05 Dec 2018 16:45:55 +0100

Available diffs

Published in bionic-security on 2018-12-03
Published in bionic-updates on 2018-12-03
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1027.27) bionic; urgency=medium

  * linux-kvm: 4.15.0-1027.27 -proposed tracker (LP: #1802561)

  [ Ubuntu: 4.15.0-42.45 ]

  * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)
  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - KVM: s390: reset crypto attributes for all vcpus
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - s390/zcrypt: remove VLA usage from the AP bus
    - s390/zcrypt: Remove deprecated ioctls.
    - s390/zcrypt: Remove deprecated zcrypt proc interface.
    - s390/zcrypt: Support up to 256 crypto adapters.
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  *  CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs
  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

  [ Ubuntu: 4.15.0-40.43 ]

  * linux: 4.15.0-40.43 -proposed tracker (LP: #1802554)
  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()
  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: don't keep track of MAC address's cast type
    - s390/qeth: consolidate qeth MAC address helpers
    - s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
    - s390/qeth: remove outdated portname debug msg
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages
  * [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
    binding (LP: #1799184)
    - s390/zcrypt: code beautify
    - s390/zcrypt: AP bus support for alternate driver(s)
    - s390/zcrypt: hex string mask improvements for apmask and aqmask.
    - s390/zcrypt: remove unused functions and declarations
    - s390/zcrypt: Show load of cards and queues in sysfs
  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
    - x86/speculation: Support Enhanced IBRS on future CPUs
  * Allow signed kernels to be kexec'ed under lockdown (LP: #1798441)
    - Fix kexec forbidding kernels signed with keys in the secondary keyring to
      boot
  * Overlayfs in user namespace leaks directory content of inaccessible
    directories (LP: #1793458) // CVE-2018-6559
    - SAUCE: overlayfs: ensure mounter privileges when reading directories
  * Update ENA driver to version 2.0.1K (LP: #1798182)
    - net: ena: remove ndo_poll_controller
    - net: ena: fix warning in rmmod caused by double iounmap
    - net: ena: fix rare bug when failed restart/resume is followed by driver
      removal
    - net: ena: fix NULL dereference due to untimely napi initialization
    - net: ena: fix auto casting to boolean
    - net: ena: minor performance improvement
    - net: ena: complete host info to match latest ENA spec
    - net: ena: introduce Low Latency Queues data structures according to ENA spec
    - net: ena: add functions for handling Low Latency Queues in ena_com
    - net: ena: add functions for handling Low Latency Queues in ena_netdev
    - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
    - net: ena: explicit casting and initialization, and clearer error handling
    - net: ena: limit refill Rx threshold to 256 to avoid latency issues
    - net: ena: change rx copybreak default to reduce kernel memory pressure
    - net: ena: remove redundant parameter in ena_com_admin_init()
    - net: ena: update driver version to 2.0.1
    - net: ena: fix indentations in ena_defs for better readability
    - net: ena: Fix Kconfig dependency on X86
    - net: ena: enable Low Latency Queues
    - net: ena: fix compilation error in xtensa architecture
  * Bionic update: upstream stable patchset 2018-10-29 (LP: #1800537)
    - bonding: re-evaluate force_primary when the primary slave name changes
    - cdc_ncm: avoid padding beyond end of skb
    - ipv6: allow PMTU exceptions to local routes
    - net: dsa: add error handling for pskb_trim_rcsum
    - net/sched: act_simple: fix parsing of TCA_DEF_DATA
    - tcp: verify the checksum of the first data segment in a new connection
    - udp: fix rx queue len reported by diag and proc interface
    - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds
      vlan
    - tls: fix use-after-free in tls_push_record
    - ext4: fix hole length detection in ext4_ind_map_blocks()
    - ext4: update mtime in ext4_punch_hole even if no blocks are released
    - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
    - ext4: fix fencepost error in check for inode count overflow during resize
    - driver core: Don't ignore class_dir_create_and_add() failure.
    - Btrfs: fix clone vs chattr NODATASUM race
    - Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
    - btrfs: return error value if create_io_em failed in cow_file_range
    - btrfs: scrub: Don't use inode pages for device replace
    - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
    - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
    - ALSA: hda: add dock and led support for HP EliteBook 830 G5
    - ALSA: hda: add dock and led support for HP ProBook 640 G4
    - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
    - smb3: fix various xid leaks
    - CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session
      expiry
    - cifs: For SMB2 security informaion query, check for minimum sized security
      descriptor instead of sizeof FileAllInformation class
    - nbd: fix nbd device deletion
    - nbd: update size when connected
    - nbd: use bd_set_size when updating disk size
    - blk-mq: reinit q->tag_set_list entry only after grace period
    - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
    - cpufreq: Fix new policy initialization during limits updates via sysfs
    - cpufreq: governors: Fix long idle detection logic in load calculation
    - libata: zpodd: small read overflow in eject_tray()
    - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
    - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
    - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
    - iwlwifi: fw: harden page loading code
    - orangefs: set i_size on new symlink
    - orangefs: report attributes_mask and attributes for statx
    - HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
    - HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620
    - cpufreq: ti-cpufreq: Fix an incorrect error return value
    - x86/vector: Fix the args of vector_alloc tracepoint
    - x86/apic/vector: Prevent hlist corruption and leaks
    - x86/apic: Provide apic_ack_irq()
    - x86/ioapic: Use apic_ack_irq()
    - x86/platform/uv: Use apic_ack_irq()
    - irq_remapping: Use apic_ack_irq()
    - genirq/generic_pending: Do not lose pending affinity update
    - genirq/affinity: Defer affinity setting if irq chip is busy
    - genirq/migration: Avoid out of line call if pending is not set
  * [bionic]mlx5: reading SW stats through ifstat cause kernel crash
    (LP: #1799049)
    - net/mlx5e: Don't attempt to dereference the ppriv struct if not being
      eswitch manager
  * [Bionic][Cosmic]  ipmi: Fix timer race with module unload (LP: #1799281)
    - ipmi: Fix timer race with module unload
  * [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
    (LP: #1799276)
    - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
  * execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729)
    - cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
  * [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater
    than 255 bytes (LP: #1799794)
    - ipmi:ssif: Add support for multi-part transmit messages > 2 parts
  * libvirtd is unable to configure bridge devices inside of LXD containers
    (LP: #1784501)
    - kernfs: allow creating kernfs objects with arbitrary uid/gid
    - sysfs, kobject: allow creating kobject belonging to arbitrary users
    - kobject: kset_create_and_add() - fetch ownership info from parent
    - driver core: set up ownership of class devices in sysfs
    - net-sysfs: require net admin in the init ns for setting tx_maxrate
    - net-sysfs: make sure objects belong to container's owner
    - net: create reusable function for getting ownership info of sysfs inodes
    - bridge: make sure objects belong to container's owner
    - sysfs: Fix regression when adding a file to an existing group
  * [Ubuntu] kvm: fix deadlock when killed by oom (LP: #1800849)
    - s390/kvm: fix deadlock when killed by oom
  * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639)
    - net/af_iucv: drop inbound packets with invalid flags
    - net/af_iucv: fix skb handling on HiperTransport xmit error
  * Power consumption during s2idle is higher than long idle(sk hynix)
    (LP: #1801875)
    - SAUCE: pci: prevent sk hynix nvme from entering D3
    - SAUCE: nvme: add quirk to not call disable function when suspending
  * Enable keyboard wakeup for S2Idle laptops (LP: #1798552)
    - Input: i8042 - enable keyboard wakeups by default when s2idle is used
  * NULL pointer dereference at 0000000000000020 when access
    dst_orig->ops->family in function  xfrm_lookup_with_ifid() (LP: #1801878)
    - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
  * [Ubuntu] qdio: reset old sbal_state flags (LP: #1801686)
    - s390/qdio: reset old sbal_state flags
  * hns3: map tx ring to tc (LP: #1802023)
    - net: hns3: Set tx ring' tc info when netdev is up
  * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641)
    - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
    - s390: qeth: Fix potential array overrun in cmd/rc lookup
  * Vulkan applications cause permanent memory leak with Intel GPU
    (LP: #1798165)
    - drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
  * Mounting SOFS SMB shares fails (LP: #1792580)
    - cifs: connect to servername instead of IP for IPC$ share
  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

 -- Khalid Elmously <email address hidden>  Thu, 15 Nov 2018 19:11:04 -0500

Available diffs

Published in disco-release on 2018-12-03
Published in cosmic-security on 2018-12-03
Published in cosmic-updates on 2018-12-03
Deleted in disco-proposed (Reason: moved to release)
Deleted in cosmic-proposed (Reason: moved to -updates)
linux-kvm (4.18.0-1005.5) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1005.5 -proposed tracker (LP: #1802753)

  [ Ubuntu: 4.18.0-12.13 ]

  * linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)
  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  *  CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs
  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks
  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()
  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages
  * Add checksum offload and TSO support for HiNIC adapters (LP: #1800664)
    - net-next/hinic: add checksum offload and TSO support
  * smartpqi updates for ubuntu 18.04.2 (LP: #1798208)
    - scsi: smartpqi: improve handling for sync requests
    - scsi: smartpqi: improve error checking for sync requests
    - scsi: smartpqi: add inspur advantech ids
    - scsi: smartpqi: fix critical ARM issue reading PQI index registers
    - scsi: smartpqi: bump driver version to 1.1.4-130
  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
    - x86/speculation: Support Enhanced IBRS on future CPUs
  * Enable keyboard wakeup for S2Idle laptops (LP: #1798552)
    - Input: i8042 - enable keyboard wakeups by default when s2idle is used
  * Overlayfs in user namespace leaks directory content of inaccessible
    directories (LP: #1793458) // CVE-2018-6559
    - SAUCE: overlayfs: ensure mounter privileges when reading directories
  * Update ENA driver to version 2.0.1K (LP: #1798182)
    - net: ena: remove ndo_poll_controller
    - net: ena: fix auto casting to boolean
    - net: ena: minor performance improvement
    - net: ena: complete host info to match latest ENA spec
    - net: ena: introduce Low Latency Queues data structures according to ENA spec
    - net: ena: add functions for handling Low Latency Queues in ena_com
    - net: ena: add functions for handling Low Latency Queues in ena_netdev
    - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
    - net: ena: explicit casting and initialization, and clearer error handling
    - net: ena: limit refill Rx threshold to 256 to avoid latency issues
    - net: ena: change rx copybreak default to reduce kernel memory pressure
    - net: ena: remove redundant parameter in ena_com_admin_init()
    - net: ena: update driver version to 2.0.1
    - net: ena: fix indentations in ena_defs for better readability
    - net: ena: Fix Kconfig dependency on X86
    - net: ena: enable Low Latency Queues
    - net: ena: fix compilation error in xtensa architecture
  * Cosmic update: 4.18.17 upstream stable release (LP: #1802119)
    - xfrm: Validate address prefix lengths in the xfrm selector.
    - xfrm6: call kfree_skb when skb is toobig
    - xfrm: reset transport header back to network header after all input
      transforms ahave been applied
    - xfrm: reset crypto_done when iterating over multiple input xfrms
    - mac80211: Always report TX status
    - cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
    - mac80211: fix pending queue hang due to TX_DROP
    - cfg80211: Address some corner cases in scan result channel updating
    - mac80211: TDLS: fix skb queue/priority assignment
    - mac80211: fix TX status reporting for ieee80211s
    - ARM: 8799/1: mm: fix pci_ioremap_io() offset check
    - xfrm: validate template mode
    - drm/i2c: tda9950: fix timeout counter check
    - drm/i2c: tda9950: set MAX_RETRIES for errors only
    - netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
    - netfilter: conntrack: get rid of double sizeof
    - arm64: hugetlb: Fix handling of young ptes
    - ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
    - net: macb: Clean 64b dma addresses if they are not detected
    - soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
    - soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
    - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
    - mac80211_hwsim: fix locking when iterating radios during ns exit
    - mac80211_hwsim: fix race in radio destruction from netlink notifier
    - mac80211_hwsim: do not omit multicast announce of first added radio
    - Bluetooth: SMP: fix crash in unpairing
    - pxa168fb: prepare the clock
    - qed: Avoid implicit enum conversion in qed_set_tunn_cls_info
    - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv
    - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
    - qed: Avoid constant logical operation warning in qed_vf_pf_acquire
    - qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - scsi: qedi: Initialize the stats mutex lock
    - rxrpc: Fix checks as to whether we should set up a new call
    - rxrpc: Fix RTT gathering
    - rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
    - rxrpc: Fix error distribution
    - netfilter: nft_set_rbtree: add missing rb_erase() in GC routine
    - netfilter: avoid erronous array bounds warning
    - asix: Check for supported Wake-on-LAN modes
    - ax88179_178a: Check for supported Wake-on-LAN modes
    - lan78xx: Check for supported Wake-on-LAN modes
    - sr9800: Check for supported Wake-on-LAN modes
    - r8152: Check for supported Wake-on-LAN Modes
    - smsc75xx: Check for Wake-on-LAN modes
    - smsc95xx: Check for Wake-on-LAN modes
    - cfg80211: fix use-after-free in reg_process_hint()
    - KVM: nVMX: Do not expose MPX VMX controls when guest MPX disabled
    - KVM: x86: Do not use kvm_x86_ops->mpx_supported() directly
    - KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS
    - perf/core: Fix perf_pmu_unregister() locking
    - perf/x86/intel/uncore: Use boot_cpu_data.phys_proc_id instead of hardcorded
      physical package ID 0
    - perf/ring_buffer: Prevent concurent ring buffer access
    - perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
    - perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events
    - thunderbolt: Do not handle ICM events after domain is stopped
    - thunderbolt: Initialize after IOMMUs
    - net: fec: fix rare tx timeout
    - declance: Fix continuation with the adapter identification message
    - RISCV: Fix end PFN for low memory
    - Revert "serial: 8250_dw: Fix runtime PM handling"
    - locking/ww_mutex: Fix runtime warning in the WW mutex selftest
    - drm/amd/display: Signal hw_done() after waiting for flip_done()
    - be2net: don't flip hw_features when VXLANs are added/deleted
    - powerpc/numa: Skip onlining a offline node in kdump path
    - net: cxgb3_main: fix a missing-check bug
    - yam: fix a missing-check bug
    - ocfs2: fix crash in ocfs2_duplicate_clusters_by_page()
    - mm/gup_benchmark: fix unsigned comparison to zero in __gup_benchmark_ioctl
    - mm/migrate.c: split only transparent huge pages when allocation fails
    - x86/paravirt: Fix some warning messages
    - clk: mvebu: armada-37xx-periph: Remove unused var num_parents
    - libertas: call into generic suspend code before turning off power
    - perf report: Don't try to map ip to invalid map
    - tls: Fix improper revert in zerocopy_from_iter
    - HID: i2c-hid: Remove RESEND_REPORT_DESCR quirk and its handling
    - compiler.h: Allow arch-specific asm/compiler.h
    - ARM: dts: imx53-qsb: disable 1.2GHz OPP
    - perf python: Use -Wno-redundant-decls to build with PYTHON=python3
    - perf record: Use unmapped IP for inline callchain cursors
    - rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
    - rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window()
    - rxrpc: Only take the rwind and mtu values from latest ACK
    - rxrpc: Fix connection-level abort handling
    - KVM: x86: support CONFIG_KVM_AMD=y with CONFIG_CRYPTO_DEV_CCP_DD=m
    - net: ena: fix warning in rmmod caused by double iounmap
    - net: ena: fix rare bug when failed restart/resume is followed by driver
      removal
    - net: ena: fix NULL dereference due to untimely napi initialization
    - gpio: Assign gpio_irq_chip::parents to non-stack pointer
    - IB/mlx5: Unmap DMA addr from HCA before IOMMU
    - rds: RDS (tcp) hangs on sendto() to unresponding address
    - selftests: rtnetlink.sh explicitly requires bash.
    - selftests: udpgso_bench.sh explicitly requires bash
    - vmlinux.lds.h: Fix incomplete .text.exit discards
    - vmlinux.lds.h: Fix linker warnings about orphan .LPBX sections
    - afs: Fix cell proc list
    - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
    - Revert "mm: slowly shrink slabs with a relatively small number of objects"
    - Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
    - perf tools: Disable parallelism for 'make clean'
    - bridge: do not add port to router list when receives query with source
      0.0.0.0
    - ipv6: mcast: fix a use-after-free in inet6_mc_check
    - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
      called
    - ipv6: rate-limit probes for neighbourless routes
    - llc: set SOCK_RCU_FREE in llc_sap_add_socket()
    - net: fec: don't dump RX FIFO register when not available
    - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
    - net/mlx5e: fix csum adjustments caused by RXFCS
    - net: sched: gred: pass the right attribute to gred_change_table_def()
    - net: socket: fix a missing-check bug
    - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
    - net: udp: fix handling of CHECKSUM_COMPLETE packets
    - r8169: fix NAPI handling under high load
    - rtnetlink: Disallow FDB configuration for non-Ethernet device
    - sctp: fix race on sctp_id2asoc
    - tipc: fix unsafe rcu locking when accessing publication list
    - udp6: fix encap return code for resubmitting
    - vhost: Fix Spectre V1 vulnerability
    - virtio_net: avoid using netif_tx_disable() for serializing tx routine
    - ethtool: fix a privilege escalation bug
    - bonding: fix length of actor system
    - ip6_tunnel: Fix encapsulation layout
    - openvswitch: Fix push/pop ethernet validation
    - net: ipmr: fix unresolved entry dumps
    - net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
    - net: bcmgenet: Poll internal PHY for GENETv5
    - net: sched: Fix for duplicate class dump
    - net/sched: cls_api: add missing validation of netlink attributes
    - net/ipv6: Allow onlink routes to have a device mismatch if it is the default
      route
    - sctp: fix the data size calculation in sctp_data_size
    - sctp: not free the new asoc when sctp_wait_for_connect returns err
    - net/mlx5: Fix memory leak when setting fpga ipsec caps
    - net/smc: fix smc_buf_unuse to use the lgr pointer
    - mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs
    - net: bpfilter: use get_pid_task instead of pid_task
    - net: drop skb on failure in ip_check_defrag()
    - net: fix pskb_trim_rcsum_slow() with odd trim offset
    - mlxsw: core: Fix devlink unregister flow
    - sparc64: Export __node_distance.
    - sparc64: Make corrupted user stacks more debuggable.
    - sparc64: Make proc_id signed.
    - sparc64: Set %l4 properly on trap return after handling signals.
    - sparc64: Wire up compat getpeername and getsockname.
    - sparc: Fix single-pcr perf event counter management.
    - sparc: Fix syscall fallback bugs in VDSO.
    - sparc: Throttle perf events properly.
    - net: bridge: remove ipv6 zero address check in mcast queries
    - Linux 4.18.17
  * Cosmic update: 4.18.16 upstream stable release (LP: #1802100)
    - soundwire: Fix duplicate stream state assignment
    - soundwire: Fix incorrect exit after configuring stream
    - soundwire: Fix acquiring bus lock twice during master release
    - media: af9035: prevent buffer overflow on write
    - spi: gpio: Fix copy-and-paste error
    - batman-adv: Avoid probe ELP information leak
    - batman-adv: Fix segfault when writing to throughput_override
    - batman-adv: Fix segfault when writing to sysfs elp_interval
    - batman-adv: Prevent duplicated gateway_node entry
    - batman-adv: Prevent duplicated nc_node entry
    - batman-adv: Prevent duplicated softif_vlan entry
    - batman-adv: Prevent duplicated global TT entry
    - batman-adv: Prevent duplicated tvlv handler
    - batman-adv: fix backbone_gw refcount on queue_work() failure
    - batman-adv: fix hardif_neigh refcount on queue_work() failure
    - cxgb4: fix abort_req_rss6 struct
    - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-
      am43 SoCs
    - scsi: ibmvscsis: Fix a stringop-overflow warning
    - scsi: ibmvscsis: Ensure partition name is properly NUL terminated
    - intel_th: pci: Add Ice Lake PCH support
    - Input: atakbd - fix Atari keymap
    - Input: atakbd - fix Atari CapsLock behaviour
    - selftests: pmtu: properly redirect stderr to /dev/null
    - net: emac: fix fixed-link setup for the RTL8363SB switch
    - ravb: do not write 1 to reserved bits
    - net/smc: fix non-blocking connect problem
    - net/smc: fix sizeof to int comparison
    - qed: Fix populating the invalid stag value in multi function mode.
    - qed: Do not add VLAN 0 tag to untagged frames in multi-function mode.
    - PCI: dwc: Fix scheduling while atomic issues
    - RDMA/uverbs: Fix validity check for modify QP
    - scsi: lpfc: Synchronize access to remoteport via rport
    - drm: mali-dp: Call drm_crtc_vblank_reset on device init
    - scsi: ipr: System hung while dlpar adding primary ipr adapter back
    - scsi: sd: don't crash the host on invalid commands
    - bpf: sockmap only allow ESTABLISHED sock state
    - bpf: sockmap, fix transition through disconnect without close
    - bpf: test_maps, only support ESTABLISHED socks
    - net/mlx4: Use cpumask_available for eq->affinity_mask
    - clocksource/drivers/fttmr010: Fix set_next_event handler
    - RDMA/bnxt_re: Fix system crash during RDMA resource initialization
    - RISC-V: include linux/ftrace.h in asm-prototypes.h
    - iommu/rockchip: Free irqs in shutdown handler
    - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type
    - powerpc/tm: Fix userspace r13 corruption
    - powerpc/tm: Avoid possible userspace r1 corruption on reclaim
    - powerpc/numa: Use associativity if VPHN hcall is successful
    - iommu/amd: Return devid as alias for ACPI HID devices
    - x86/boot: Fix kexec booting failure in the SEV bit detection code
    - Revert "vfs: fix freeze protection in mnt_want_write_file() for overlayfs"
    - mremap: properly flush TLB before releasing the page
    - ARC: build: Get rid of toolchain check
    - ARC: build: Don't set CROSS_COMPILE in arch's Makefile
    - Linux 4.18.16
  * Cosmic update: 4.18.15 upstream stable release (LP: #1802082)
    - bnxt_en: Fix TX timeout during netpoll.
    - bnxt_en: free hwrm resources, if driver probe fails.
    - bonding: avoid possible dead-lock
    - ip6_tunnel: be careful when accessing the inner header
    - ip_tunnel: be careful when accessing the inner header
    - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
    - ipv6: take rcu lock in rawv6_send_hdrinc()
    - net: dsa: bcm_sf2: Call setup during switch resume
    - net: hns: fix for unmapping problem when SMMU is on
    - net: ipv4: update fnhe_pmtu when first hop's MTU changes
    - net/ipv6: Display all addresses in output of /proc/net/if_inet6
    - netlabel: check for IPV4MASK in addrinfo_get
    - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
    - net: mvpp2: fix a txq_done race condition
    - net: sched: Add policy validation for tc attributes
    - net: sched: cls_u32: fix hnode refcounting
    - net: systemport: Fix wake-up interrupt race during resume
    - net/usb: cancel pending work when unbinding smsc75xx
    - qlcnic: fix Tx descriptor corruption on 82xx devices
    - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
    - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
    - sctp: update dst pmtu with the correct daddr
    - team: Forbid enslaving team device to itself
    - tipc: fix flow control accounting for implicit connect
    - udp: Unbreak modules that rely on external __skb_recv_udp() availability
    - net: qualcomm: rmnet: Skip processing loopback packets
    - net: qualcomm: rmnet: Fix incorrect allocation flag in transmit
    - net: qualcomm: rmnet: Fix incorrect allocation flag in receive path
    - tun: remove unused parameters
    - tun: initialize napi_mutex unconditionally
    - tun: napi flags belong to tfile
    - net: stmmac: Fixup the tail addr setting in xmit path
    - net/packet: fix packet drop as of virtio gso
    - net: dsa: bcm_sf2: Fix unbind ordering
    - net/mlx5e: Set vlan masks for all offloaded TC rules
    - net: aquantia: memory corruption on jumbo frames
    - net/mlx5: E-Switch, Fix out of bound access when setting vport rate
    - bonding: pass link-local packets to bonding master also.
    - bonding: fix warning message
    - net: stmmac: Rework coalesce timer and fix multi-queue races
    - nfp: avoid soft lockups under control message storm
    - bnxt_en: don't try to offload VLAN 'modify' action
    - net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN
    - net: phy: phylink: fix SFP interface autodetection
    - sfp: fix oops with ethtool -m
    - tcp/dccp: fix lockdep issue when SYN is backlogged
    - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
    - net: dsa: b53: Keep CPU port as tagged in all VLANs
    - rtnetlink: Fail dump if target netnsid is invalid
    - bnxt_en: Fix VNIC reservations on the PF.
    - net: ipv4: don't let PMTU updates increase route MTU
    - net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ
    - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request
    - bnxt_en: get the reduced max_irqs by the ones used by RDMA
    - net/ipv6: Remove extra call to ip6_convert_metrics for multipath case
    - net/ipv6: stop leaking percpu memory in fib6 info
    - net: mscc: fix the frame extraction into the skb
    - qed: Fix shmem structure inconsistency between driver and the mfw.
    - r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO
    - r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips
    - vxlan: fill ttl inherit info
    - ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs
    - ASoC: max98373: Added speaker FS gain cotnrol register to volatile.
    - ASoC: rt5514: Fix the issue of the delay volume applied again
    - selftests: android: move config up a level
    - selftests: kselftest: Remove outdated comment
    - ASoC: max98373: Added 10ms sleep after amp software reset
    - ASoC: wm8804: Add ACPI support
    - ASoC: sigmadsp: safeload should not have lower byte limit
    - ASoC: q6routing: initialize data correctly
    - selftests: add headers_install to lib.mk
    - selftests/efivarfs: add required kernel configs
    - selftests: memory-hotplug: add required configs
    - ASoC: rsnd: adg: care clock-frequency size
    - ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER
    - hwmon: (nct6775) Fix access to fan pulse registers
    - Fix cg_read_strcmp()
    - ASoC: AMD: Ensure reset bit is cleared before configuring
    - drm/pl111: Make sure of_device_id tables are NULL terminated
    - Bluetooth: SMP: Fix trying to use non-existent local OOB data
    - Bluetooth: Use correct tfm to generate OOB data
    - Bluetooth: hci_ldisc: Free rw_semaphore on close
    - mfd: omap-usb-host: Fix dts probe of children
    - KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size
    - scsi: iscsi: target: Don't use stack buffer for scatterlist
    - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted()
    - sound: enable interrupt after dma buffer initialization
    - sound: don't call skl_init_chip() to reset intel skl soc
    - bpf: btf: Fix end boundary calculation for type section
    - bpf: use __GFP_COMP while allocating page
    - hwmon: (nct6775) Fix virtual temperature sources for NCT6796D
    - hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D
    - stmmac: fix valid numbers of unicast filter entries
    - hwmon: (nct6775) Use different register to get fan RPM for fan7
    - net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency
    - net: macb: disable scatter-gather for macb on sama5d3
    - ARM: dts: at91: add new compatibility string for macb on sama5d3
    - PCI: hv: support reporting serial number as slot information
    - clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail
    - clk: x86: Stop marking clocks as CLK_IS_CRITICAL
    - pinctrl: cannonlake: Fix gpio base for GPP-E
    - x86/kvm/lapic: always disable MMIO interface in x2APIC mode
    - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
    - drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9
    - drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs
    - mm: slowly shrink slabs with a relatively small number of objects
    - mm/vmstat.c: fix outdated vmstat_text
    - afs: Fix afs_server struct leak
    - afs: Fix clearance of reply
    - MIPS: Fix CONFIG_CMDLINE handling
    - MIPS: VDSO: Always map near top of user memory
    - mach64: detect the dot clock divider correctly on sparc
    - vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced
      pointers
    - percpu: stop leaking bitmap metadata blocks
    - perf script python: Fix export-to-postgresql.py occasional failure
    - perf script python: Fix export-to-sqlite.py sample columns
    - s390/cio: Fix how vfio-ccw checks pinned pages
    - dm cache: destroy migration_cache if cache target registration failed
    - dm: fix report zone remapping to account for partition offset
    - dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled
    - dm linear: fix linear_end_io conditional definition
    - cgroup: Fix dom_cgrp propagation when enabling threaded mode
    - Input: xpad - add support for Xbox1 PDP Camo series gamepad
    - drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect()
    - mmc: block: avoid multiblock reads for the last sector in SPI mode
    - pinctrl: mcp23s08: fix irq and irqchip setup order
    - arm64: perf: Reject stand-alone CHAIN events for PMUv3
    - mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE
    - mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2
    - filesystem-dax: Fix dax_layout_busy_page() livelock
    - mm: Preserve _PAGE_DEVMAP across mprotect() calls
    - i2c: i2c-scmi: fix for i2c_smbus_write_block_data
    - KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault
    - Linux 4.18.15
  * Cosmic update: 4.18.14 upstream stable release (LP: #1801986)
    - perf/core: Add sanity check to deal with pinned event failure
    - mm: migration: fix migration of huge PMD shared pages
    - mm, thp: fix mlocking THP page with migration enabled
    - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
    - KVM: VMX: check for existence of secondary exec controls before accessing
    - blk-mq: I/O and timer unplugs are inverted in blktrace
    - pstore/ram: Fix failure-path memory leak in ramoops_init
    - clocksource/drivers/timer-atmel-pit: Properly handle error cases
    - fbdev/omapfb: fix omapfb_memory_read infoleak
    - mmc: core: Fix debounce time to use microseconds
    - mmc: slot-gpio: Fix debounce time to use miliseconds again
    - mac80211: allocate TXQs for active monitor interfaces
    - drm/amdgpu: Fix vce work queue was not cancelled when suspend
    - drm: fix use-after-free read in drm_mode_create_lease_ioctl()
    - x86/vdso: Fix asm constraints on vDSO syscall fallbacks
    - selftests/x86: Add clock_gettime() tests to test_vdso
    - x86/vdso: Only enable vDSO retpolines when enabled and supported
    - x86/vdso: Fix vDSO syscall fallback asm constraint regression
    - Revert "UBUNTU: SAUCE: PCI: Reprogram bridge prefetch registers on resume"
    - PCI: Reprogram bridge prefetch registers on resume
    - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
    - PM / core: Clear the direct_complete flag on errors
    - dm mpath: fix attached_handler_name leak and dangling hw_handler_name
      pointer
    - dm cache metadata: ignore hints array being too small during resize
    - dm cache: fix resize crash if user doesn't reload cache table
    - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
    - usb: xhci-mtk: resume USB3 roothub first
    - USB: serial: simple: add Motorola Tetra MTP6550 id
    - USB: serial: option: improve Quectel EP06 detection
    - USB: serial: option: add two-endpoints device-id flag
    - usb: cdc_acm: Do not leak URB buffers
    - tty: Drop tty->count on tty_reopen() failure
    - of: unittest: Disable interrupt node tests for old world MAC systems
    - powerpc: Avoid code patching freed init sections
    - powerpc/lib: fix book3s/32 boot failure due to code patching
    - ARC: clone syscall to setp r25 as thread pointer
    - f2fs: fix invalid memory access
    - tipc: call start and done ops directly in __tipc_nl_compat_dumpit()
    - ucma: fix a use-after-free in ucma_resolve_ip()
    - ubifs: Check for name being NULL while mounting
    - rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead
    - ath10k: fix scan crash due to incorrect length calculation
    - Linux 4.18.14
  * Cosmic update: 4.18.13 upstream stable release (LP: #1801931)
    - rseq/selftests: fix parametrized test with -fpie
    - mac80211: Run TXQ teardown code before de-registering interfaces
    - mac80211_hwsim: require at least one channel
    - Btrfs: fix unexpected failure of nocow buffered writes after snapshotting
      when low on space
    - KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
    - cfg80211: remove division by size of sizeof(struct ieee80211_wmm_rule)
    - btrfs: btrfs_shrink_device should call commit transaction at the end
    - scsi: csiostor: add a check for NULL pointer after kmalloc()
    - scsi: csiostor: fix incorrect port capabilities
    - scsi: libata: Add missing newline at end of file
    - scsi: aacraid: fix a signedness bug
    - bpf, sockmap: fix potential use after free in bpf_tcp_close
    - bpf, sockmap: fix psock refcount leak in bpf_tcp_recvmsg
    - bpf: sockmap, decrement copied count correctly in redirect error case
    - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
    - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
    - cfg80211: make wmm_rule part of the reg_rule structure
    - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
    - nl80211: Fix nla_put_u8 to u16 for NL80211_WMMR_TXOP
    - nl80211: Pass center frequency in kHz instead of MHz
    - bpf: fix several offset tests in bpf_msg_pull_data
    - gpio: adp5588: Fix sleep-in-atomic-context bug
    - mac80211: mesh: fix HWMP sequence numbering to follow standard
    - mac80211: avoid kernel panic when building AMSDU from non-linear SKB
    - gpiolib: acpi: Switch to cansleep version of GPIO library call
    - gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
    - gpio: dwapb: Fix error handling in dwapb_gpio_probe()
    - bpf: fix msg->data/data_end after sg shift repair in bpf_msg_pull_data
    - bpf: fix shift upon scatterlist ring wrap-around in bpf_msg_pull_data
    - bpf: fix sg shift repair start offset in bpf_msg_pull_data
    - tipc: switch to rhashtable iterator
    - sh_eth: Add R7S9210 support
    - net: mvpp2: initialize port of_node pointer
    - tc-testing: add test-cases for numeric and invalid control action
    - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
    - mac80211: do not convert to A-MSDU if frag/subframe limited
    - mac80211: always account for A-MSDU header changes
    - tools/kvm_stat: fix python3 issues
    - tools/kvm_stat: fix handling of invalid paths in debugfs provider
    - tools/kvm_stat: fix updates for dead guests
    - gpio: Fix crash due to registration race
    - ARC: atomics: unbork atomic_fetch_##op()
    - Revert "blk-throttle: fix race between blkcg_bio_issue_check() and
      cgroup_rmdir()"
    - md/raid5-cache: disable reshape completely
    - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
    - selftests: pmtu: maximum MTU for vti4 is 2^16-1-20
    - selftests: pmtu: detect correct binary to ping ipv6 addresses
    - ibmvnic: Include missing return code checks in reset function
    - bpf: Fix bpf_msg_pull_data()
    - bpf: avoid misuse of psock when TCP_ULP_BPF collides with another ULP
    - i2c: uniphier: issue STOP only for last message or I2C_M_STOP
    - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
    - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
    - fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
    - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation
    - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
    - mac80211: fix WMM TXOP calculation
    - mac80211: fix a race between restart and CSA flows
    - mac80211: Fix station bandwidth setting after channel switch
    - mac80211: don't Tx a deauth frame if the AP forbade Tx
    - mac80211: shorten the IBSS debug messages
    - fsnotify: fix ignore mask logic in fsnotify()
    - net/ibm/emac: wrong emac_calc_base call was used by typo
    - nds32: fix logic for module
    - nds32: add NULL entry to the end of_device_id array
    - nds32: Fix empty call trace
    - nds32: Fix get_user/put_user macro expand pointer problem
    - nds32: fix build error because of wrong semicolon
    - tools/vm/slabinfo.c: fix sign-compare warning
    - tools/vm/page-types.c: fix "defined but not used" warning
    - nds32: linker script: GCOV kernel may refers data in __exit
    - ceph: avoid a use-after-free in ceph_destroy_options()
    - firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero
    - afs: Fix cell specification to permit an empty address list
    - mm: madvise(MADV_DODUMP): allow hugetlbfs pages
    - bpf: 32-bit RSH verification must truncate input before the ALU op
    - netfilter: xt_cluster: add dependency on conntrack module
    - netfilter: xt_checksum: ignore gso skbs
    - HID: intel-ish-hid: Enable Sunrise Point-H ish driver
    - HID: add support for Apple Magic Keyboards
    - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
    - HID: hid-saitek: Add device ID for RAT 7 Contagion
    - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
      fails
    - scsi: iscsi: target: Fix conn_ops double free
    - scsi: qedi: Add the CRC size within iSCSI NVM image
    - perf annotate: Properly interpret indirect call
    - perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx()
    - perf util: Fix bad memory access in trace info.
    - perf probe powerpc: Ignore SyS symbols irrespective of endianness
    - perf annotate: Fix parsing aarch64 branch instructions after objdump update
    - netfilter: kconfig: nat related expression depend on nftables core
    - netfilter: nf_tables: release chain in flushing set
    - Revert "iio: temperature: maxim_thermocouple: add MAX31856 part"
    - iio: imu: st_lsm6dsx: take into account ts samples in wm configuration
    - RDMA/ucma: check fd type in ucma_migrate_id()
    - riscv: Do not overwrite initrd_start and initrd_end
    - HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report
    - usb: host: xhci-plat: Iterate over parent nodes for finding quirks
    - USB: yurex: Check for truncation in yurex_read()
    - nvmet-rdma: fix possible bogus dereference under heavy load
    - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces
    - net/mlx5: Consider PCI domain in search for next dev
    - dm raid: fix reshape race on small devices
    - drm/nouveau: fix oops in client init failure path
    - drm/nouveau/mmu: don't attempt to dereference vmm without valid instance
      pointer
    - drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
    - drm/nouveau/disp: fix DP disable race
    - drm/nouveau/disp/gm200-: enforce identity-mapped SOR assignment for LVDS/eDP
      panels
    - dm raid: fix stripe adding reshape deadlock
    - dm raid: fix rebuild of specific devices by updating superblock
    - dm raid: fix RAID leg rebuild errors
    - r8169: set TxConfig register after TX / RX is enabled, just like RxConfig
    - fs/cifs: suppress a string overflow warning
    - perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing
      CPUs
    - sched/topology: Set correct NUMA topology type
    - dm thin metadata: try to avoid ever aborting transactions
    - netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT
    - netfilter: xt_hashlimit: use s->file instead of s->private
    - arch/hexagon: fix kernel/dma.c build warning
    - hexagon: modify ffs() and fls() to return int
    - drm/amdgpu: Fix SDMA hang in prt mode v2
    - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
    - drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
    - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
    - s390/qeth: don't dump past end of unknown HW header
    - cifs: read overflow in is_valid_oplock_break()
    - asm-generic: io: Fix ioport_map() for !CONFIG_GENERIC_IOMAP &&
      CONFIG_INDIRECT_PIO
    - xen/manage: don't complain about an empty value in control/sysrq node
    - xen: avoid crash in disable_hotplug_cpu
    - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
    - x86/APM: Fix build warning when PROC_FS is not enabled
    - new primitive: discard_new_inode()
    - vfs: don't evict uninitialized inode
    - ovl: set I_CREATING on inode being created
    - ovl: fix access beyond unterminated strings
    - ovl: fix memory leak on unlink of indexed file
    - ovl: fix format of setxattr debug
    - sysfs: Do not return POSIX ACL xattrs via listxattr
    - b43: fix DMA error related regression with proprietary firmware
    - firmware: Fix security issue with request_firmware_into_buf()
    - firmware: Always initialize the fw_priv list object
    - cpufreq: qcom-kryo: Fix section annotations
    - smb2: fix missing files in root share directory listing
    - iommu/amd: Clear memory encryption mask from physical address
    - crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
    - crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
    - crypto: mxs-dcp - Fix wait logic on chan threads
    - crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic
    - gpiolib: Free the last requested descriptor
    - Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()
    - tools: hv: fcopy: set 'error' in case an unknown operation was requested
    - proc: restrict kernel stack dumps to root
    - ocfs2: fix locking for res->tracking and dlm->tracking_list
    - HID: i2c-hid: disable runtime PM operations on hantick touchpad
    - ixgbe: check return value of napi_complete_done()
    - dm thin metadata: fix __udivdi3 undefined on 32-bit
    - Revert "drm/amd/pp: Send khz clock values to DC for smu7/8"
    - Linux 4.18.13
  * Volume control not working Dell XPS 27 (7760) (LP: #1775068) // Cosmic
    update: 4.18.13 upstream stable release (LP: #1801931)
    - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
  * [Bionic][Cosmic]  ipmi: Fix timer race with module unload (LP: #1799281)
    - ipmi: Fix timer race with module unload
  * [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater
    than 255 bytes (LP: #1799794)
    - ipmi:ssif: Add support for multi-part transmit messages > 2 parts
  * 18.10 kernel does not appear to validate kernel module signatures correctly
    (LP: #1798863) // CVE-2018-18653
    - SAUCE: (efi-lockdown) module: remove support for deferring module signature
      verification to IMA
  * 18.10 kernel does not appear to validate kernel module signatures correctly
    (LP: #1798863)
    - SAUCE: (efi-lockdown) module: trust keys from secondary keyring for module
      signing
  * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639)
    - net/af_iucv: drop inbound packets with invalid flags
    - net/af_iucv: fix skb handling on HiperTransport xmit error
  * Power consumption during s2idle is higher than long idle(sk hynix)
    (LP: #1801875)
    - SAUCE: pci: prevent sk hynix nvme from entering D3
    - SAUCE: nvme: add quirk to not call disable function when suspending
  * NULL pointer dereference at 0000000000000020 when access
    dst_orig->ops->family in function  xfrm_lookup_with_ifid() (LP: #1801878)
    - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
  * hns3: map tx ring to tc (LP: #1802023)
    - net: hns3: Set tx ring' tc info when netdev is up
  * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641)
    - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
    - s390: qeth: Fix potential array overrun in cmd/rc lookup
  * Mellanox CX5 stops pinging with rx_wqe_err (mlx5_core) (LP: #1799393)
    - net/mlx5: WQ, fixes for fragmented WQ buffers API
  * Vulkan applications cause permanent memory leak with Intel GPU
    (LP: #1798165)
    - drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

 -- Khalid Elmously <email address hidden>  Wed, 14 Nov 2018 22:39:54 -0500

Available diffs

Published in xenial-updates on 2018-12-03
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1038.44) xenial; urgency=medium

  * linux-kvm: 4.4.0-1038.44 -proposed tracker (LP: #1802786)

  [ Ubuntu: 4.4.0-140.166 ]

  * linux: 4.4.0-140.166 -proposed tracker (LP: #1802776)
  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks
  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()
  * xenial guest on arm64 drops to busybox under openstack bionic-rocky
    (LP: #1797092)
    - [Config] CONFIG_PCI_ECAM=y
    - PCI: Provide common functions for ECAM mapping
    - PCI: generic, thunder: Use generic ECAM API
    - PCI, of: Move PCI I/O space management to PCI core code
    - PCI: Move ecam.h to linux/include/pci-ecam.h
    - PCI: Add parent device field to ECAM struct pci_config_window
    - PCI: Add pci_unmap_iospace() to unmap I/O resources
    - PCI/ACPI: Support I/O resources when parsing host bridge resources
    - [Config] CONFIG_ACPI_MCFG=y
    - PCI/ACPI: Add generic MCFG table handling
    - PCI: Refactor pci_bus_assign_domain_nr() for CONFIG_PCI_DOMAINS_GENERIC
    - PCI: Factor DT-specific pci_bus_find_domain_nr() code out
    - ARM64: PCI: Add acpi_pci_bus_find_domain_nr()
    - ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT
      code
    - ARM64: PCI: Support ACPI-based PCI host controller
  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
    - x86/speculation: Support Enhanced IBRS on future CPUs
  * Update ENA driver to version 2.0.1K (LP: #1798182)
    - net: ena: remove ndo_poll_controller
    - net: ena: fix warning in rmmod caused by double iounmap
    - net: ena: fix rare bug when failed restart/resume is followed by driver
      removal
    - net: ena: fix NULL dereference due to untimely napi initialization
    - net: ena: fix auto casting to boolean
    - net: ena: minor performance improvement
    - net: ena: complete host info to match latest ENA spec
    - net: ena: introduce Low Latency Queues data structures according to ENA spec
    - net: ena: add functions for handling Low Latency Queues in ena_com
    - net: ena: add functions for handling Low Latency Queues in ena_netdev
    - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
    - net: ena: explicit casting and initialization, and clearer error handling
    - net: ena: limit refill Rx threshold to 256 to avoid latency issues
    - net: ena: change rx copybreak default to reduce kernel memory pressure
    - net: ena: remove redundant parameter in ena_com_admin_init()
    - net: ena: update driver version to 2.0.1
    - net: ena: fix indentations in ena_defs for better readability
    - net: ena: Fix Kconfig dependency on X86
    - net: ena: enable Low Latency Queues
    - net: ena: fix compilation error in xtensa architecture
  * Xenial update: 4.4.162 upstream stable release (LP: #1801900)
    - ASoC: wm8804: Add ACPI support
    - ASoC: sigmadsp: safeload should not have lower byte limit
    - selftests/efivarfs: add required kernel configs
    - mfd: omap-usb-host: Fix dts probe of children
    - sound: enable interrupt after dma buffer initialization
    - stmmac: fix valid numbers of unicast filter entries
    - net: macb: disable scatter-gather for macb on sama5d3
    - ARM: dts: at91: add new compatibility string for macb on sama5d3
    - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
    - ext4: add corruption check in ext4_xattr_set_entry()
    - mm/vmstat.c: fix outdated vmstat_text
    - mach64: detect the dot clock divider correctly on sparc
    - perf script python: Fix export-to-postgresql.py occasional failure
    - i2c: i2c-scmi: fix for i2c_smbus_write_block_data
    - xhci: Don't print a warning when setting link state for disabled ports
    - jffs2: return -ERANGE when xattr buffer is too small
    - bnxt_en: Fix TX timeout during netpoll.
    - bonding: avoid possible dead-lock
    - ip6_tunnel: be careful when accessing the inner header
    - ip_tunnel: be careful when accessing the inner header
    - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
    - net: ipv4: update fnhe_pmtu when first hop's MTU changes
    - net/ipv6: Display all addresses in output of /proc/net/if_inet6
    - netlabel: check for IPV4MASK in addrinfo_get
    - net/usb: cancel pending work when unbinding smsc75xx
    - qlcnic: fix Tx descriptor corruption on 82xx devices
    - team: Forbid enslaving team device to itself
    - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
    - net: systemport: Fix wake-up interrupt race during resume
    - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
    - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch
    - x86/fpu: Remove use_eager_fpu()
    - x86/fpu: Remove struct fpu::counter
    - x86/fpu: Finish excising 'eagerfpu'
    - media: af9035: prevent buffer overflow on write
    - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-
      am43 SoCs
    - Input: atakbd - fix Atari keymap
    - Input: atakbd - fix Atari CapsLock behaviour
    - net/mlx4: Use cpumask_available for eq->affinity_mask
    - powerpc/tm: Fix userspace r13 corruption
    - powerpc/tm: Avoid possible userspace r1 corruption on reclaim
    - ARC: build: Get rid of toolchain check
    - usb: gadget: serial: fix oops when data rx'd after close
    - HV: properly delay KVP packets when negotiation is in progress
    - Linux 4.4.162
  * Xenial update: 4.4.161 upstream stable release (LP: #1801893)
    - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
    - fbdev/omapfb: fix omapfb_memory_read infoleak
    - x86/vdso: Fix asm constraints on vDSO syscall fallbacks
    - x86/vdso: Fix vDSO syscall fallback asm constraint regression
    - PCI: Reprogram bridge prefetch registers on resume
    - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
    - PM / core: Clear the direct_complete flag on errors
    - dm cache: fix resize crash if user doesn't reload cache table
    - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
    - USB: serial: simple: add Motorola Tetra MTP6550 id
    - of: unittest: Disable interrupt node tests for old world MAC systems
    - ext4: always verify the magic number in xattr blocks
    - cgroup: Fix deadlock in cpu hotplug path
    - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
    - ARC: clone syscall to setp r25 as thread pointer
    - ucma: fix a use-after-free in ucma_resolve_ip()
    - ubifs: Check for name being NULL while mounting
    - tcp: increment sk_drops for dropped rx packets
    - tcp: use an RB tree for ooo receive queue
    - tcp: fix a stale ooo_last_skb after a replace
    - tcp: free batches of packets in tcp_prune_ofo_queue()
    - tcp: call tcp_drop() from tcp_data_queue_ofo()
    - tcp: add tcp_ooo_try_coalesce() helper
    - ath10k: fix scan crash due to incorrect length calculation
    - ebtables: arpreply: Add the standard target sanity check
    - Linux 4.4.161
  * mlock203 test in ubuntu_ltp_syscalls failed with Xenial kernel
    (LP: #1793451)
    - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,
      MLOCK_ONFAULT)
  * execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729)
    - cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
  * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639)
    - net/af_iucv: drop inbound packets with invalid flags
    - net/af_iucv: fix skb handling on HiperTransport xmit error
  * NULL pointer dereference at 0000000000000020 when access
    dst_orig->ops->family in function  xfrm_lookup_with_ifid() (LP: #1801878)
    - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
  * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641)
    - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
    - s390: qeth: Fix potential array overrun in cmd/rc lookup
  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

 -- Khalid Elmously <email address hidden>  Tue, 13 Nov 2018 17:17:34 -0500

Available diffs

Published in xenial-security on 2018-11-13
Superseded in xenial-updates on 2018-12-03
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1037.43) xenial; urgency=medium

  * linux-kvm: 4.4.0-1037.43 -proposed tracker (LP: #1799408)

  [ Ubuntu: 4.4.0-139.165 ]

  * linux: 4.4.0-139.165 -proposed tracker (LP: #1799401)
  * Kernel panic after the ubuntu_nbd_smoke_test on Xenial kernel (LP: #1793464)
    - nbd: Remove signal usage
    - nbd: Timeouts are not user requested disconnects
    - nbd: Cleanup reset of nbd and bdev after a disconnect
    - nbd: don't shutdown sock with irq's disabled
    - nbd: fix race in ioctl
  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages
  * xenial: virtio-scsi: CPU soft lockup due to loop in
    virtscsi_target_destroy() (LP: #1798110)
    - SAUCE: (no-up) virtio-scsi: Decrement reqs counter before SCSI command
      requeue
  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu26
  * Xenial update: 4.4.160 upstream stable release (LP: #1798770)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - tsl2550: fix lux1_input error in low light
    - vmci: type promotion bug in qp_host_get_user_memory()
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - md-cluster: clear another node's suspend_area after the copy is finished
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - x86/tsc: Add missing header to tsc_msr.c
    - x86/entry/64: Add two more instruction suffixes
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - usb: wusbcore: security: cast sizeof to int for comparison
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - ALSA: snd-aoa: add of_node_put() in error path
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - staging: android: ashmem: Fix mmap size validation
    - drivers/tty: add error handling for pcmcia_loop_config
    - media: tm6000: add error handling for dvb_register_adapter
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
    - ARM: mvebu: declare asm symbols as character arrays in pmsu.c
    - HID: hid-ntrig: add error handling for sysfs_create_group
    - scsi: bnx2i: add error handling for ioremap_nocache
    - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
    - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
    - module: exclude SHN_UNDEF symbols from kallsyms api
    - nfsd: fix corrupted reply to badly ordered compound
    - ARM: dts: dra7: fix DCAN node addresses
    - serial: cpm_uart: return immediately from console poll
    - spi: tegra20-slink: explicitly enable/disable clock
    - spi: sh-msiof: Fix invalid SPI use during system suspend
    - spi: sh-msiof: Fix handling of write value for SISTR register
    - spi: rspi: Fix invalid SPI use during system suspend
    - spi: rspi: Fix interrupted DMA transfers
    - USB: fix error handling in usb_driver_claim_interface()
    - USB: handle NULL config in usb_find_alt_setting()
    - slub: make ->cpu_partial unsigned int
    - Revert "UBUNTU: SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device"
    - media: uvcvideo: Support realtek's UVC 1.5 device
    - USB: usbdevfs: sanitize flags more
    - USB: usbdevfs: restore warning for nonsensical flags
    - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()"
    - USB: remove LPM management from usb_driver_claim_interface()
    - Input: elantech - enable middle button of touchpad on ThinkPad P72
    - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
    - scsi: target: iscsi: Use bin2hex instead of a re-implementation
    - serial: imx: restore handshaking irq for imx1
    - arm64: KVM: Tighten guest core register access from userspace
    - ext4: never move the system.data xattr out of the inode body
    - thermal: of-thermal: disable passive polling when thermal zone is disabled
    - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
    - e1000: check on netif_running() before calling e1000_up()
    - e1000: ensure to free old tx/rx rings in set_ringparam()
    - hwmon: (ina2xx) fix sysfs shunt resistor read access
    - hwmon: (adt7475) Make adt7475_read_word() return errors
    - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
    - arm64: cpufeature: Track 32bit EL0 support
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace
    - media: v4l: event: Prevent freeing event subscriptions while accessed
    - KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
    - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
    - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
    - gpio: adp5588: Fix sleep-in-atomic-context bug
    - mac80211: mesh: fix HWMP sequence numbering to follow standard
    - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
    - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
    - i2c: uniphier: issue STOP only for last message or I2C_M_STOP
    - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
    - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
    - fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
    - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
    - mac80211: fix a race between restart and CSA flows
    - mac80211: Fix station bandwidth setting after channel switch
    - mac80211: shorten the IBSS debug messages
    - tools/vm/slabinfo.c: fix sign-compare warning
    - tools/vm/page-types.c: fix "defined but not used" warning
    - mm: madvise(MADV_DODUMP): allow hugetlbfs pages
    - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
    - perf probe powerpc: Ignore SyS symbols irrespective of endianness
    - RDMA/ucma: check fd type in ucma_migrate_id()
    - USB: yurex: Check for truncation in yurex_read()
    - drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
    - fs/cifs: suppress a string overflow warning
    - dm thin metadata: try to avoid ever aborting transactions
    - arch/hexagon: fix kernel/dma.c build warning
    - hexagon: modify ffs() and fls() to return int
    - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
    - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
    - s390/qeth: don't dump past end of unknown HW header
    - cifs: read overflow in is_valid_oplock_break()
    - xen/manage: don't complain about an empty value in control/sysrq node
    - xen: avoid crash in disable_hotplug_cpu
    - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
    - smb2: fix missing files in root share directory listing
    - crypto: mxs-dcp - Fix wait logic on chan threads
    - proc: restrict kernel stack dumps to root
    - ocfs2: fix locking for res->tracking and dlm->tracking_list
    - dm thin metadata: fix __udivdi3 undefined on 32-bit
    - Linux 4.4.160
  * Volume control not working Dell XPS 27 (7760) (LP: #1775068) // Xenial
    update: 4.4.160 upstream stable release (LP: #1798770)
    - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
  * Xenial update: 4.4.160 upstream stable release (LP: #1798770) //
    CVE-2018-7755
    - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
  * Xenial update: 4.4.159 upstream stable release (LP: #1798617)
    - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
    - NFC: Fix the number of pipes
    - ASoC: cs4265: fix MMTLR Data switch control
    - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
      streaming DMA mapping
    - ALSA: emu10k1: fix possible info leak to userspace on
      SNDRV_EMU10K1_IOCTL_INFO
    - platform/x86: alienware-wmi: Correct a memory leak
    - xen/netfront: don't bug in case of too many frags
    - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
    - ring-buffer: Allow for rescheduling when removing pages
    - mm: shmem.c: Correctly annotate new inodes for lockdep
    - gso_segment: Reset skb->mac_len after modifying network header
    - ipv6: fix possible use-after-free in ip6_xmit()
    - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
    - net: hp100: fix always-true check for link up state
    - neighbour: confirm neigh entries when ARP packet is received
    - ocfs2: fix ocfs2 read block panic
    - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
    - tty: vt_ioctl: fix potential Spectre v1
    - ext4: avoid divide by zero fault when deleting corrupted inline directories
    - ext4: recalucate superblock checksum after updating free blocks/inodes
    - ext4: fix online resize's handling of a too-small final block group
    - ext4: fix online resizing for bigalloc file systems with a 1k block size
    - ext4: don't mark mmp buffer head dirty
    - arm64: Add trace_hardirqs_off annotation in ret_to_user
    - HID: sony: Update device ids
    - HID: sony: Support DS4 dongle
    - iw_cxgb4: only allow 1 flush on user qps
    - Linux 4.4.159
  * Xenial update: 4.4.158 upstream stable release (LP: #1798587)
    - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
    - ALSA: msnd: Fix the default sample sizes
    - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
    - xfrm: fix 'passing zero to ERR_PTR()' warning
    - gfs2: Special-case rindex for gfs2_grow
    - clk: imx6ul: fix missing of_node_put()
    - kbuild: add .DELETE_ON_ERROR special target
    - dmaengine: pl330: fix irq race with terminate_all
    - MIPS: ath79: fix system restart
    - media: videobuf2-core: check for q->error in vb2_core_qbuf()
    - mtd/maps: fix solutionengine.c printk format warnings
    - fbdev: omapfb: off by one in omapfb_register_client()
    - video: goldfishfb: fix memory leak on driver remove
    - fbdev/via: fix defined but not used warning
    - perf powerpc: Fix callchain ip filtering when return address is in a
      register
    - fbdev: Distinguish between interlaced and progressive modes
    - ARM: exynos: Clear global variable on init error path
    - perf powerpc: Fix callchain ip filtering
    - powerpc/powernv: opal_put_chars partial write fix
    - MIPS: jz4740: Bump zload address
    - mac80211: restrict delayed tailroom needed decrement
    - xen-netfront: fix queue name setting
    - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
    - s390/qeth: fix race in used-buffer accounting
    - s390/qeth: reset layer2 attribute on layer switch
    - platform/x86: toshiba_acpi: Fix defined but not used build warnings
    - crypto: sharah - Unregister correct algorithms for SAHARA 3
    - xen-netfront: fix warn message as irq device name has '/'
    - RDMA/cma: Protect cma dev list with lock
    - pstore: Fix incorrect persistent ram buffer mapping
    - xen/netfront: fix waiting for xenbus state change
    - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
    - Tools: hv: Fix a bug in the key delete code
    - misc: hmc6352: fix potential Spectre v1
    - usb: Don't die twice if PCI xhci host is not responding in resume
    - USB: Add quirk to support DJI CineSSD
    - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
    - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
    - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
    - USB: net2280: Fix erroneous synchronization change
    - USB: serial: io_ti: fix array underflow in completion handler
    - usb: misc: uss720: Fix two sleep-in-atomic-context bugs
    - USB: yurex: Fix buffer over-read in yurex_write()
    - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()
    - cifs: prevent integer overflow in nxt_dir_entry()
    - CIFS: fix wrapping bugs in num_entries()
    - binfmt_elf: Respect error return from `regset->active'
    - audit: fix use-after-free in audit_add_watch
    - mtdchar: fix overflows in adjustment of `count`
    - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
    - ARM: hisi: handle of_iomap and fix missing of_node_put
    - ARM: hisi: fix error handling and missing of_node_put
    - ARM: hisi: check of_iomap and fix missing of_node_put
    - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
    - parport: sunbpp: fix error return code
    - coresight: Handle errors in finding input/output ports
    - coresight: tpiu: Fix disabling timeouts
    - gpiolib: Mark gpio_suffixes array with __maybe_unused
    - drm/amdkfd: Fix error codes in kfd_get_process
    - rtc: bq4802: add error handling for devm_ioremap
    - ALSA: pcm: Fix snd_interval_refine first/last with open min/max
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress
    - drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
    - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant
    - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
    - mei: bus: type promotion bug in mei_nfc_if_version()
    - drivers: net: cpsw: fix segfault in case of bad phy-handle
    - MIPS: VDSO: Match data page cache colouring when D$ aliases
    - Linux 4.4.158
  * Xenial update: 4.4.157 upstream stable release (LP: #1798539)
    - i2c: xiic: Make the start and the byte count write atomic
    - i2c: i801: fix DNV's SMBCTRL register offset
    - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
    - cfq: Give a chance for arming slice idle timer in case of group_idle
    - kthread: Fix use-after-free if kthread fork fails
    - kthread: fix boot hang (regression) on MIPS/OpenRISC
    - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
    - staging/rts5208: Fix read overflow in memcpy
    - block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
    - locking/rwsem-xadd: Fix missed wakeup due to reordering of load
    - selinux: use GFP_NOWAIT in the AVC kmem_caches
    - locking/osq_lock: Fix osq_lock queue corruption
    - ARC: [plat-axs*]: Enable SWAP
    - misc: mic: SCIF Fix scif_get_new_port() error handling
    - ethtool: Remove trailing semicolon for static inline
    - gpio: tegra: Move driver registration to subsys_init level
    - scsi: target: fix __transport_register_session locking
    - md/raid5: fix data corruption of replacements after originals dropped
    - misc: ti-st: Fix memory leak in the error path of probe()
    - uio: potential double frees if __uio_register_device() fails
    - tty: rocket: Fix possible buffer overwrite on register_PCI
    - f2fs: do not set free of current section
    - perf tools: Allow overriding MAX_NR_CPUS at compile time
    - NFSv4.0 fix client reference leak in callback
    - macintosh/via-pmu: Add missing mmio accessors
    - ath10k: prevent active scans on potential unusable channels
    - MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
    - ata: libahci: Correct setting of DEVSLP register
    - scsi: 3ware: fix return 0 on the error path of probe
    - ath10k: disable bundle mgmt tx completion event support
    - Bluetooth: hidp: Fix handling of strncpy for hid->name information
    - x86/mm: Remove in_nmi() warning from vmalloc_fault()
    - gpio: ml-ioh: Fix buffer underwrite on probe error path
    - net: mvneta: fix mtu change on port without link
    - MIPS: Octeon: add missing of_node_put()
    - net: dcb: For wild-card lookups, use priority -1, not 0
    - Input: atmel_mxt_ts - only use first T9 instance
    - iommu/ipmmu-vmsa: Fix allocation in atomic context
    - mfd: ti_am335x_tscadc: Fix struct clk memory leak
    - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
    - MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
    - RDMA/cma: Do not ignore net namespace for unbound cm_id
    - xhci: Fix use-after-free in xhci_free_virt_device
    - vmw_balloon: include asm/io.h
    - netfilter: x_tables: avoid stack-out-of-bounds read in
      xt_copy_counters_from_user
    - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac
      config
    - net: ethernet: ti: cpsw: fix mdio device reference leak
    - ethernet: ti: davinci_emac: add missing of_node_put after calling
      of_parse_phandle
    - crypto: vmx - Fix sleep-in-atomic bugs
    - mtd: ubi: wl: Fix error return code in ubi_wl_init()
    - autofs: fix autofs_sbi() does not check super block type
    - Linux 4.4.157
  * Xenial update: 4.4.156 upstream stable release (LP: #1797563)
    - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free
    - net: bcmgenet: use MAC link status for fixed phy
    - qlge: Fix netdev features configuration.
    - tcp: do not restart timewait timer on rst reception
    - vti6: remove !skb->ignore_df check from vti6_xmit()
    - cifs: check if SMB2 PDU size has been padded and suppress the warning
    - hfsplus: don't return 0 when fill_super() failed
    - hfs: prevent crash on exit from failed search
    - fork: don't copy inconsistent signal handler state to child
    - reiserfs: change j_timestamp type to time64_t
    - hfsplus: fix NULL dereference in hfsplus_lookup()
    - fat: validate ->i_start before using
    - scripts: modpost: check memory allocation results
    - mm/fadvise.c: fix signed overflow UBSAN complaint
    - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
    - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
    - mfd: sm501: Set coherent_dma_mask when creating subdevices
    - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
    - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
    - net/9p: fix error path of p9_virtio_probe
    - powerpc: Fix size calculation using resource_size()
    - s390/dasd: fix hanging offline processing due to canceled worker
    - scsi: aic94xx: fix an error code in aic94xx_init()
    - PCI: mvebu: Fix I/O space end address calculation
    - dm kcopyd: avoid softlockup in run_complete_job
    - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
    - selftests/powerpc: Kill child processes on SIGINT
    - smb3: fix reset of bytes read and written stats
    - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
    - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
    - btrfs: replace: Reset on-disk dev stats value after replace
    - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
      initialized
    - btrfs: Don't remove block group that still has pinned down bytes
    - debugobjects: Make stack check warning more informative
    - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
    - kbuild: make missing $DEPMOD a Warning instead of an Error
    - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"
    - enic: do not call enic_change_mtu in enic_probe
    - Fixes: Commit cdbf92675fad ("mm: numa: avoid waiting on freed migrated
      pages")
    - genirq: Delay incrementing interrupt count if it's disabled/pending
    - irqchip/gic-v3-its: Recompute the number of pages on page size change
    - irqchip/gicv3-its: Fix memory leak in its_free_tables()
    - irqchip/gicv3-its: Avoid cache flush beyond ITS_BASERn memory size
    - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()
    - irqchip/gic: Make interrupt ID 1020 invalid
    - ovl: rename is_merge to is_lowest
    - ovl: override creds with the ones from the superblock mounter
    - ovl: proper cleanup of workdir
    - sch_htb: fix crash on init failure
    - sch_multiq: fix double free on init failure
    - sch_hhf: fix null pointer dereference on init failure
    - sch_netem: avoid null pointer deref on init failure
    - sch_tbf: fix two null pointer dereferences on init failure
    - mei: me: allow runtime pm for platform with D0i3
    - ASoC: wm8994: Fix missing break in switch
    - btrfs: use correct compare function of dirty_metadata_bytes
    - Linux 4.4.156

 -- Khalid Elmously <email address hidden>  Thu, 25 Oct 2018 23:14:53 +0000

Available diffs

Superseded in disco-release on 2018-12-03
Superseded in cosmic-security on 2018-12-03
Superseded in cosmic-updates on 2018-12-03
Deleted in disco-proposed (Reason: moved to release)
Deleted in cosmic-proposed (Reason: moved to -updates)
linux-kvm (4.18.0-1004.4) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1004.4 -proposed tracker (LP: #1799453)

  [ Ubuntu: 4.18.0-11.12 ]

  * linux: 4.18.0-11.12 -proposed tracker (LP: #1799445)
  * arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
    reserve_memblock_reserved_regions (LP: #1797139)
    - SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions
  * arm64: snapdragon: WARNING: CPU: 0 PID: 1 at drivers/irqchip/irq-gic.c:1016
    gic_irq_domain_translate (LP: #1797143)
    - SAUCE: arm64: dts: msm8916: camms: fix gic_irq_domain_translate warnings
  * The front MIC can't work on the Lenovo M715 (LP: #1797292)
    - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
  * Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
    - KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the same
      VM
  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages
  * hns3: autoneg settings get lost on down/up (LP: #1797654)
    - net: hns3: Fix for information of phydev lost problem when down/up
  * not able to unwind the stack from within __kernel_clock_gettime in the Linux
    vDSO (LP: #1797963)
    - powerpc/vdso: Correct call frame information
  * Signal 7 error when running GPFS tracing in cluster (LP: #1792195)
    - powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid.
    - powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition
  * Support Edge Gateway's WIFI LED (LP: #1798330)
    - SAUCE: mwifiex: Switch WiFi LED state according to the device status
  * Support Edge Gateway's Bluetooth LED (LP: #1798332)
    - SAUCE: Bluetooth: Support for LED on Edge Gateways
  * kvm doesn't work on 36 physical bits systems (LP: #1798427)
    - KVM: x86: fix L1TF's MMIO GFN calculation
  * CVE-2018-15471
    - xen-netback: fix input validation in xenvif_set_hash_mapping()
  * regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
    - rtnetlink: fix rtnl_fdb_dump() for ndmsg header

  [ Ubuntu: 4.18.0-10.11 ]

  * linux: 4.18.0-10.11 -proposed tracker (LP: #1797379)
  * the machine of lenovo M715 with the AMD GPU (Radeon Vega 8 Mobile, rev ca,
    1002:15dd) often hangs randomly (LP: #1796789)
    - drm/amd: Add missing fields in atom_integrated_system_info_v1_11
  * Miscellaneous Ubuntu changes
    - [Config] CONFIG_VBOXGUEST=n
    - ubuntu: vbox -- update to 5.2.18-dfsg-2
    - ubuntu: enable vbox build

 -- Stefan Bader <email address hidden>  Wed, 24 Oct 2018 16:24:38 +0200
Superseded in bionic-security on 2018-12-03
Superseded in bionic-updates on 2018-12-03
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1026.26) bionic; urgency=medium

  * linux-kvm: 4.15.0-1026.26 -proposed tracker (LP: #1799417)

  * Linux: insufficient shootdown for paging-structure caches (LP: #1798897)
    - [Config] CONFIG_HAVE_RCU_TABLE_INVALIDATE=y

  [ Ubuntu: 4.15.0-39.42 ]

  * linux: 4.15.0-39.42 -proposed tracker (LP: #1799411)
  * Linux: insufficient shootdown for paging-structure caches (LP: #1798897)
    - mm: move tlb_table_flush to tlb_flush_mmu_free
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
    - [Config] CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
  * Ubuntu18.04: GPU total memory is reduced (LP: #1792102)
    - Revert "powerpc/powernv: Increase memory block size to 1GB on radix"
  * arm64: snapdragon: reduce boot noise (LP: #1797154)
    - [Config] arm64: snapdragon: DRM_MSM=m
    - [Config] arm64: snapdragon: SND*=m
    - [Config] arm64: snapdragon: disable ARM_SDE_INTERFACE
    - [Config] arm64: snapdragon: disable DRM_I2C_ADV7511_CEC
    - [Config] arm64: snapdragon: disable VIDEO_ADV7511, VIDEO_COBALT
  * [Bionic] CPPC bug fixes (LP: #1796949)
    - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id
    - cpufreq: CPPC: Don't set transition_latency
    - ACPI / CPPC: Fix invalid PCC channel status errors
  * regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
    - rtnetlink: fix rtnl_fdb_dump() for ndmsg header
  * screen displays abnormally on the lenovo M715 with the AMD GPU (Radeon Vega
    8 Mobile, rev ca, 1002:15dd) (LP: #1796786)
    - drm/amd/display: Fix takover from VGA mode
    - drm/amd/display: early return if not in vga mode in disable_vga
    - drm/amd/display: Refine disable VGA
  * arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
    reserve_memblock_reserved_regions (LP: #1797139)
    - SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions
  * The front MIC can't work on the Lenovo M715 (LP: #1797292)
    - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
  * Keyboard backlight sysfs sometimes is missing on Dell laptops (LP: #1797304)
    - platform/x86: dell-smbios: Correct some style warnings
    - platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
    - platform/x86: dell-smbios: Link all dell-smbios-* modules together
    - [Config] CONFIG_DELL_SMBIOS_SMM=y, CONFIG_DELL_SMBIOS_WMI=y
  * rpi3b+: ethernet not working (LP: #1797406)
    - lan78xx: Don't reset the interface on open
  * 87cdf3148b11 was never backported to 4.15  (LP: #1795653)
    - xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto
  * [Ubuntu18.04][Power9][DD2.2]package installation segfaults inside debian
    chroot env in P9 KVM guest with HTM enabled (kvm) (LP: #1792501)
    - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
  * Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
    - KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the same
      VM
  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages
  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report
  * CVE-2017-13168
    - scsi: sg: mitigate read/write abuse
  * [Bionic] ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID
    is set (LP: #1797200)
    - ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID is set
  * [Bionic] arm64: topology: Avoid checking numa mask for scheduler MC
    selection (LP: #1797202)
    - arm64: topology: Avoid checking numa mask for scheduler MC selection
  * crypto/vmx - Backport of Fix sleep-in-atomic bugs patch for 18.04
    (LP: #1790832)
    - crypto: vmx - Fix sleep-in-atomic bugs
  * hns3: autoneg settings get lost on down/up (LP: #1797654)
    - net: hns3: Fix for information of phydev lost problem when down/up
  * not able to unwind the stack from within __kernel_clock_gettime in the Linux
    vDSO (LP: #1797963)
    - powerpc/vdso: Correct call frame information
  * Signal 7 error when running GPFS tracing in cluster (LP: #1792195)
    - powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid.
    - powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition
  * Support Edge Gateway's WIFI LED (LP: #1798330)
    - SAUCE: mwifiex: Switch WiFi LED state according to the device status
  * Support Edge Gateway's Bluetooth LED (LP: #1798332)
    - SAUCE: Bluetooth: Support for LED on Edge Gateways
  * USB cardreader (0bda:0328) make the system can't enter s3 or hang
    (LP: #1798328)
    - usb: Don't disable Latency tolerance Messaging (LTM) before port reset
  * CVE-2018-15471
    - xen-netback: fix input validation in xenvif_set_hash_mapping()
  * CVE-2018-16658
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
  * [Bionic] Update ThunderX2 implementation defined pmu core events
    (LP: #1796904)
    - perf vendor events arm64: Update ThunderX2 implementation defined pmu core
      events
  * the machine of lenovo M715 with the AMD GPU (Radeon Vega 8 Mobile, rev ca,
    1002:15dd) often hangs randomly (LP: #1796789)
    - drm/amd: Add missing fields in atom_integrated_system_info_v1_11
  * [18.04] GLK hang after a while (LP: #1760545)
    - drm/i915/glk: Add MODULE_FIRMWARE for Geminilake
  * Fix usbcore.quirks when used at boot (LP: #1795784)
    - usb: core: safely deal with the dynamic quirk lists

 -- Kleber Sacilotto de Souza <email address hidden>  Wed, 24 Oct 2018 10:19:31 +0000
Superseded in bionic-updates on 2018-11-13
Deleted in bionic-proposed (Reason: NBS)
linux-kvm (4.15.0-1025.25) bionic; urgency=medium

  * linux-kvm: 4.15.0-1025.25 -proposed tracker (LP: #1797065)

  [ Ubuntu: 4.15.0-38.41 ]

  * linux: 4.15.0-38.41 -proposed tracker (LP: #1797061)
  * Silent data corruption in Linux kernel 4.15 (LP: #1796542)
    - block: add a lower-level bio_add_page interface
    - block: bio_iov_iter_get_pages: fix size of last iovec
    - blkdev: __blkdev_direct_IO_simple: fix leak in error case
    - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs

Superseded in disco-release on 2018-11-15
Published in cosmic-release on 2018-10-14
Deleted in cosmic-proposed (Reason: moved to release)
linux-kvm (4.18.0-1003.3) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1003.3 -proposed tracker (LP: #1796353)

  * kvm kernel missing nbd module (LP: #1793976)
    - kvm: [Config] enable BLK_DEV_NBD

  [ Ubuntu: 4.18.0-9.10 ]

  * linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)
  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets in a bundle
    - ath10k: sdio: set skb len for all rx packets
    - powerpc/powernv/ioda2: Reduce upper limit for DMA window size
    - platform/x86: asus-wireless: Fix uninitialized symbol usage
    - ACPI / button: increment wakeup count only when notified
    - s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
    - alarmtimer: Prevent overflow for relative nanosleep
    - s390/dasd: correct numa_node in dasd_alloc_queue
    - s390/scm_blk: correct numa_node in scm_blk_dev_setup
    - s390/extmem: fix gcc 8 stringop-overflow warning
    - mtd: rawnand: atmel: add module param to avoid using dma
    - iio: accel: adxl345: convert address field usage in iio_chan_spec
    - posix-timers: Make forward callback return s64
    - posix-timers: Sanitize overrun handling
    - ALSA: snd-aoa: add of_node_put() in error path
    - selftests: forwarding: Tweak tc filters for mirror-to-gretap tests
    - ath10k: use locked skb_dequeue for rx completions
    - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
    - media: soc_camera: ov772x: correct setting of banding filter
    - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
    - media: ov772x: add checks for register read errors
    - staging: android: ashmem: Fix mmap size validation
    - media: ov772x: allow i2c controllers without I2C_FUNC_PROTOCOL_MANGLING
    - staging: mt7621-eth: Fix memory leak in mtk_add_mac() error path
    - drivers/tty: add error handling for pcmcia_loop_config
    - arm64: dts: renesas: salvator-common: Fix adv7482 decimal unit addresses
    - serial: pxa: Fix an error handling path in 'serial_pxa_probe()'
    - staging: mt7621-dts: Fix remaining pcie warnings
    - media: tm6000: add error handling for dvb_register_adapter
    - ASoC: qdsp6: qdafe: fix some off by one bugs
    - net: phy: xgmiitorgmii: Check read_status results
    - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
    - drm/sun4i: Enable DW HDMI PHY clock
    - net: phy: xgmiitorgmii: Check phy_driver ready before accessing
    - drm/sun4i: Fix releasing node when enumerating enpoints
    - ath10k: transmit queued frames after processing rx packets
    - mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status()
    - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
    - brcmsmac: fix wrap around in conversion from constant to s16
    - bitfield: fix *_encode_bits()
    - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
    - drm/omap: gem: Fix mm_list locking
    - ARM: mvebu: declare asm symbols as character arrays in pmsu.c
    - RDMA/uverbs: Don't overwrite NULL pointer with ZERO_SIZE_PTR
    - Documentation/process: fix reST table border error
    - perf/hw_breakpoint: Split attribute parse and commit
    - arm: dts: mediatek: Add missing cooling device properties for CPUs
    - HID: hid-ntrig: add error handling for sysfs_create_group
    - HID: i2c-hid: Use devm to allocate i2c_hid struct
    - MIPS: boot: fix build rule of vmlinux.its.S
    - arm64: dts: renesas: Fix VSPD registers range
    - drm/v3d: Take a lock across GPU scheduler job creation and queuing.
    - perf/x86/intel/lbr: Fix incomplete LBR call stack
    - scsi: bnx2i: add error handling for ioremap_nocache
    - iomap: complete partial direct I/O writes synchronously
    - spi: orion: fix CS GPIO handling again
    - scsi: megaraid_sas: Update controller info during resume
    - ASoC: Intel: bytcr_rt5640: Fix Acer Iconia 8 over-current detect threshold
    - ASoC: rt1305: Use ULL suffixes for 64-bit constants
    - ASoC: rsnd: SSI parent cares SWSP bit
    - EDAC, i7core: Fix memleaks and use-after-free on probe and remove
    - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
    - module: exclude SHN_UNDEF symbols from kallsyms api
    - gpio: Fix wrong rounding in gpio-menz127
    - nfsd: fix corrupted reply to badly ordered compound
    - EDAC: Fix memleak in module init error path
    - EDAC, altera: Fix an error handling path in altr_s10_sdram_probe()
    - staging: pi433: fix race condition in pi433_ioctl
    - ath10k: fix incorrect size of dma_free_coherent in
      ath10k_ce_alloc_src_ring_64
    - ath10k: snoc: use correct bus-specific pointer in RX retry
    - fs/lock: skip lock owner pid translation in case we are in init_pid_ns
    - ath10k: fix memory leak of tpc_stats
    - Input: xen-kbdfront - fix multi-touch XenStore node's locations
    - iio: 104-quad-8: Fix off-by-one error in register selection
    - drm/vc4: Add missing formats to vc4_format_mod_supported().
    - ARM: dts: dra7: fix DCAN node addresses
    - drm/vc4: plane: Expand the lower bits by repeating the higher bits
    - perf tests: Fix indexing when invoking subtests
    - gpio: tegra: Fix tegra_gpio_irq_set_type()
    - block: fix deadline elevator drain for zoned block devices
    - x86/mm: Expand static page table for fixmap space
    - tty: serial: lpuart: avoid leaking struct tty_struct
    - serial: imx: restore handshaking irq for imx1
    - serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
    - serial: cpm_uart: return immediately from console poll
    - intel_th: Fix device removal logic
    - intel_th: Fix resource handling for ACPI glue layer
    - spi: tegra20-slink: explicitly enable/disable clock
    - spi: sh-msiof: Fix invalid SPI use during system suspend
    - spi: sh-msiof: Fix handling of write value for SISTR register
    - spi: rspi: Fix invalid SPI use during system suspend
    - spi: rspi: Fix interrupted DMA transfers
    - regulator: fix crash caused by null driver data
    - regulator: Fix 'do-nothing' value for regulators without suspend state
    - USB: fix error handling in usb_driver_claim_interface()
    - USB: handle NULL config in usb_find_alt_setting()
    - usb: roles: Take care of driver module reference counting
    - usb: musb: dsps: do not disable CPPI41 irq in driver teardown
    - USB: usbdevfs: sanitize flags more
    - USB: usbdevfs: restore warning for nonsensical flags
    - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()"
    - USB: remove LPM management from usb_driver_claim_interface()
    - uaccess: Fix is_source param for check_copy_size() in copy_to_iter_mcsafe()
    - ext2, dax: set ext2_dax_aops for dax files
    - filesystem-dax: Fix use of zero page
    - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
    - IB/hfi1: Fix SL array bounds check
    - IB/hfi1: Invalid user input can result in crash
    - IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
    - IB/hfi1: Fix destroy_qp hang after a link down
    - ACPI / hotplug / PCI: Don't scan for non-hotplug bridges if slot is not
      bridge
    - RDMA/uverbs: Atomically flush and mark closed the comp event queue
    - arm64: KVM: Tighten guest core register access from userspace
    - ARM: OMAP2+: Fix null hwmod for ti-sysc debug
    - ARM: OMAP2+: Fix module address for modules using mpu_rt_idx
    - bus: ti-sysc: Fix module register ioremap for larger offsets
    - qed: Wait for ready indication before rereading the shmem
    - qed: Wait for MCP halt and resume commands to take place
    - qed: Prevent a possible deadlock during driver load and unload
    - qed: Avoid sending mailbox commands when MFW is not responsive
    - thermal: of-thermal: disable passive polling when thermal zone is disabled
    - isofs: reject hardware sector size > 2048 bytes
    - mmc: atmel-mci: fix bad logic of sg_copy_{from,to}_buffer conversion
    - mmc: android-goldfish: fix bad logic of sg_copy_{from,to}_buffer conversion
    - bus: ti-sysc: Fix no_console_suspend handling
    - ARM: dts: omap4-droid4: fix vibrations on Droid 4
    - bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
    - bpf, sockmap: fix sock hash count in alloc_sock_hash_elem
    - tls: possible hang when do_tcp_sendpages hits sndbuf is full case
    - bpf: sockmap: write_space events need to be passed to TCP handler
    - drm/amdgpu: fix VM clearing for the root PD
    - drm/amdgpu: fix preamble handling
    - amdgpu: fix multi-process hang issue
    - net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler
    - tcp_bbr: add bbr_check_probe_rtt_done() helper
    - tcp_bbr: in restart from idle, see if we should exit PROBE_RTT
    - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
    - net: hns: fix skb->truesize underestimation
    - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES
    - ice: Fix multiple static analyser warnings
    - ice: Report stats for allocated queues via ethtool stats
    - ice: Clean control queues only when they are initialized
    - ice: Fix bugs in control queue processing
    - ice: Use order_base_2 to calculate higher power of 2
    - ice: Set VLAN flags correctly
    - tools: bpftool: return from do_event_pipe() on bad arguments
    - ice: Fix a few null pointer dereference issues
    - ice: Fix potential return of uninitialized value
    - e1000: check on netif_running() before calling e1000_up()
    - e1000: ensure to free old tx/rx rings in set_ringparam()
    - ixgbe: fix driver behaviour after issuing VFLR
    - i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled
    - i40e: fix condition of WARN_ONCE for stat strings
    - crypto: chtls - fix null dereference chtls_free_uld()
    - crypto: cavium/nitrox - fix for command corruption in queue full case with
      backlog submissions.
    - hwmon: (ina2xx) fix sysfs shunt resistor read access
    - hwmon: (adt7475) Make adt7475_read_word() return errors
    - Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
    - drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
    - drm/amdgpu: Update power state at the end of smu hw_init.
    - ata: ftide010: Add a quirk for SQ201
    - nvme-fcloop: Fix dropped LS's to removed target port
    - ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
    - drm/amdgpu: Need to set moved to true when evict bo
    - arm/arm64: smccc-1.1: Make return values unsigned long
    - arm/arm64: smccc-1.1: Handle function result as parameters
    - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
    - clk: x86: Set default parent to 48Mhz
    - x86/pti: Fix section mismatch warning/error
    - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
    - powerpc: fix csum_ipv6_magic() on little endian platforms
    - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property
    - powerpc/pseries: Fix unitialized timer reset on migration
    - arm64: KVM: Sanitize PSTATE.M when being set from userspace
    - media: v4l: event: Prevent freeing event subscriptions while accessed
    - Linux 4.18.12
  * Fix usbcore.quirks when used at boot (LP: #1795784)
    - usb: core: safely deal with the dynamic quirk lists
  * Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver
  * Please make CONFIG_PWM_LPSS_PCI and CONFIG_PWM_LPSS_PLATFORM built in to
    make brightness adjustment working on various BayTrail/CherryTrail-based
    devices (LP: #1783964)
    - [Config]: Make PWM_LPSS_* built-in
  * CVE-2018-5391
    - SAUCE: Revert "net: increase fragment memory usage limits"
  * check and fix zkey required kernel modules locations in debs, udebs, and
    initramfs (LP: #1794346)
    - [Config] add s390 crypto modules to crypt-modules udeb
  * iptables --list --numeric fails on -virtual kernel / -virtual missing
    bpfilter (LP: #1795036)
    - [Config] add bpfilter.ko to generic inclusion list
  * fails to build  on armhf because of module rename (LP: #1795665)
    - [Config] omapfb was renamed to omap2fb
  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer
  * Cosmic update to 4.18.11 stable release (LP: #1795486)
    - gso_segment: Reset skb->mac_len after modifying network header
    - ipv6: fix possible use-after-free in ip6_xmit()
    - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
    - net: hp100: fix always-true check for link up state
    - pppoe: fix reception of frames with no mac header
    - qmi_wwan: set DTR for modems in forced USB2 mode
    - udp4: fix IP_CMSG_CHECKSUM for connected sockets
    - tls: don't copy the key out of tls12_crypto_info_aes_gcm_128
    - tls: zero the crypto information from tls_context before freeing
    - tls: clear key material from kernel memory when do_tls_setsockopt_conf fails
    - neighbour: confirm neigh entries when ARP packet is received
    - udp6: add missing checks on edumux packet processing
    - net/sched: act_sample: fix NULL dereference in the data path
    - hv_netvsc: fix schedule in RCU context
    - net: dsa: mv88e6xxx: Fix ATU Miss Violation
    - socket: fix struct ifreq size in compat ioctl
    - tls: fix currently broken MSG_PEEK behavior
    - ipv6: use rt6_info members when dst is set in rt6_fill_node
    - net/ipv6: do not copy dst flags on rt init
    - net: mvpp2: let phylink manage the carrier state
    - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
    - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
    - NFC: Fix the number of pipes
    - ASoC: wm9712: fix replace codec to component
    - ASoC: cs4265: fix MMTLR Data switch control
    - ASoC: tas6424: Save last fault register even when clear
    - ASoC: rsnd: fixup not to call clk_get/set under non-atomic
    - ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors
    - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error
      path
    - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for
      streaming DMA mapping
    - ALSA: emu10k1: fix possible info leak to userspace on
      SNDRV_EMU10K1_IOCTL_INFO
    - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
    - ALSA: firewire-digi00x: fix memory leak of private data
    - ALSA: firewire-tascam: fix memory leak of private data
    - ALSA: fireworks: fix memory leak of response buffer at error path
    - ALSA: oxfw: fix memory leak for model-dependent data at error path
    - ALSA: oxfw: fix memory leak of discovered stream formats at error path
    - ALSA: oxfw: fix memory leak of private data
    - mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able
    - mtd: rawnand: denali: fix a race condition when DMA is kicked
    - platform/x86: dell-smbios-wmi: Correct a memory leak
    - platform/x86: alienware-wmi: Correct a memory leak
    - xen/netfront: don't bug in case of too many frags
    - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
    - spi: fix IDR collision on systems with both fixed and dynamic SPI bus
      numbers
    - Revert "PCI: Add ACS quirk for Intel 300 series"
    - ring-buffer: Allow for rescheduling when removing pages
    - crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2
    - fork: report pid exhaustion correctly
    - mm: disable deferred struct page for 32-bit arches
    - mm: shmem.c: Correctly annotate new inodes for lockdep
    - Revert "rpmsg: core: add support to power domains for devices"
    - bpf/verifier: disallow pointer subtraction
    - Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct
      member name"
    - scsi: target: iscsi: Use bin2hex instead of a re-implementation
    - Revert "ubifs: xattr: Don't operate on deleted inodes"
    - libata: mask swap internal and hardware tag
    - ocfs2: fix ocfs2 read block panic
    - drm/i915/bdw: Increase IPS disable timeout to 100ms
    - drm/nouveau: Reset MST branching unit before enabling
    - drm/nouveau: Only write DP_MSTM_CTRL when needed
    - drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend()
    - drm/nouveau: Fix deadlocks in nouveau_connector_detect()
    - drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload
    - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
    - drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests
    - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
    - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
    - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
    - drm: udl: Destroy framebuffer only if it was initialized
    - drm/amdgpu: add new polaris pci id
    - tty: vt_ioctl: fix potential Spectre v1
    - ext4: check to make sure the rename(2)'s destination is not freed
    - ext4: avoid divide by zero fault when deleting corrupted inline directories
    - ext4: avoid arithemetic overflow that can trigger a BUG
    - ext4: recalucate superblock checksum after updating free blocks/inodes
    - ext4: fix online resize's handling of a too-small final block group
    - ext4: fix online resizing for bigalloc file systems with a 1k block size
    - ext4: don't mark mmp buffer head dirty
    - ext4: show test_dummy_encryption mount option in /proc/mounts
    - ext4, dax: add ext4_bmap to ext4_dax_aops
    - ext4, dax: set ext4_dax_aops for dax files
    - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
    - vmw_balloon: include asm/io.h
    - iw_cxgb4: only allow 1 flush on user qps
    - spi: Fix double IDR allocation with DT aliases
    - Linux 4.18.11
  * CVE-2018-14633
    - scsi: target: iscsi: Use hex2bin instead of a re-implementation
  * Cosmic update to 4.18.10 stable release (LP: #1794597)
    - be2net: Fix memory leak in be_cmd_get_profile_config()
    - net/mlx5: Fix use-after-free in self-healing flow
    - net: qca_spi: Fix race condition in spi transfers
    - rds: fix two RCU related problems
    - tipc: orphan sock in tipc_release()
    - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables
    - net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC
    - net/mlx5: Check for error in mlx5_attach_interface
    - net/mlx5: Fix debugfs cleanup in the device init/remove flow
    - erspan: fix error handling for erspan tunnel
    - erspan: return PACKET_REJECT when the appropriate tunnel is not found
    - tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY
    - net/mlx5: Fix not releasing read lock when adding flow rules
    - net/mlx5: Fix possible deadlock from lockdep when adding fte to fg
    - net/mlx5: Use u16 for Work Queue buffer fragment size
    - usb: dwc3: change stream event enable bit back to 13
    - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
    - iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the
      PTE
    - iommu/io-pgtable-arm: Fix pgtable allocation in selftest
    - ALSA: msnd: Fix the default sample sizes
    - ALSA: usb-audio: Add support for Encore mDSD USB DAC
    - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
    - xfrm: fix 'passing zero to ERR_PTR()' warning
    - amd-xgbe: use dma_mapping_error to check map errors
    - nfp: don't fail probe on pci_sriov_set_totalvfs() errors
    - iwlwifi: cancel the injective function between hw pointers to tfd entry
      index
    - gfs2: Special-case rindex for gfs2_grow
    - clk: imx6ul: fix missing of_node_put()
    - clk: imx6sll: fix missing of_node_put()
    - clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent
    - Input: pxrc - fix freeing URB on device teardown
    - clk: core: Potentially free connection id
    - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure
    - kbuild: add .DELETE_ON_ERROR special target
    - kbuild: do not update config when running install targets
    - media: tw686x: Fix oops on buffer alloc failure
    - dmaengine: pl330: fix irq race with terminate_all
    - MIPS: ath79: fix system restart
    - media: videobuf2-core: check for q->error in vb2_core_qbuf()
    - IB/rxe: Drop QP0 silently
    - block: allow max_discard_segments to be stacked
    - IB/ipoib: Fix error return code in ipoib_dev_init()
    - mtd/maps: fix solutionengine.c printk format warnings
    - media: ov5645: Supported external clock is 24MHz
    - perf test: Fix subtest number when showing results
    - gfs2: Don't reject a supposedly full bitmap if we have blocks reserved
    - perf tools: Synthesize GROUP_DESC feature in pipe mode
    - perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
    - perf tests: Fix record+probe_libc_inet_pton.sh when event exists
    - perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups
    - fbdev: omapfb: off by one in omapfb_register_client()
    - perf tools: Fix struct comm_str removal crash
    - video: goldfishfb: fix memory leak on driver remove
    - fbdev/via: fix defined but not used warning
    - perf powerpc: Fix callchain ip filtering when return address is in a
      register
    - video: fbdev: pxafb: clear allocated memory for video modes
    - fbdev: Distinguish between interlaced and progressive modes
    - omapfb: rename omap2 module to omap2fb.ko
    - ARM: exynos: Clear global variable on init error path
    - perf powerpc: Fix callchain ip filtering
    - nvmet: fix file discard return status
    - nvme-rdma: unquiesce queues when deleting the controller
    - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
    - powerpc/powernv: opal_put_chars partial write fix
    - perf script: Show correct offsets for DWARF-based unwinding
    - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout
    - staging: bcm2835-camera: handle wait_for_completion_timeout return properly
    - ASoC: rt5514: Fix the issue of the delay volume applied
    - MIPS: jz4740: Bump zload address
    - mac80211: restrict delayed tailroom needed decrement
    - Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets
    - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc
    - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
    - reset: imx7: Fix always writing bits as 0
    - ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations
    - nfp: avoid buffer leak when FW communication fails
    - xen-netfront: fix queue name setting
    - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
    - ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci
    - soc: qcom: smem: Correct check for global partition
    - s390/qeth: fix race in used-buffer accounting
    - s390/qeth: reset layer2 attribute on layer switch
    - platform/x86: toshiba_acpi: Fix defined but not used build warnings
    - KVM: arm/arm64: Fix vgic init race
    - drivers/base: stop new probing during shutdown
    - i2c: aspeed: Fix initial values of master and slave state
    - drm/amd/pp: Set Max clock level to display by default
    - regulator: qcom_spmi: Use correct regmap when checking for error
    - regulator: qcom_spmi: Fix warning Bad of_node_put()
    - iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3
    - dmaengine: mv_xor_v2: kill the tasklets upon exit
    - crypto: sharah - Unregister correct algorithms for SAHARA 3
    - x86/pti: Check the return value of pti_user_pagetable_walk_p4d()
    - x86/pti: Check the return value of pti_user_pagetable_walk_pmd()
    - x86/mm/pti: Add an overflow check to pti_clone_pmds()
    - PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST
    - xen-netfront: fix warn message as irq device name has '/'
    - RDMA/cma: Protect cma dev list with lock
    - pstore: Fix incorrect persistent ram buffer mapping
    - xen/netfront: fix waiting for xenbus state change
    - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
    - mmc: omap_hsmmc: fix wakeirq handling on removal
    - ipmi: Rework SMI registration failure
    - ipmi: Move BT capabilities detection to the detect call
    - ipmi: Fix I2C client removal in the SSIF driver
    - ovl: fix oopses in ovl_fill_super() failure paths
    - vmbus: don't return values for uninitalized channels
    - Tools: hv: Fix a bug in the key delete code
    - misc: ibmvsm: Fix wrong assignment of return code
    - misc: hmc6352: fix potential Spectre v1
    - xhci: Fix use after free for URB cancellation on a reallocated endpoint
    - usb: Don't die twice if PCI xhci host is not responding in resume
    - usb: xhci: fix interrupt transfer error happened on MTK platforms
    - usb: mtu3: fix error of xhci port id when enable U3 dual role
    - mei: ignore not found client in the enumeration
    - mei: bus: fix hw module get/put balance
    - mei: bus: need to unlink client before freeing
    - dm verity: fix crash on bufio buffer that was allocated with vmalloc
    - USB: Add quirk to support DJI CineSSD
    - usb: uas: add support for more quirk flags
    - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
    - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
    - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller
    - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0
    - USB: net2280: Fix erroneous synchronization change
    - USB: serial: io_ti: fix array underflow in completion handler
    - usb: misc: uss720: Fix two sleep-in-atomic-context bugs
    - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
    - USB: yurex: Fix buffer over-read in yurex_write()
    - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
      service_outstanding_interrupt()
    - Revert "cdc-acm: implement put_char() and flush_chars()"
    - cifs: prevent integer overflow in nxt_dir_entry()
    - CIFS: fix wrapping bugs in num_entries()
    - cifs: integer overflow in in SMB2_ioctl()
    - xtensa: ISS: don't allocate memory in platform_setup
    - perf/core: Force USER_DS when recording user stack data
    - perf tools: Fix maps__find_symbol_by_name()
    - of: fix phandle cache creation for DTs with no phandles
    - x86/EISA: Don't probe EISA bus for Xen PV guests
    - NFSv4: Fix a tracepoint Oops in initiate_file_draining()
    - NFSv4.1 fix infinite loop on I/O.
    - of: add helper to lookup compatible child node
    - mmc: meson-mx-sdio: fix OF child-node lookup
    - binfmt_elf: Respect error return from `regset->active'
    - net/mlx5: Add missing SET_DRIVER_VERSION command translation
    - arm64: dts: uniphier: Add missing cooling device properties for CPUs
    - audit: fix use-after-free in audit_add_watch
    - mtdchar: fix overflows in adjustment of `count`
    - vfs: fix freeze protection in mnt_want_write_file() for overlayfs
    - bpf: fix rcu annotations in compute_effective_progs()
    - spi: dw: fix possible race condition
    - Bluetooth: Use lock_sock_nested in bt_accept_enqueue
    - evm: Don't deadlock if a crypto algorithm is unavailable
    - KVM: PPC: Book3S HV: Add of_node_put() in success path
    - security: check for kstrdup() failure in lsm_append()
    - PM / devfreq: use put_device() instead of kfree()
    - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables
    - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
    - configfs: fix registered group removal
    - pinctrl: mt7622: Fix probe fail by misuse the selector
    - pinctrl: rza1: Fix selector use for groups and functions
    - arm64: dts: mt7622: update a clock property for UART0
    - sched/core: Use smp_mb() in wake_woken_function()
    - efi/esrt: Only call efi_mem_reserve() for boot services memory
    - ARM: hisi: handle of_iomap and fix missing of_node_put
    - ARM: hisi: fix error handling and missing of_node_put
    - ARM: hisi: check of_iomap and fix missing of_node_put
    - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver
    - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
    - ASoC: hdmi-codec: fix routing
    - serial: 8250: of: Correct of_platform_serial_setup() error handling
    - tty: fix termios input-speed encoding when using BOTHER
    - tty: fix termios input-speed encoding
    - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips
    - mmc: tegra: prevent HS200 on Tegra 3
    - mmc: sdhci: do not try to use 3.3V signaling if not supported
    - drm/nouveau: Fix runtime PM leak in drm_open()
    - drm/nouveau/debugfs: Wake up GPU before doing any reclocking
    - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
    - tls: Fix zerocopy_from_iter iov handling
    - parport: sunbpp: fix error return code
    - sched/fair: Fix util_avg of new tasks for asymmetric systems
    - coresight: Handle errors in finding input/output ports
    - coresight: tpiu: Fix disabling timeouts
    - coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35
    - f2fs: do checkpoint in kill_sb
    - tools/testing/nvdimm: Fix support for emulating controller temperature
    - drm/amd/display: support access ddc for mst branch
    - ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data()
    - lightnvm: pblk: assume that chunks are closed on 1.2 devices
    - lightnvm: pblk: enable line minor version detection
    - staging: bcm2835-audio: Don't leak workqueue if open fails
    - gpio: pxa: Fix potential NULL dereference
    - gpiolib: Mark gpio_suffixes array with __maybe_unused
    - net: gemini: Allow multiple ports to instantiate
    - net: mvpp2: make sure we use single queue mode on PPv2.1
    - rcutorture: Use monotonic timestamp for stall detection
    - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation
    - drm/amdkfd: Fix error codes in kfd_get_process
    - rtc: bq4802: add error handling for devm_ioremap
    - selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run
    - selftests/android: initialize heap_type to avoid compiling warning
    - ALSA: pcm: Fix snd_interval_refine first/last with open min/max
    - scsi: libfc: fixup 'sleeping function called from invalid context'
    - scsi: lpfc: Fix NVME Target crash in defer rcv logic
    - scsi: lpfc: Fix panic if driver unloaded when port is offline
    - remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress
    - ASoC: rt5651: Fix workqueue cancel vs irq free race on remove
    - drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
    - arm64: perf: Disable PMU while processing counter overflows
    - drm/amd/pp: Send khz clock values to DC for smu7/8
    - dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0
    - staging: fsl-dpaa2/eth: Fix DMA mapping direction
    - block/DAC960.c: fix defined but not used build warnings
    - IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers
    - blk-mq: only attempt to merge bio if there is rq in sw queue
    - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue()
    - pinctrl: msm: Fix msm_config_group_get() to be compliant
    - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant
    - clk: tegra: bpmp: Don't crash when a clock fails to register
    - mei: bus: type promotion bug in mei_nfc_if_version()
    - crypto: ccp - add timeout support in the SEV command
    - Linux 4.18.10
  * Fix MCE handling for user access of poisoned device-dax mapping
    (LP: #1774366)
    - x86/mce: Fix set_mce_nospec() to avoid #GP fault
  * [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()
  * Oracle cosmic image does not find broadcom network device in Shape
    VMStandard2.1 (LP: #1790652)
    - SAUCE: bnxt_en: Fix VF mac address regression.
  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active
  * hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
    - net: hns3: Add vlan filter setting by ethtool command -K
  * hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel
  * hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
    - scsi: hisi_sas: Add SATA FIS check for v3 hw
  * Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function
  * hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
    - scsi: hisi_sas: Tidy hisi_sas_task_prep()
  * Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw
  * HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout
  * Cosmic update to 4.18.9 stable release (LP: #1793682)
    - i2c: xiic: Make the start and the byte count write atomic
    - i2c: i801: fix DNV's SMBCTRL register offset
    - HID: multitouch: fix Elan panels with 2 input modes declaration
    - HID: core: fix grouping by application
    - HID: input: fix leaking custom input node name
    - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported.
    - memory_hotplug: fix kernel_panic on offline page processing
    - mac80211: don't update the PM state of a peer upon a multicast frame
    - scsi: lpfc: Correct MDS diag and nvmet configuration
    - nbd: don't allow invalid blocksize settings
    - block: don't warn when doing fsync on read-only devices
    - block: bfq: swap puts in bfqg_and_blkg_put
    - android: binder: fix the race mmap and alloc_new_buf_locked
    - MIPS: VDSO: Match data page cache colouring when D$ aliases
    - SMB3: Backup intent flag missing for directory opens with backupuid mounts
    - smb3: check for and properly advertise directory lease support
    - cifs: connect to servername instead of IP for IPC$ share
    - btrfs: fix qgroup_free wrong num_bytes in btrfs_subvolume_reserve_metadata
    - Btrfs: fix data corruption when deduplicating between different files
    - arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD
    - KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW
    - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()
    - KVM: s390: vsie: copy wrapping keys to right place
    - KVM: x86: SVM: Set EMULTYPE_NO_REEXECUTE for RSM emulation
    - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
    - KVM: x86: Invert emulation re-execute behavior to make it opt-in
    - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE
    - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault
    - KVM: x86: Do not re-{try,execute} after failed emulation in L2
    - ARC: [plat-axs*/plat-hsdk]: Allow U-Boot to pass MAC-address to the kernel
    - ACPI / LPSS: Force LPSS quirks on boot
    - memory: ti-aemif: fix a potential NULL-pointer dereference
    - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
    - cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun()
    - cpu/hotplug: Prevent state corruption on error rollback
    - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
    - x86/microcode: Update the new microcode revision unconditionally
    - x86/process: Don't mix user/kernel regs in 64bit __show_regs()
    - x86/apic/vector: Make error return value negative
    - switchtec: Fix Spectre v1 vulnerability
    - ARC: [plat-axs*]: Enable SWAP
    - tc-testing: flush gact actions on test teardown
    - tc-testing: remove duplicate spaces in connmark match patterns
    - misc: mic: SCIF Fix scif_get_new_port() error handling
    - ALSA: hda/realtek - Add mute LED quirk for HP Spectre x360
    - ethtool: Remove trailing semicolon for static inline
    - i2c: aspeed: Add an explicit type casting for *get_clk_reg_val
    - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
    - pinctrl: berlin: fix 'pctrl->functions' allocation in
      berlin_pinctrl_build_state
    - gpio: tegra: Move driver registration to subsys_init level
    - powerpc/4xx: Fix error return path in ppc4xx_msi_probe()
    - selftests/bpf: fix a typo in map in map test
    - media: davinci: vpif_display: Mix memory leak on probe error path
    - media: dw2102: Fix memleak on sequence of probes
    - net: phy: Fix the register offsets in Broadcom iProc mdio mux driver
    - scsi: qla2xxx: Fix unintended Logout
    - scsi: qla2xxx: Fix session state stuck in Get Port DB
    - scsi: qla2xxx: Silent erroneous message
    - clk: scmi: Fix the rounding of clock rate
    - blk-mq: fix updating tags depth
    - scsi: lpfc: Fix driver crash when re-registering NVME rports.
    - scsi: target: fix __transport_register_session locking
    - md/raid5: fix data corruption of replacements after originals dropped
    - timers: Clear timer_base::must_forward_clk with timer_base::lock held
    - media: camss: csid: Configure data type and decode format properly
    - gpu: ipu-v3: default to id 0 on missing OF alias
    - misc: ti-st: Fix memory leak in the error path of probe()
    - uio: potential double frees if __uio_register_device() fails
    - firmware: vpd: Fix section enabled flag on vpd_section_destroy
    - Drivers: hv: vmbus: Cleanup synic memory free path
    - tty: rocket: Fix possible buffer overwrite on register_PCI
    - uio: fix possible circular locking dependency
    - iwlwifi: pcie: don't access periphery registers when not available
    - IB/IPoIB: Set ah valid flag in multicast send flow
    - f2fs: fix to active page in lru list for read path
    - f2fs: do not set free of current section
    - f2fs: Keep alloc_valid_block_count in sync
    - f2fs: issue discard align to section in LFS mode
    - f2fs: fix defined but not used build warnings
    - f2fs: fix to detect looped node chain correctly
    - ASoC: soc-pcm: Use delay set in component pointer function
    - perf tools: Allow overriding MAX_NR_CPUS at compile time
    - device-dax: avoid hang on error before devm_memremap_pages()
    - NFSv4.0 fix client reference leak in callback
    - perf c2c report: Fix crash for empty browser
    - perf evlist: Fix error out while applying initial delay and LBR
    - powerpc/pseries: fix EEH recovery of some IOV devices
    - macintosh/via-pmu: Add missing mmio accessors
    - perf build: Fix installation directory for eBPF
    - ath9k: report tx status on EOSP
    - ath9k_hw: fix channel maximum power level test
    - ath10k: prevent active scans on potential unusable channels
    - wlcore: Set rx_status boottime_ns field on rx
    - rpmsg: core: add support to power domains for devices
    - mtd: rawnand: make subop helpers return unsigned values
    - scsi: tcmu: do not set max_blocks if data_bitmap has been setup
    - MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
    - ata: libahci: Allow reconfigure of DEVSLP register
    - ata: libahci: Correct setting of DEVSLP register
    - nfs: Referrals not inheriting proto setting from parent
    - scsi: 3ware: fix return 0 on the error path of probe
    - tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
    - ath10k: disable bundle mgmt tx completion event support
    - media: em28xx: explicitly disable TS packet filter
    - PCI: mobiveil: Add missing ../pci.h include
    - PCI: mobiveil: Fix struct mobiveil_pcie.pcie_reg_base address type
    - powerpc/mm: Don't report PUDs as memory leaks when using kmemleak
    - Bluetooth: hidp: Fix handling of strncpy for hid->name information
    - x86/mm: Remove in_nmi() warning from vmalloc_fault()
    - regulator: tps65217: Fix NULL pointer dereference on probe
    - pinctrl: imx: off by one in imx_pinconf_group_dbg_show()
    - gpio: pxa: disable pinctrl calls for PXA3xx
    - gpio: ml-ioh: Fix buffer underwrite on probe error path
    - pinctrl/amd: only handle irq if it is pending and unmasked
    - net: mvneta: fix mtu change on port without link
    - f2fs: try grabbing node page lock aggressively in sync scenario
    - pktcdvd: Fix possible Spectre-v1 for pkt_devs
    - f2fs: fix to skip GC if type in SSA and SIT is inconsistent
    - tpm_tis_spi: Pass the SPI IRQ down to the driver
    - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
    - f2fs: fix to do sanity check with reserved blkaddr of inline inode
    - MIPS: Octeon: add missing of_node_put()
    - MIPS: generic: fix missing of_node_put()
    - thermal: rcar_thermal: avoid NULL dereference in absence of IRQ resources
    - thermal_hwmon: Sanitize attribute name passed to hwmon
    - net: dcb: For wild-card lookups, use priority -1, not 0
    - dm cache: only allow a single io_mode cache feature to be requested
    - Input: atmel_mxt_ts - only use first T9 instance
    - media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time}
      functions
    - media: rcar-csi2: update stream start for V3M
    - media: helene: fix xtal frequency setting at power on
    - drm/amd/display: Prevent PSR from being enabled if initialization fails
    - media: em28xx: Fix dual transport stream operation
    - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel
    - f2fs: fix to wait on page writeback before updating page
    - f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
    - media: em28xx: Fix DualHD disconnect oops
    - f2fs: avoid potential deadlock in f2fs_sbi_store
    - f2fs: fix to do sanity check with secs_per_zone
    - mfd: rave-sp: Initialize flow control and parity of the port
    - iommu/ipmmu-vmsa: Fix allocation in atomic context
    - mfd: ti_am335x_tscadc: Fix struct clk memory leak
    - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
    - f2fs: fix to propagate return value of scan_nat_page()
    - f2fs: fix to do sanity check with extra_attr feature
    - RDMA/hns: Add illegal hop_num judgement
    - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
    - RDMA/hns: Update the data type of immediate data
    - MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
    - MIPS: mscc: ocelot: fix length of memory address space for MIIM
    - RDMA/cma: Do not ignore net namespace for unbound cm_id
    - clocksource: Revert "Remove kthread"
    - autofs: fix autofs_sbi() does not check super block type
    - mm: get rid of vmacache_flush_all() entirely
    - Linux 4.18.9
  * SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
    - Input: elantech - enable middle button of touchpad on ThinkPad P72
  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels
  * hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF
  * Fix unusable NVIDIA GPU after S3 (LP: #1793338)
    - SAUCE: PCI: Reprogram bridge prefetch registers on resume
  * net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex
  * Cosmic update to v4.18.8 stable release (LP: #1793069)
    - act_ife: fix a potential use-after-free
    - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
      state
    - net: bcmgenet: use MAC link status for fixed phy
    - net: macb: do not disable MDIO bus at open/close time
    - net: sched: Fix memory exposure from short TCA_U32_SEL
    - qlge: Fix netdev features configuration.
    - r8169: add support for NCube 8168 network card
    - tcp: do not restart timewait timer on rst reception
    - vti6: remove !skb->ignore_df check from vti6_xmit()
    - act_ife: move tcfa_lock down to where necessary
    - act_ife: fix a potential deadlock
    - net: sched: action_ife: take reference to meta module
    - bnxt_en: Clean up unused functions.
    - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA.
    - net/sched: act_pedit: fix dump of extended layered op
    - tipc: fix a missing rhashtable_walk_exit()
    - hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe()
    - tipc: fix the big/little endian issue in tipc_dest
    - sctp: remove useless start_fail from sctp_ht_iter in proc
    - erspan: set erspan_ver to 1 by default when adding an erspan dev
    - net: macb: Fix regression breaking non-MDIO fixed-link PHYs
    - ipv6: don't get lwtstate twice in ip6_rt_copy_init()
    - net/ipv6: init ip6 anycast rt->dst.input as ip6_input
    - net/ipv6: Only update MTU metric if it set
    - net/ipv6: Put lwtstate when destroying fib6_info
    - net/mlx5: Fix SQ offset in QPs with small RQ
    - r8169: set RxConfig after tx/rx is enabled for RTL8169sb/8110sb devices
    - Revert "net: stmmac: Do not keep rearming the coalesce timer in stmmac_xmit"
    - ip6_vti: fix creating fallback tunnel device for vti6
    - ip6_vti: fix a null pointer deference when destroy vti6 tunnel
    - nfp: wait for posted reconfigs when disabling the device
    - sctp: hold transport before accessing its asoc in sctp_transport_get_next
    - mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge
    - vhost: correctly check the iova range when waking virtqueue
    - hv_netvsc: ignore devices that are not PCI
    - cifs: check if SMB2 PDU size has been padded and suppress the warning
    - hfsplus: don't return 0 when fill_super() failed
    - hfs: prevent crash on exit from failed search
    - sunrpc: Don't use stack buffer with scatterlist
    - fork: don't copy inconsistent signal handler state to child
    - fs/proc/vmcore.c: hide vmcoredd_mmap_dumps() for nommu builds
    - reiserfs: change j_timestamp type to time64_t
    - iommu/rockchip: Handle errors returned from PM framework
    - hfsplus: fix NULL dereference in hfsplus_lookup()
    - iommu/rockchip: Move irq request past pm_runtime_enable
    - fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries
    - fat: validate ->i_start before using
    - workqueue: skip lockdep wq dependency in cancel_work_sync()
    - workqueue: re-add lockdep dependencies for flushing
    - scripts: modpost: check memory allocation results
    - apparmor: fix an error code in __aa_create_ns()
    - virtio: pci-legacy: Validate queue pfn
    - x86/mce: Add notifier_block forward declaration
    - i2c: core: ACPI: Make acpi_gsb_i2c_read_bytes() check i2c_transfer return
      value
    - IB/hfi1: Invalid NUMA node information can cause a divide by zero
    - pwm: meson: Fix mux clock names
    - powerpc/topology: Get topology for shared processors at boot
    - mm/fadvise.c: fix signed overflow UBSAN complaint
    - mm: make DEFERRED_STRUCT_PAGE_INIT explicitly depend on SPARSEMEM
    - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
    - platform/x86: intel_punit_ipc: fix build errors
    - bpf, sockmap: fix map elem deletion race with smap_stop_sock
    - tcp, ulp: fix leftover icsk_ulp_ops preventing sock from reattach
    - bpf, sockmap: fix sock_map_ctx_update_elem race with exist/noexist
    - net/xdp: Fix suspicious RCU usage warning
    - bpf, sockmap: fix leakage of smap_psock_map_entry
    - samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM
    - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses
    - s390/kdump: Fix memleak in nt_vmcoreinfo
    - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
    - mfd: sm501: Set coherent_dma_mask when creating subdevices
    - netfilter: x_tables: do not fail xt_alloc_table_info too easilly
    - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
    - netfilter: fix memory leaks on netlink_dump_start error
    - tcp, ulp: add alias for all ulp modules
    - ubi: Initialize Fastmap checkmapping correctly
    - RDMA/hns: Fix usage of bitmap allocation functions return values
    - ACPICA: ACPICA: add status check for acpi_hw_read before assigning return
      value
    - perf arm spe: Fix uninitialized record error variable
    - net: hns3: Fix for command format parsing error in
      hclge_is_all_function_id_zero
    - block: don't warn for flush on read-only device
    - PCI: Match Root Port's MPS to endpoint's MPSS as necessary
    - drm/amd/display: Guard against null crtc in CRC IRQ
    - coccicheck: return proper error code on fail
    - perf tools: Check for null when copying nsinfo.
    - f2fs: avoid race between zero_range and background GC
    - f2fs: fix avoid race between truncate and background GC
    - RISC-V: Use KBUILD_CFLAGS instead of KCFLAGS when building the vDSO
    - irqchip/stm32: Fix init error handling
    - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
    - net/9p/trans_fd.c: fix race by holding the lock
    - net/9p: fix error path of p9_virtio_probe
    - f2fs: fix to clear PG_checked flag in set_page_dirty()
    - pinctrl: axp209: Fix NULL pointer dereference after allocation
    - bpf: fix bpffs non-array map seq_show issue
    - powerpc/uaccess: Enable get_user(u64, *p) on 32-bit
    - powerpc: Fix size calculation using resource_size()
    - perf probe powerpc: Fix trace event post-processing
    - block: bvec_nr_vecs() returns value for wrong slab
    - brcmfmac: fix brcmf_wiphy_wowl_params() NULL pointer dereference
    - s390/dasd: fix hanging offline processing due to canceled worker
    - s390/dasd: fix panic for failed online processing
    - ACPI / scan: Initialize status to ACPI_STA_DEFAULT
    - blk-mq: count the hctx as active before allocating tag
    - scsi: aic94xx: fix an error code in aic94xx_init()
    - NFSv4: Fix error handling in nfs4_sp4_select_mode()
    - Input: do not use WARN() in input_alloc_absinfo()
    - xen/balloon: fix balloon initialization for PVH Dom0
    - PCI: mvebu: Fix I/O space end address calculation
    - dm kcopyd: avoid softlockup in run_complete_job
    - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
    - ASoC: rt5677: Fix initialization of rt5677_of_match.data
    - iommu/omap: Fix cache flushes on L2 table entries
    - selftests/powerpc: Kill child processes on SIGINT
    - selinux: cleanup dentry and inodes on error in selinuxfs
    - RDS: IB: fix 'passing zero to ERR_PTR()' warning
    - cfq: Suppress compiler warnings about comparisons
    - smb3: fix reset of bytes read and written stats
    - CIFS: fix memory leak and remove dead code
    - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
    - smb3: if server does not support posix do not allow posix mount option
    - powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning
    - powerpc/64s: Make rfi_flush_fallback a little more robust
    - um: fix parallel building with O= option
    - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
    - clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399
    - drm/amd/display: Read back max backlight value at boot
    - KVM: vmx: track host_state.loaded using a loaded_vmcs pointer
    - kvm: nVMX: Fix fault vector for VMX operation at CPL > 0
    - drm/etnaviv: fix crash in GPU suspend when init failed due to buffer
      placement
    - btrfs: Exit gracefully when chunk map cannot be inserted to the tree
    - btrfs: replace: Reset on-disk dev stats value after replace
    - btrfs: fix in-memory value of total_devices after seed device deletion
    - btrfs: relocation: Only remove reloc rb_trees if reloc control has been
      initialized
    - btrfs: tree-checker: Detect invalid and empty essential trees
    - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount
    - btrfs: lift uuid_mutex to callers of btrfs_open_devices
    - btrfs: Don't remove block group that still has pinned down bytes
    - btrfs: Fix a C compliance issue
    - arm64: rockchip: Force CONFIG_PM on Rockchip systems
    - ARM: rockchip: Force CONFIG_PM on Rockchip systems
    - btrfs: do btrfs_free_stale_devices outside of device_list_add
    - btrfs: extend locked section when adding a new device in device_list_add
    - btrfs: rename local devices for fs_devices in btrfs_free_stale_devices(
    - btrfs: use device_list_mutex when removing stale devices
    - btrfs: lift uuid_mutex to callers of btrfs_scan_one_device
    - btrfs: lift uuid_mutex to callers of btrfs_parse_early_options
    - btrfs: reorder initialization before the mount locks uuid_mutex
    - btrfs: fix mount and ioctl device scan ioctl race
    - drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks"
    - drm/i915: Nuke the LVDS lid notifier
    - drm/i915: Increase LSPCON timeout
    - drm/i915: Free write_buf that we allocated with kzalloc.
    - drm/amdgpu: update uvd_v6_0_ring_vm_funcs to use new nop packet
    - drm/amdgpu: fix a reversed condition
    - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode
    - drm/amd/pp: Convert voltage unit in mV*4 to mV on CZ/ST
    - drm/amd/powerplay: fixed uninitialized value
    - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program
    - drm/edid: Quirk Vive Pro VR headset non-desktop.
    - drm/amd/display: fix type of variable
    - drm/amd/display: Don't share clk source between DP and HDMI
    - drm/amd/display: update clk for various HDMI color depths
    - drm/amd/display: Use requested HDMI aspect ratio
    - drm/amd/display: Report non-DP display as disconnected without EDID
    - drm/rockchip: lvds: add missing of_node_put
    - drm/rockchip: vop: split out core clock enablement into separate functions
    - drm/rockchip: vop: fix irq disabled after vop driver probed
    - drm/amd/display: Pass connector id when executing VBIOS CT
    - drm/amd/display: Check if clock source in use before disabling
    - drm/amdgpu: update tmr mc address
    - drm/amdgpu:add tmr mc address into amdgpu_firmware_info
    - drm/amdgpu:add new firmware id for VCN
    - drm/amdgpu:add VCN support in PSP driver
    - drm/amdgpu:add VCN booting with firmware loaded by PSP
    - drm/amdgpu: fix incorrect use of fcheck
    - drm/amdgpu: fix incorrect use of drm_file->pid
    - drm/i915: Re-apply "Perform link quality check, unconditionally during long
      pulse"
    - uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name
    - mm: respect arch_dup_mmap() return value
    - drm/i915: set DP Main Stream Attribute for color range on DDI platforms
    - x86/tsc: Prevent result truncation on 32bit
    - drm/amdgpu: Keep track of amount of pinned CPU visible VRAM
    - drm/amdgpu: Make pin_size values atomic
    - drm/amdgpu: Warn and update pin_size values when destroying a pinned BO
    - drm/amdgpu: Don't warn on destroying a pinned BO
    - debugobjects: Make stack check warning more informative
    - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
    - x86/xen: don't write ptes directly in 32-bit PV guests
    - kbuild: make missing $DEPMOD a Warning instead of an Error
    - kvm: x86: Set highest physical address bits in non-present/reserved SPTEs
    - x86: kvm: avoid unused variable warning
    - HID: redragon: fix num lock and caps lock LEDs
    - ASoC: wm8994: Fix missing break in switch
    - Linux 4.18.8
  * [Regression] Colour banding appears on Lenovo B50-80 integrated display
    (LP: #1788308) // Cosmic update to v4.18.8 stable release (LP: #1793069)
    - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80
  * Fix I2C touchpanels' interrupt storms after system suspend (LP: #1792309)
    - HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen
    - HID: i2c-hid: Don't reset device upon system resume
  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.7.9-3ubuntu6
  * update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers
  * device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests
  * [AEP-bug] ext4: more rare direct I/O vs unmap failures (LP: #1787089)
    - dax: dax_layout_busy_page() warn on !exceptional
    - ext4: handle layout changes to pinned DAX mappings
    - xfs: Close race between direct IO and xfs_break_layouts()
  * [Bug][CLX]assertion failure with util_range_rw using libpmemlog, possible
    kernel DAX bug (LP: #1789146)
    - dax: remove VM_MIXEDMAP for fsdax and device dax
  * [Feature] Optimize huge page clear/copy cache behavior (LP: #1730836)
    - mm, clear_huge_page: move order algorithm into a separate function
    - mm, huge page: copy target sub-page last when copy huge page
    - mm, hugetlbfs: rename address to haddr in hugetlb_cow()
    - mm, hugetlbfs: pass fault address to cow handler
  * [ICL] Touch support (LP: #1771245)
    - mfd: intel-lpss: Add Ice Lake PCI IDs
  * Miscellaneous Ubuntu changes
    - [Packaging] retpoline -- fix temporary filenaming
    - SAUCE: update aufs to aufs4.18 20180910
    - CONFIG_BCH_CONST_PARAMS=n
    - Packaging: final-checks: remove trailing backport suffix

 -- Seth Forshee <email address hidden>  Fri, 05 Oct 2018 15:30:44 -0500

Available diffs

Deleted in bionic-proposed on 2018-10-12 (Reason: NBS)
linux-kvm (4.15.0-1024.24) bionic; urgency=medium

  * linux-kvm: 4.15.0-1024.24 -proposed tracker (LP: #1795572)

  * kvm kernel missing nbd module (LP: #1793976)
    - kvm: [Config] enable BLK_DEV_NBD

  * IP_SET modules not included in kernel build, prevents container
    functionality (LP: #1793841)
    - kvm: [Config] enable IP_SET_* modules

  [ Ubuntu: 4.15.0-37.40 ]

  * linux: 4.15.0-37.40 -proposed tracker (LP: #1795564)
  * hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
    - net: hns3: Add vlan filter setting by ethtool command -K
  * hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel
  * hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
    - scsi: hisi_sas: Add SATA FIS check for v3 hw
  * Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function
  * hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
    - scsi: hisi_sas: Tidy hisi_sas_task_prep()
  * Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw
  * HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout
  * getxattr: always handle namespaced attributes (LP: #1789746)
    - getxattr: use correct xattr length
  * Fix unusable NVIDIA GPU after S3 (LP: #1793338)
    - PCI: Reprogram bridge prefetch registers on resume
  * Fails to boot under Xen PV: BUG: unable to handle kernel paging request at
    edc21fd9 (LP: #1789118)
    - x86/EISA: Don't probe EISA bus for Xen PV guests
  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer
  * SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
    - Input: elantech - enable middle button of touchpad on ThinkPad P72
  * Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver
  * [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()
  * hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF
  * net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex
  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active
  * some nvidia p1000 graphic cards hang during the boot (LP: #1791569)
    - drm/nouveau/gr/gf100-: virtualise tpc_mask + apply fixes from traces
  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.4
  * Fix I2C touchpanels' interrupt storms after system suspend (LP: #1792309)
    - HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen
    - HID: i2c-hid: Don't reset device upon system resume
  * ipmmu is always registered (LP: #1783746)
    - iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-
      VMSA
  * Bionic update: upstream stable patchset 2018-09-27 (LP: #1794889)
    - clocksource/drivers/imx-tpm: Correct some registers operation flow
    - Input: synaptics-rmi4 - fix an unchecked out of memory error path
    - KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update
    - x86: Add check for APIC access address for vmentry of L2 guests
    - MIPS: io: Prevent compiler reordering writeX()
    - nfp: ignore signals when communicating with management FW
    - perf report: Fix switching to another perf.data file
    - fsnotify: fix ignore mask logic in send_to_group()
    - MIPS: io: Add barrier after register read in readX()
    - s390/smsgiucv: disable SMSG on module unload
    - isofs: fix potential memory leak in mount option parsing
    - MIPS: dts: Boston: Fix PCI bus dtc warnings:
    - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR
    - doc: Add vendor prefix for Kieback & Peter GmbH
    - dt-bindings: pinctrl: sunxi: Fix reference to driver
    - dt-bindings: serial: sh-sci: Add support for r8a77965 (H)SCIF
    - dt-bindings: dmaengine: rcar-dmac: document R8A77965 support
    - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux
    - ASoC: rt5514: Add the missing register in the readable table
    - eCryptfs: don't pass up plaintext names when using filename encryption
    - soc: bcm: raspberrypi-power: Fix use of __packed
    - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
    - PCI: kirin: Fix reset gpio name
    - ASoC: topology: Fix bugs of freeing soc topology
    - xen: xenbus_dev_frontend: Really return response string
    - ASoC: topology: Check widget kcontrols before deref.
    - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()
    - blkcg: don't hold blkcg lock when deactivating policy
    - tipc: fix infinite loop when dumping link monitor summary
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - scsi: megaraid_sas: Do not log an error if FW successfully initializes.
    - scsi: target: fix crash with iscsi target and dvd
    - netfilter: nf_tables: NAT chain and extensions require NF_TABLES
    - netfilter: nf_tables: fix out-of-bounds in nft_chain_commit_update
    - ASoC: msm8916-wcd-analog: use threaded context for mbhc events
    - drm/msm: Fix possible null dereference on failure of get_pages()
    - drm/msm/dsi: use correct enum in dsi_get_cmd_fmt
    - drm/msm: don't deref error pointer in the msm_fbdev_create error path
    - blkcg: init root blkcg_gq under lock
    - vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
    - parisc: time: Convert read_persistent_clock() to read_persistent_clock64()
    - scsi: storvsc: Set up correct queue depth values for IDE devices
    - scsi: isci: Fix infinite loop in while loop
    - mm, pagemap: fix swap offset value for PMD migration entry
    - proc: revalidate kernel thread inodes to root:root
    - kexec_file: do not add extra alignment to efi memmap
    - mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
    - usb: typec: ucsi: fix tracepoint related build error
    - ACPI / PM: Blacklist Low Power S0 Idle _DSM for ThinkPad X1 Tablet(2016)
    - dt-bindings: meson-uart: DT fix s/clocks-names/clock-names/
    - net: phy: marvell: clear wol event before setting it
    - ARM: dts: da850: fix W=1 warnings with pinmux node
    - ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70
    - drm/amdkfd: fix clock counter retrieval for node without GPU
    - thermal: int3403_thermal: Fix NULL pointer deref on module load / probe
    - net: ethtool: Add missing kernel doc for FEC parameters
    - arm64: ptrace: remove addr_limit manipulation
    - HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice
    - HID: wacom: Release device resource data obtained by devres_alloc()
    - selftests: ftrace: Add a testcase for multiple actions on trigger
    - rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
    - perf/x86/intel: Don't enable freeze-on-smi for PerfMon V1
    - remoteproc: qcom: Fix potential device node leaks
    - rpmsg: added MODULE_ALIAS for rpmsg_char
    - HID: intel-ish-hid: use put_device() instead of kfree()
    - blk-mq: fix sysfs inflight counter
    - arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
    - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr()
    - libahci: Allow drivers to override stop_engine
    - ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI
    - x86/cpu/intel: Add missing TLB cpuid values
    - bpf: fix uninitialized variable in bpf tools
    - i2c: sprd: Prevent i2c accesses after suspend is called
    - i2c: sprd: Fix the i2c count issue
    - tipc: fix bug in function tipc_nl_node_dump_monitor
    - nvme: depend on INFINIBAND_ADDR_TRANS
    - nvmet-rdma: depend on INFINIBAND_ADDR_TRANS
    - ib_srpt: depend on INFINIBAND_ADDR_TRANS
    - ib_srp: depend on INFINIBAND_ADDR_TRANS
    - IB: make INFINIBAND_ADDR_TRANS configurable
    - IB/uverbs: Fix validating mandatory attributes
    - RDMA/cma: Fix use after destroy access to net namespace for IPoIB
    - RDMA/iwpm: fix memory leak on map_info
    - IB/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV
    - IB/rxe: avoid double kfree_skb
    - <linux/stringhash.h>: fix end_name_hash() for 64bit long
    - IB/core: Make ib_mad_client_id atomic
    - ARM: davinci: board-da830-evm: fix GPIO lookup for MMC/SD
    - ARM: davinci: board-da850-evm: fix GPIO lookup for MMC/SD
    - ARM: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup
    - ARM: davinci: board-dm355-evm: fix broken networking
    - dt-bindings: panel: lvds: Fix path to display timing bindings
    - ARM: OMAP2+: powerdomain: use raw_smp_processor_id() for trace
    - ARM: dts: logicpd-som-lv: Fix WL127x Startup Issues
    - ARM: dts: logicpd-som-lv: Fix Audio Mute
    - Input: atmel_mxt_ts - fix the firmware update
    - hexagon: add memset_io() helper
    - hexagon: export csum_partial_copy_nocheck
    - scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts
    - bpf, x64: fix memleak when not converging after image
    - parisc: drivers.c: Fix section mismatches
    - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
    - kthread, sched/wait: Fix kthread_parkme() wait-loop
    - arm64: tegra: Make BCM89610 PHY interrupt as active low
    - iommu/vt-d: fix shift-out-of-bounds in bug checking
    - nvme: fix potential memory leak in option parsing
    - nvme: Set integrity flag for user passthrough commands
    - ARM: OMAP1: ams-delta: fix deferred_fiq handler
    - smc: fix sendpage() call
    - IB/hfi1 Use correct type for num_user_context
    - IB/hfi1: Fix memory leak in exception path in get_irq_affinity()
    - RDMA/cma: Do not query GID during QP state transition to RTR
    - spi: bcm2835aux: ensure interrupts are enabled for shared handler
    - sched/core: Introduce set_special_state()
    - sh: fix build failure for J2 cpu with SMP disabled
    - tee: check shm references are consistent in offset/size
    - mac80211: Adjust SAE authentication timeout
    - drm/omap: silence unititialized variable warning
    - drm/omap: fix uninitialized ret variable
    - drm/omap: fix possible NULL ref issue in tiler_reserve_2d
    - drm/omap: check return value from soc_device_match
    - drm/omap: handle alloc failures in omap_connector
    - driver core: add __printf verification to __ata_ehi_pushv_desc
    - ARM: dts: cygnus: fix irq type for arm global timer
    - mac80211: use timeout from the AddBA response instead of the request
    - net: aquantia: driver should correctly declare vlan_features bits
    - can: dev: increase bus-off message severity
    - arm64: Add MIDR encoding for NVIDIA CPUs
    - cifs: smb2ops: Fix listxattr() when there are no EAs
    - agp: uninorth: make two functions static
    - tipc: eliminate KMSAN uninit-value in strcmp complaint
    - qed: Fix l2 initializations over iWARP personality
    - qede: Fix gfp flags sent to rdma event node allocation
    - rxrpc: Fix error reception on AF_INET6 sockets
    - rxrpc: Fix the min security level for kernel calls
    - KVM: Extend MAX_IRQ_ROUTES to 4096 for all archs
    - x86: Delay skip of emulated hypercall instruction
    - ixgbe: return error on unsupported SFP module when resetting
    - net sched actions: fix invalid pointer dereferencing if skbedit flags
      missing
    - proc/kcore: don't bounds check against address 0
    - ocfs2: take inode cluster lock before moving reflinked inode from orphan dir
    - kprobes/x86: Prohibit probing on exception masking instructions
    - uprobes/x86: Prohibit probing on MOV SS instruction
    - objtool, kprobes/x86: Sync the latest <asm/insn.h> header with
      tools/objtool/arch/x86/include/asm/insn.h
    - x86/pkeys/selftests: Adjust the self-test to fresh distros that export the
      pkeys ABI
    - x86/mpx/selftests: Adjust the self-test to fresh distros that export the MPX
      ABI
    - x86/selftests: Add mov_to_ss test
    - x86/pkeys/selftests: Give better unexpected fault error messages
    - x86/pkeys/selftests: Stop using assert()
    - x86/pkeys/selftests: Remove dead debugging code, fix dprint_in_signal
    - x86/pkeys/selftests: Allow faults on unknown keys
    - x86/pkeys/selftests: Factor out "instruction page"
    - x86/pkeys/selftests: Add PROT_EXEC test
    - x86/pkeys/selftests: Fix pkey exhaustion test off-by-one
    - x86/pkeys/selftests: Fix pointer math
    - x86/pkeys/selftests: Save off 'prot' for allocations
    - x86/pkeys/selftests: Add a test for pkey 0
    - mtd: Fix comparison in map_word_andequal()
    - afs: Fix the non-encryption of calls
    - usb: musb: fix remote wakeup racing with suspend
    - ARM: keystone: fix platform_domain_notifier array overrun
    - i2c: pmcmsp: return message count on master_xfer success
    - i2c: pmcmsp: fix error return from master_xfer
    - i2c: viperboard: return message count on master_xfer success
    - ARM: davinci: dm646x: fix timer interrupt generation
    - ARM: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF
    - ARM: davinci: board-dm646x-evm: set VPIF capture card name
    - clk: imx6ull: use OSC clock during AXI rate change
    - locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
    - locking/percpu-rwsem: Annotate rwsem ownership transfer by setting
      RWSEM_OWNER_UNKNOWN
    - drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl()
    - sched/debug: Move the print_rt_rq() and print_dl_rq() declarations to
      kernel/sched/sched.h
    - sched/deadline: Make the grub_reclaim() function static
    - parisc: Move setup_profiling_timer() out of init section
    - efi/libstub/arm64: Handle randomized TEXT_OFFSET
    - ARM: 8753/1: decompressor: add a missing parameter to the addruart macro
    - ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the
      kernel
    - ARM: kexec: fix kdump register saving on panic()
    - Revert "Btrfs: fix scrub to repair raid6 corruption"
    - Btrfs: fix scrub to repair raid6 corruption
    - Btrfs: make raid6 rebuild retry more
    - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
    - ibmvnic: Do not notify peers on parameter change resets
    - dt-bindings: net: ravb: Add support for r8a77965 SoC
    - X86/KVM: Properly update 'tsc_offset' to represent the running guest
    - kvm: x86: move MSR_IA32_TSC handling to x86.c
    - ARM: dts: Fix cm2 and prm sizes for omap4
    - powerpc/64s: Default l1d_size to 64K in RFI fallback flush
    - KVM: arm/arm64: vgic: Kick new VCPU on interrupt migration
    - arm64: kasan: avoid pfn_to_nid() before page array is initialized
    - ARM64: dts: meson-gxl: add USB host support
    - ARM64: dts: meson-gxm: add GXM specific USB host configuration
    - ARM64: dts: meson-gxl-s905x-p212: enable the USB controller
    - ARM64: dts: meson-gx-p23x-q20x: enable the USB controller
    - ARM64: dts: meson-gxl-s905x-libretech-cc: enable the USB controller
    - ARM64: dts: meson-gxl-nexbox-a95x: enable the USB controller
    - ARM64: dts: meson-gxm-khadas-vim2: enable the USB controller
    - arm64: dts: correct SATA addresses for Stingray
    - afs: Fix server record deletion
    - proc: fix /proc/loadavg regression
    - s390/qeth: fix request-side race during cmd IO timeout
    - ACPI / scan: Initialize watchdog before PNP
    - CIFS: set *resp_buf_type to NO_BUFFER on error
    - arm64: dts: uniphier: fix input delay value for legacy mode of eMMC
    - igb: Fix the transmission mode of queue 0 for Qav mode
    - RISC-V: build vdso-dummy.o with -no-pie
    - arm64: only advance singlestep for user instruction traps
    - perf pmu: Fix core PMU alias list for X86 platform
    - bpf, x64: fix JIT emission for dead code
    - powerpc/kvm/booke: Fix altivec related build break
    - reset: uniphier: fix USB clock line for LD20
    - nfp: don't depend on eth_tbl being available
    - net: mvpp2: Fix clk error path in mvpp2_probe
    - kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
    - IB/uverbs: Fix validating mandatory attributes
    - RDMA/hns: Intercept illegal RDMA operation when use inline data
    - pinctrl: cherryview: Associate IRQ descriptors to irqdomain
    - kthread, sched/wait: Fix kthread_parkme() completion issue
    - iommu/vt-d: Fix usage of force parameter in intel_ir_reconfigure_irte()
    - nvme/multipath: Disable runtime writable enabling parameter
    - ARM: dts: correct missing "compatible" entry for ti81xx SoCs
    - usb: typec: tps6598x: handle block reads separately with plain-I2C adapters
    - IB/mlx4: Fix integer overflow when calculating optimal MTT size
    - bpf: add map_alloc_check callback
    - bpf: fix possible spectre-v1 in find_and_alloc_map()
    - drm/exynos/mixer: fix synchronization check in interlaced mode
    - drm/exynos: mixer: avoid Oops in vp_video_buffer()
    - bpf: use array_index_nospec in find_prog_type
    - gcc-plugins: fix build condition of SANCOV plugin
    - drm/vc4: Fix oops dereferencing DPI's connector since panel_bridge.
    - nvme: fix use-after-free in nvme_free_ns_head
    - powerpc/pseries: Fix CONFIG_NUMA=n build
    - HID: i2c-hid: Add RESEND_REPORT_DESCR quirk for Toshiba Click Mini L9W-B
    - cifs: Allocate validate negotiation request through kmalloc
    - drm/amdgpu: Switch to interruptable wait to recover from ring hang.
    - rxrpc: Fix missing start of call timeout
    - ARM: dts: imx51-zii-rdu1: fix touchscreen bindings
    - sh: switch to NO_BOOTMEM
    - lib/find_bit_benchmark.c: avoid soft lockup in test_find_first_bit()
    - x86/pkeys/selftests: Avoid printf-in-signal deadlocks
    - afs: Fix address list parsing
    - afs: Fix refcounting in callback registration
    - afs: Fix server rotation's handling of fileserver probe failure
    - afs: Fix VNOVOL handling in address rotation
    - afs: Fix the handling of CB.InitCallBackState3 to find the server by UUID
    - afs: Fix afs_find_server search loop
    - KVM: X86: Lower the default timer frequency limit to 200us
    - platform/x86: DELL_WMI use depends on instead of select for DELL_SMBIOS
    - ARM: replace unnecessary perl with sed and the shell $(( )) operator
  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels
  * Kernel 4.15.0-35.38 fails to build with CONFIG_XFS_ONLINE_SCRUB enabled
    (LP: #1792393)
    - SAUCE: xfs: fix build error with CONFIG_XFS_ONLINE_SCRUB enabled
  * update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: add detection and recovery mechanism for handling missed/misrouted
      MSI-X
    - net: ena: increase ena driver version to 1.5.0
    - net: ena: Eliminate duplicate barriers on weakly-ordered archs
    - SAUCE: ena: devm_kzalloc() -> devm_kcalloc()
    - net: ena: Fix use of uninitialized DMA address bits field
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

 -- Stefan Bader <email address hidden>  Tue, 02 Oct 2018 19:28:31 +0200
Superseded in xenial-security on 2018-11-13
Superseded in xenial-updates on 2018-11-13
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1036.42) xenial; urgency=medium

  * linux-kvm: 4.4.0-1036.42 -proposed tracker (LP: #1795589)

  * Xenial update to 4.4.148 stable release (LP: #1792174)
    - [config] updateconfigs for master changes

  * kvm kernel missing nbd module (LP: #1793976)
    - kvm: [Config] enable BLK_DEV_NBD

  [ Ubuntu: 4.4.0-138.164 ]

  * linux: 4.4.0-138.164 -proposed tracker (LP: #1795582)
  * Linux 4.4.155 stable release build is broken on ppc64 (LP: #1795662)
    - powerpc/fadump: Return error when fadump registration fails
  * Kernel hang on drive pull caused by regression introduced by commit
    287922eb0b18 (LP: #1791790)
    - block: Fix a race between blk_cleanup_queue() and timeout handling
  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer
  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active
  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
  * Xenial update to 4.4.155 stable release (LP: #1792419)
    - net: 6lowpan: fix reserved space for single frames
    - net: mac802154: tx: expand tailroom if necessary
    - 9p/net: Fix zero-copy path in the 9p virtio transport
    - net: lan78xx: Fix misplaced tasklet_schedule() call
    - spi: davinci: fix a NULL pointer dereference
    - drm/i915/userptr: reject zero user_size
    - powerpc/fadump: handle crash memory ranges array index overflow
    - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
    - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
    - 9p/virtio: fix off-by-one error in sg list bounds check
    - net/9p/client.c: version pointer uninitialized
    - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
      kfree()
    - dm cache metadata: save in-core policy_hint_size to on-disk superblock
    - iio: ad9523: Fix displayed phase
    - iio: ad9523: Fix return value for ad952x_store()
    - vmw_balloon: fix inflation of 64-bit GFNs
    - vmw_balloon: do not use 2MB without batching
    - vmw_balloon: VMCI_DOORBELL_SET does not check status
    - vmw_balloon: fix VMCI use when balloon built into kernel
    - tracing: Do not call start/stop() functions when tracing_on does not change
    - tracing/blktrace: Fix to allow setting same value
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - uprobes: Use synchronize_rcu() not synchronize_sched()
    - 9p: fix multiple NULL-pointer-dereferences
    - PM / sleep: wakeup: Fix build error caused by missing SRCU support
    - pnfs/blocklayout: off by one in bl_map_stripe()
    - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - iommu/vt-d: Add definitions for PFSID
    - iommu/vt-d: Fix dev iotlb pfsid use
    - osf_getdomainname(): use copy_to_user()
    - sys: don't hold uts_sem while accessing userspace memory
    - userns: move user access out of the mutex
    - ubifs: Fix memory leak in lprobs self-check
    - Revert "UBIFS: Fix potential integer overflow in allocation"
    - ubifs: Check data node size before truncate
    - ubifs: Fix synced_i_size calculation for xattr inodes
    - pwm: tiehrpwm: Fix disabling of output of PWMs
    - fb: fix lost console when the user unplugs a USB adapter
    - udlfb: set optimal write delay
    - getxattr: use correct xattr length
    - bcache: release dc->writeback_lock properly in bch_writeback_thread()
    - perf auxtrace: Fix queue resize
    - fs/quota: Fix spectre gadget in do_quotactl
    - x86/io: add interface to reserve io memtype for a resource range. (v1.1)
    - drm/drivers: add support for using the arch wc mapping API.
    - Linux 4.4.155
  * Xenial update to 4.4.154 stable release (LP: #1792392)
    - sched/sysctl: Check user input value of sysctl_sched_time_avg
    - Cipso: cipso_v4_optptr enter infinite loop
    - vti6: fix PMTU caching and reporting on xmit
    - xfrm: fix missing dst_release() after policy blocking lbcast and multicast
    - xfrm: free skb if nlsk pointer is NULL
    - mac80211: add stations tied to AP_VLANs during hw reconfig
    - nl80211: Add a missing break in parse_station_flags
    - drm/bridge: adv7511: Reset registers on hotplug
    - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
    - drm/imx: imx-ldb: disable LDB on driver bind
    - drm/imx: imx-ldb: check if channel is enabled before printing warning
    - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in
      init_controller()
    - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in
      r8a66597_queue()
    - usb/phy: fix PPC64 build errors in phy-fsl-usb.c
    - tools: usb: ffs-test: Fix build on big endian systems
    - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
    - tools/power turbostat: fix -S on UP systems
    - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
    - qed: Fix possible race for the link state value.
    - atl1c: reserve min skb headroom
    - net: prevent ISA drivers from building on PPC32
    - can: mpc5xxx_can: check of_iomap return before use
    - i2c: davinci: Avoid zero value of CLKH
    - media: staging: omap4iss: Include asm/cacheflush.h after generic includes
    - bnx2x: Fix invalid memory access in rss hash config path.
    - net: axienet: Fix double deregister of mdio
    - selftests/ftrace: Add snapshot and tracing_on test case
    - zswap: re-check zswap_is_full() after do zswap_shrink()
    - tools/power turbostat: Read extended processor family from CPUID
    - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
    - enic: handle mtu change for vf properly
    - arc: fix build errors in arc/include/asm/delay.h
    - arc: fix type warnings in arc/mm/cache.c
    - drivers: net: lmc: fix case value for target abort error
    - scsi: fcoe: drop frames in ELS LOGO error path
    - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
    - mm/memory.c: check return value of ioremap_prot
    - cifs: add missing debug entries for kconfig options
    - cifs: check kmalloc before use
    - smb3: Do not send SMB3 SET_INFO if nothing changed
    - smb3: don't request leases in symlink creation and query
    - btrfs: don't leak ret from do_chunk_alloc
    - s390/kvm: fix deadlock when killed by oom
    - ext4: check for NUL characters in extended attribute's name
    - ext4: sysfs: print ext4_super_block fields as little-endian
    - ext4: reset error code in ext4_find_entry in fallback
    - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
    - KVM: arm/arm64: Skip updating PTE entry if no change
    - KVM: arm/arm64: Skip updating PMD entry if no change
    - x86/speculation/l1tf: Suggest what to do on systems with too much RAM
    - x86/process: Re-export start_thread()
    - fuse: Don't access pipe->buffers without pipe_lock()
    - fuse: fix double request_end()
    - fuse: fix unlocked access to processing queue
    - fuse: umount should wait for all requests
    - fuse: Fix oops at process_init_reply()
    - fuse: Add missed unlock_page() to fuse_readpages_fill()
    - udl-kms: change down_interruptible to down
    - udl-kms: handle allocation failure
    - udl-kms: fix crash due to uninitialized memory
    - ASoC: dpcm: don't merge format from invalid codec dai
    - ASoC: sirf: Fix potential NULL pointer dereference
    - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
    - x86/irqflags: Mark native_restore_fl extern inline
    - s390: fix br_r1_trampoline for machines without exrl
    - s390/qdio: reset old sbal_state flags
    - kprobes: Make list and blacklist root user read only
    - MIPS: Correct the 64-bit DSP accumulator register size
    - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
    - scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
    - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
    - iscsi target: fix session creation failure handling
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
    - Linux 4.4.154
  * Xenial update to 4.4.153 stable release (LP: #1792383)
    - x86/mm: Fix use-after-free of ldt_struct
    - ovl: Ensure upper filesystem supports d_type
    - ovl: Do d_type check only if work dir creation was successful
    - ovl: warn instead of error if d_type is not supported
    - Linux 4.4.153
  * Xenial update to 4.4.152 stable release (LP: #1792377)
    - ARC: Explicitly add -mmedium-calls to CFLAGS
    - netfilter: ipv6: nf_defrag: reduce struct net memory waste
    - selftests: pstore: return Kselftest Skip code for skipped tests
    - selftests: static_keys: return Kselftest Skip code for skipped tests
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: zram: return Kselftest Skip code for skipped tests
    - selftests: sync: add config fragment for testing sync framework
    - ARM: dts: Cygnus: Fix I2C controller interrupt type
    - usb: dwc2: fix isoc split in transfer with no data
    - usb: gadget: composite: fix delayed_status race condition when set_interface
    - usb: gadget: dwc2: fix memory leak in gadget_init()
    - scsi: xen-scsifront: add error handling for xenbus_printf
    - arm64: make secondary_start_kernel() notrace
    - qed: Add sanity check for SIMD fastpath handler.
    - enic: initialize enic->rfs_h.lock in enic_probe
    - net: hamradio: use eth_broadcast_addr
    - net: propagate dev_get_valid_name return code
    - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
    - net: davinci_emac: match the mdio device against its compatible if possible
    - locking/lockdep: Do not record IRQ state within lockdep code
    - ipv6: mcast: fix unsolicited report interval after receiving querys
    - Smack: Mark inode instant in smack_task_to_inode
    - cxgb4: when disabling dcb set txq dcb priority to 0
    - brcmfmac: stop watchdog before detach and free everything
    - ARM: dts: am437x: make edt-ft5x06 a wakeup source
    - usb: xhci: increase CRS timeout value
    - perf test session topology: Fix test on s390
    - perf report powerpc: Fix crash if callchain is empty
    - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
    - ARM: dts: da850: Fix interrups property for gpio
    - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
    - md/raid10: fix that replacement cannot complete recovery after reassemble
    - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
    - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
    - drm/exynos: decon5433: Fix WINCONx reset value
    - bnx2x: Fix receiving tx-timeout in error or recovery state.
    - m68k: fix "bad page state" oops on ColdFire boot
    - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
    - ARM: imx_v6_v7_defconfig: Select ULPI support
    - ARM: imx_v4_v5_defconfig: Select ULPI support
    - tracing: Use __printf markup to silence compiler
    - kasan: fix shadow_size calculation error in kasan_module_alloc
    - smsc75xx: Add workaround for gigabit link up hardware errata.
    - netfilter: x_tables: set module owner for icmp(6) matches
    - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
    - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
    - ieee802154: at86rf230: use __func__ macro for debug messages
    - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
    - drm/armada: fix colorkey mode property
    - bnxt_en: Fix for system hang if request_irq fails
    - perf llvm-utils: Remove bashism from kernel include fetch script
    - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
    - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
    - ixgbe: Be more careful when modifying MAC filters
    - packet: reset network header if packet shorter than ll reserved space
    - qlogic: check kstrtoul() for errors
    - tcp: remove DELAYED ACK events in DCTCP
    - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
    - net/ethernet/freescale/fman: fix cross-build error
    - net: usb: rtl8150: demote allmulti message to dev_dbg()
    - net: qca_spi: Avoid packet drop during initial sync
    - net: qca_spi: Make sure the QCA7000 reset is triggered
    - net: qca_spi: Fix log level if probe fails
    - tcp: identify cryptic messages as TCP seq # bugs
    - staging: android: ion: check for kref overflow
    - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - parisc: Remove ordered stores from syscall.S
    - xfrm_user: prevent leaking 2 bytes of kernel memory
    - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
    - packet: refine ring v3 block size test to hold one frame
    - bridge: Propagate vlan add failure to user
    - parisc: Remove unnecessary barriers from spinlock.h
    - PCI: hotplug: Don't leak pci_slot on registration failure
    - PCI: Skip MPS logic for Virtual Functions (VFs)
    - PCI: pciehp: Fix use-after-free on unplug
    - i2c: imx: Fix race condition in dma read
    - reiserfs: fix broken xattr handling (heap corruption, bad retval)
    - Linux 4.4.152
  * Xenial update to 4.4.151 stable release (LP: #1792340)
    - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
    - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
    - llc: use refcount_inc_not_zero() for llc_sap_find()
    - net_sched: Fix missing res info when create new tc_index filter
    - vsock: split dwork to avoid reinitializations
    - net_sched: fix NULL pointer dereference when delete tcindex filter
    - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs
    - ALSA: hda - Turn CX8200 into D3 as well upon reboot
    - ALSA: vx222: Fix invalid endian conversions
    - ALSA: virmidi: Fix too long output trigger loop
    - ALSA: cs5535audio: Fix invalid endian conversion
    - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry
    - ALSA: memalloc: Don't exceed over the requested size
    - ALSA: vxpocket: Fix invalid endian conversions
    - USB: serial: sierra: fix potential deadlock at close
    - USB: option: add support for DW5821e
    - ACPI: save NVS memory for Lenovo G50-45
    - ACPI / PM: save NVS memory for ASUS 1025C laptop
    - serial: 8250_dw: always set baud rate in dw8250_set_termios
    - Bluetooth: avoid killing an already killed socket
    - isdn: Disable IIOCDBGVAR
    - Linux 4.4.151
  * Xenial update to 4.4.150 stable release (LP: #1792336)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion
    - Linux 4.4.150
  * Xenial update to 4.4.149 stable release (LP: #1792310)
    - x86/mm: Disable ioremap free page handling on x86-PAE
    - tcp: Fix missing range_truesize enlargement in the backport
    - kasan: don't emit builtin calls when sanitization is off
    - i2c: ismt: fix wrong device address when unmap the data buffer
    - kbuild: verify that $DEPMOD is installed
    - crypto: vmac - require a block cipher with 128-bit block size
    - crypto: vmac - separate tfm and request context
    - crypto: blkcipher - fix crash flushing dcache in error path
    - crypto: ablkcipher - fix crash flushing dcache in error path
    - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization
    - ioremap: Update pgtable free interfaces with addr
    - x86/mm: Add TLB purge to free pmd/pte page interfaces
    - Linux 4.4.149
  * Xenial update to 4.4.149 stable release (LP: #1792310) // CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report
  * Xenial update to 4.4.148 stable release (LP: #1792174)
    - ext4: fix check to prevent initializing reserved inodes
    - tpm: fix race condition in tpm_common_write()
    - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
    - fork: unconditionally clear stack on fork
    - parisc: Enable CONFIG_MLONGCALLS by default
    - parisc: Define mb() and add memory barriers to assembler unlock sequences
    - xen/netfront: don't cache skb_shinfo()
    - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
    - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management
      enabled
    - root dentries need RCU-delayed freeing
    - fix mntput/mntput race
    - fix __legitimize_mnt()/mntput() race
    - IB/core: Make testing MR flags for writability a static inline function
    - IB/mlx4: Mark user MR as writable if actual virtual memory is writable
    - IB/ocrdma: fix out of bounds access to local buffer
    - ARM: dts: imx6sx: fix irq for pcie bridge
    - kprobes/x86: Fix %p uses in error messages
    - x86/irqflags: Provide a declaration for native_save_fl
    - SAUCE: Sync pgtable_64.h with upstream stable
    - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
    - SAUCE: Sync pgtable-3level.h with upstream stable
    - SAUCE: Sync pgtable.h with upstream stable
    - mm: Add vm_insert_pfn_prot()
    - mm: fix cache mode tracking in vm_insert_mixed()
    - x86/mm/kmmio: Make the tracer robust against L1TF
    - x86/init: fix build with CONFIG_SWAP=n
    - Linux 4.4.148
  * Xenial update to 4.4.147 stable release (LP: #1792109)
    - scsi: qla2xxx: Fix ISP recovery on unload
    - scsi: qla2xxx: Return error when TMF returns
    - genirq: Make force irq threading setup more robust
    - nohz: Fix local_timer_softirq_pending()
    - netlink: Do not subscribe to non-existent groups
    - netlink: Don't shift with UB on nlk->ngroups
    - netlink: Don't shift on 64 for ngroups
    - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
    - ring_buffer: tracing: Inherit the tracing setting to next ring buffer
    - i2c: imx: Fix reinit_completion() use
    - Linux 4.4.147
  * Xenial update to 4.4.146 stable release (LP: #1791953)
    - MIPS: Fix off-by-one in pci_resource_to_user()
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
    - infiniband: fix a possible use-after-free bug
    - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
    - powerpc/64s: Fix compiler store ordering to SLB shadow area
    - RDMA/mad: Convert BUG_ONs to error flows
    - disable loading f2fs module on PAGE_SIZE > 4KB
    - f2fs: fix to don't trigger writeback during recovery
    - usbip: usbip_detach: Fix memory, udev context and udev leak
    - perf/x86/intel/uncore: Correct fixed counter index check in generic code
    - perf/x86/intel/uncore: Correct fixed counter index check for NHM
    - iwlwifi: pcie: fix race in Rx buffer allocator
    - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
    - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
    - ASoC: dpcm: fix BE dai not hw_free and shutdown
    - mfd: cros_ec: Fail early if we cannot identify the EC
    - mwifiex: handle race during mwifiex_usb_disconnect
    - wlcore: sdio: check for valid platform device data before suspend
    - media: videobuf2-core: don't call memop 'finish' when queueing
    - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
    - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
    - PCI: Prevent sysfs disable of device while driver is attached
    - ath: Add regulatory mapping for FCC3_ETSIC
    - ath: Add regulatory mapping for ETSI8_WORLD
    - ath: Add regulatory mapping for APL13_WORLD
    - ath: Add regulatory mapping for APL2_FCCA
    - ath: Add regulatory mapping for Uganda
    - ath: Add regulatory mapping for Tanzania
    - ath: Add regulatory mapping for Serbia
    - ath: Add regulatory mapping for Bermuda
    - ath: Add regulatory mapping for Bahamas
    - powerpc/32: Add a missing include header
    - powerpc/chrp/time: Make some functions static, add missing header include
    - powerpc/powermac: Add missing prototype for note_bootable_part()
    - powerpc/powermac: Mark variable x as unused
    - powerpc/8xx: fix invalid register expression in head_8xx.S
    - pinctrl: at91-pio4: add missing of_node_put
    - PCI: pciehp: Request control of native hotplug only if supported
    - mwifiex: correct histogram data with appropriate index
    - scsi: ufs: fix exception event handling
    - ALSA: emu10k1: Rate-limit error messages about page errors
    - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
    - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
    - media: smiapp: fix timeout checking in smiapp_read_nvm
    - ALSA: usb-audio: Apply rate limit to warning messages in URB complete
      callback
    - HID: hid-plantronics: Re-resend Update to map button for PTT products
    - drm/radeon: fix mode_valid's return type
    - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by
      Starlet
    - HID: i2c-hid: check if device is there before really probing
    - tty: Fix data race in tty_insert_flip_string_fixed_flag
    - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
    - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
    - libata: Fix command retry decision
    - media: saa7164: Fix driver name in debug output
    - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
    - brcmfmac: Add support for bcm43364 wireless chipset
    - s390/cpum_sf: Add data entry sizes to sampling trailer entry
    - perf: fix invalid bit in diagnostic entry
    - scsi: 3w-9xxx: fix a missing-check bug
    - scsi: 3w-xxxx: fix a missing-check bug
    - scsi: megaraid: silence a static checker bug
    - thermal: exynos: fix setting rising_threshold for Exynos5433
    - bpf: fix references to free_bpf_prog_info() in comments
    - media: siano: get rid of __le32/__le16 cast warnings
    - drm/atomic: Handling the case when setting old crtc for plane
    - ALSA: hda/ca0132: fix build failure when a local macro is defined
    - memory: tegra: Do not handle spurious interrupts
    - memory: tegra: Apply interrupts mask per SoC
    - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
    - ipconfig: Correctly initialise ic_nameservers
    - rsi: Fix 'invalid vdd' warning in mmc
    - audit: allow not equal op for audit by executable
    - microblaze: Fix simpleImage format generation
    - usb: hub: Don't wait for connect state at resume for powered-off ports
    - crypto: authencesn - don't leak pointers to authenc keys
    - crypto: authenc - don't leak pointers to authenc keys
    - media: omap3isp: fix unbalanced dma_iommu_mapping
    - scsi: scsi_dh: replace too broad "TP9" string with the exact models
    - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
    - media: si470x: fix __be16 annotations
    - drm: Add DP PSR2 sink enable bit
    - random: mix rdrand with entropy sent in from userspace
    - squashfs: be more careful about metadata corruption
    - ext4: fix inline data updates with checksums enabled
    - ext4: check for allocation block validity with block group locked
    - dmaengine: pxa_dma: remove duplicate const qualifier
    - ASoC: pxa: Fix module autoload for platform drivers
    - ipv4: remove BUG_ON() from fib_compute_spec_dst
    - net: fix amd-xgbe flow-control issue
    - net: lan78xx: fix rx handling before first packet is send
    - xen-netfront: wait xenbus state change when load module manually
    - NET: stmmac: align DMA stuff to largest cache line length
    - tcp: do not force quickack when receiving out-of-order packets
    - tcp: add max_quickacks param to tcp_incr_quickack and
      tcp_enter_quickack_mode
    - tcp: do not aggressively quick ack after ECN events
    - tcp: refactor tcp_ecn_check_ce to remove sk type cast
    - tcp: add one more quick ack after after ECN events
    - inet: frag: enforce memory limits earlier
    - net: dsa: Do not suspend/resume closed slave_dev
    - netlink: Fix spectre v1 gadget in netlink_create()
    - squashfs: more metadata hardening
    - squashfs: more metadata hardenings
    - can: ems_usb: Fix memory leak on ems_usb_disconnect()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - virtio_balloon: fix another race between migration and ballooning
    - kvm: x86: vmx: fix vpid leak
    - crypto: padlock-aes - Fix Nano workaround data corruption
    - scsi: sg: fix minor memory leak in error path
    - Linux 4.4.146
  * Xenial update to 4.4.145 stable release (LP: #1791942)
    - MIPS: ath79: fix register address in ath79_ddr_wb_flush()
    - ip: hash fragments consistently
    - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
    - rtnetlink: add rtnl_link_state check in rtnl_configure_link
    - tcp: fix dctcp delayed ACK schedule
    - tcp: helpers to send special DCTCP ack
    - tcp: do not cancel delay-AcK on DCTCP special ACK
    - tcp: do not delay ACK in DCTCP upon CE status change
    - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
    - usb: cdc_acm: Add quirk for Castles VEGA3000
    - usb: core: handle hub C_PORT_OVER_CURRENT condition
    - usb: gadget: f_fs: Only return delayed status when len is 0
    - driver core: Partially revert "driver core: correct device's shutdown order"
    - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
    - can: xilinx_can: fix recovery from error states not being propagated
    - can: xilinx_can: fix device dropping off bus on RX overrun
    - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
    - can: xilinx_can: fix incorrect clear of non-processed interrupts
    - can: xilinx_can: fix RX overflow interrupt not being enabled
    - turn off -Wattribute-alias
    - ARM: fix put_user() for gcc-8
    - Linux 4.4.145
  * kernel panic - null pointer dereference on ipset operations (LP: #1793753)
    - netfilter: ipset: fix race condition in ipset save, swap and delete
    - netfilter: ipset: Fix race between dump and swap
  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels
  * update ENA driver to latest mainline version (LP: #1792044)
    - net: ena: Remove redundant unlikely()
    - net: ena: reduce the severity of some printouts
    - net: ena: fix rare kernel crash when bar memory remap fails
    - net: ena: fix wrong max Tx/Rx queues on ethtool
    - net: ena: improve ENA driver boot time.
    - net: ena: remove legacy suspend suspend/resume support
    - net: ena: add power management ops to the ENA driver
    - net: ena: add statistics for missed tx packets
    - net: ena: add new admin define for future support of IPv6 RSS
    - net: ena: increase ena driver version to 1.3.0
    - net: ena: fix race condition between device reset and link up setup
    - net: ena: add detection and recovery mechanism for handling missed/misrouted
      MSI-X
    - net: ena: increase ena driver version to 1.5.0
    - net: ena: fix error handling in ena_down() sequence
    - net: ena: Eliminate duplicate barriers on weakly-ordered archs
    - SAUCE: ena: devm_kzalloc() -> devm_kcalloc()
    - net: ena: Fix use of uninitialized DMA address bits field
    - net: ena: fix surprise unplug NULL dereference kernel crash
    - net: ena: fix driver when PAGE_SIZE == 64kB
    - net: ena: fix device destruction to gracefully free resources
    - net: ena: fix potential double ena_destroy_device()
    - net: ena: fix missing lock during device destruction
    - net: ena: fix missing calls to READ_ONCE
    - net: ena: fix incorrect usage of memory barriers

 -- Kleber Sacilotto de Souza <email address hidden>  Tue, 02 Oct 2018 16:20:12 +0000
Superseded in cosmic-release on 2018-10-14
Deleted in cosmic-proposed on 2018-10-15 (Reason: moved to release)
linux-kvm (4.18.0-1002.2) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1001.1 -proposed tracker (LP: #1795413)

  * Miscellaneous Ubuntu changes
    - kvm: [Config] CONFIG_HARDENED_USERCOPY=y
    - kvm: [Config] CONFIG_DEBUG_WX=y

 -- Seth Forshee <email address hidden>  Mon, 01 Oct 2018 09:27:19 -0500
Deleted in cosmic-proposed on 2018-10-08 (Reason: NBS)
linux-kvm (4.18.0-1001.1) cosmic; urgency=medium

  * linux-kvm: 4.18.0-1001.1 -proposed tracker (LP: #1794807)

  * Initial linux-kvm based on Ubuntu Cosmic (4.18.0-8.9)

  * IP_SET modules not included in kernel build, prevents container
    functionality (LP: #1793841)
    - kvm: [Config] enable IP_SET_* modules

 -- Seth Forshee <email address hidden>  Thu, 27 Sep 2018 09:49:32 -0500
Superseded in bionic-updates on 2018-10-22
Superseded in bionic-security on 2018-11-13
Deleted in cosmic-proposed (Reason: NBS)
Deleted in bionic-proposed (Reason: NBS)
linux-kvm (4.15.0-1023.23) bionic; urgency=medium

  [ Ubuntu: 4.15.0-36.39 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

Superseded in xenial-security on 2018-10-22
Superseded in xenial-updates on 2018-10-22
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1035.41) xenial; urgency=medium

  [ Ubuntu: 4.4.0-137.163 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

Deleted in cosmic-proposed on 2018-09-27 (Reason: NBS)
Deleted in bionic-proposed on 2018-09-27 (Reason: NBS)
linux-kvm (4.15.0-1022.22) bionic; urgency=medium

  * linux-kvm: 4.15.0-1022.22 -proposed tracker (LP: #1791731)

  * [Regression] kernel crashdump fails on arm64 (LP: #1786878)
    - [Config] CONFIG_ARCH_SUPPORTS_ACPI=y

  * please include the kernel module IPIP (LP: #1790605)
    - kvm: [config] enable CONFIG_NET_IPIP

  [ Ubuntu: 4.15.0-35.38 ]

  * linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
  * device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests
  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563)
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
  * CVE-2017-5715 (Spectre v2 s390x)
    - KVM: s390: implement CPU model only facilities
    - s390: detect etoken facility
    - KVM: s390: add etoken support for guests
    - s390/lib: use expoline for all bcr instructions
    - s390: fix br_r1_trampoline for machines without exrl
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
  * Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
    disabled (performance) (LP: #1790602)
    - cpuidle: powernv: Fix promotion from snooze if next state disabled
  * Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
    - powerpc: hard disable irqs in smp_send_stop loop
    - powerpc: Fix deadlock with multiple calls to smp_send_stop
    - powerpc: smp_send_stop do not offline stopped CPUs
    - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled
  * Security fix: check if IOMMU page is contained in the pinned physical page
    (LP: #1785675)
    - vfio/spapr: Use IOMMU pageshift rather than pagesize
    - KVM: PPC: Check if IOMMU page is contained in the pinned physical page
  * Missing Intel GPU pci-id's (LP: #1789924)
    - drm/i915/kbl: Add KBL GT2 sku
    - drm/i915/whl: Introducing Whiskey Lake platform
    - drm/i915/aml: Introducing Amber Lake platform
    - drm/i915/cfl: Add a new CFL PCI ID.
  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB
  * Support Power Management for Thunderbolt Controller  (LP: #1789358)
    - thunderbolt: Handle NULL boot ACL entries properly
    - thunderbolt: Notify userspace when boot_acl is changed
    - thunderbolt: Use 64-bit DMA mask if supported by the platform
    - thunderbolt: Do not unnecessarily call ICM get route
    - thunderbolt: No need to take tb->lock in domain suspend/complete
    - thunderbolt: Use correct ICM commands in system suspend
    - thunderbolt: Add support for runtime PM
  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup
  * [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
    for arm64 using SMC firmware call to set a hardware chicken bit
    (LP: #1787993) // CVE-2018-3639 (arm64)
    - arm64: alternatives: Add dynamic patching feature
    - KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
    - KVM: arm64: Avoid storing the vcpu pointer on the stack
    - arm/arm64: smccc: Add SMCCC-specific return codes
    - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
    - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
    - arm64: Add ARCH_WORKAROUND_2 probing
    - arm64: Add 'ssbd' command-line option
    - arm64: ssbd: Add global mitigation state accessor
    - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
    - arm64: ssbd: Restore mitigation status on CPU resume
    - arm64: ssbd: Introduce thread flag to control userspace mitigation
    - arm64: ssbd: Add prctl interface for per-thread mitigation
    - arm64: KVM: Add HYP per-cpu accessors
    - arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
    - arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
    - arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
    - [Config] ARM64_SSBD=y
  * Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
    - Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
      process"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
      message"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
      response"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix comments for
      hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for using wrong mask and
      shift in hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for reset_level default
      assignment probelm"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unnecessary ring
      configuration operation while resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix return value error in
      hns3_reset_notify_down_enet"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for phy link issue when using marvell
      phy driver"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
      resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: correct reset event status
      register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent to request reset
      frequently"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: reset net device with rtnl_lock"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify the order of initializeing
      command queue register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent sending command during
      global or core reset"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the warning when clear
      reset cause"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix get_vector ops in
      hclgevf_main module"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix warning bug when doing lp
      selftest"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add configure for mac minimal
      frame size"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for mailbox message truncated
      problem"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for l4 checksum offload bug"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for waterline not setting
      correctly"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for mac pause not disable in
      pfc mode"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix tc setup when netdev is first
      up"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: Add SPDX tags to hns3 driver"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused struct member and
      definition"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix mislead parameter name"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify inconsistent bit mask
      macros"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: use decimal for bit offset
      macros"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix unreasonable code comments"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove extra space and brackets"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: standardize the handle of return
      value"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some redundant
      assignments"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix unused function warning in VF
      driver"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify hnae_ to hnae3_"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: use dma_zalloc_coherent instead
      of kzalloc/dma_map_single"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: give default option while
      dependency HNS3 set"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some unused members of
      some structures"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove a redundant
      hclge_cmd_csq_done"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: using modulo for cyclic counters
      in hclge_cmd_send"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: simplify hclge_cmd_csq_clean"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove some redundant
      assignments"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove useless code in
      hclge_cmd_send"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused
      hclge_ring_to_dma_dir"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: use lower_32_bits and
      upper_32_bits"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove back in struct hclge_hw"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add unlikely for error check"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the Redundant put_vector
      in hns3_client_uninit"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: print the ret value in error
      information"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: extraction an interface for state
      state init|uninit"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unused head file in
      hnae3.c"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add l4_type check for both ipv4
      and ipv6"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add vector status check before
      free vector"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: rename the interface for
      init_client_instance and uninit_client_instance"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove hclge_get_vector_index
      from hclge_bind_ring_with_vector"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: RX BD information valid only in
      last BD except VLD bit and buffer size"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: add support for serdes loopback
      selftest"
    - net: hns3: Updates RX packet info fetch in case of multi BD
    - net: hns3: remove unused hclgevf_cfg_func_mta_filter
    - net: hns3: Fix for VF mailbox cannot receiving PF response
    - net: hns3: Fix for VF mailbox receiving unknown message
    - net: hns3: Optimize PF CMDQ interrupt switching process
    - net: hns3: remove hclge_get_vector_index from hclge_bind_ring_with_vector
    - net: hns3: rename the interface for init_client_instance and
      uninit_client_instance
    - net: hns3: add vector status check before free vector
    - net: hns3: add l4_type check for both ipv4 and ipv6
    - net: hns3: add unlikely for error check
    - net: hns3: remove unused head file in hnae3.c
    - net: hns3: extraction an interface for state init|uninit
    - net: hns3: print the ret value in error information
    - net: hns3: remove the Redundant put_vector in hns3_client_uninit
    - net: hns3: remove back in struct hclge_hw
    - net: hns3: use lower_32_bits and upper_32_bits
    - net: hns3: remove unused hclge_ring_to_dma_dir
    - net: hns3: remove useless code in hclge_cmd_send
    - net: hns3: remove some redundant assignments
    - net: hns3: simplify hclge_cmd_csq_clean
    - net: hns3: remove a redundant hclge_cmd_csq_done
    - net: hns3: remove some unused members of some structures
    - net: hns3: give default option while dependency HNS3 set
    - net: hns3: use dma_zalloc_coherent instead of kzalloc/dma_map_single
    - net: hns3: modify hnae_ to hnae3_
    - net: hns3: Fix tc setup when netdev is first up
    - net: hns3: Fix for mac pause not disable in pfc mode
    - net: hns3: Fix for waterline not setting correctly
    - net: hns3: Fix for l4 checksum offload bug
    - net: hns3: Fix for mailbox message truncated problem
    - net: hns3: Add configure for mac minimal frame size
    - net: hns3: Fix warning bug when doing lp selftest
    - net: hns3: Fix get_vector ops in hclgevf_main module
    - net: hns3: Remove the warning when clear reset cause
    - net: hns3: Prevent sending command during global or core reset
    - net: hns3: Modify the order of initializing command queue register
    - net: hns3: Reset net device with rtnl_lock
    - net: hns3: Prevent to request reset frequently
    - net: hns3: Correct reset event status register
    - net: hns3: Fix return value error in hns3_reset_notify_down_enet
    - net: hns3: remove unnecessary ring configuration operation while resetting
    - net: hns3: Fix for reset_level default assignment probelm
    - net: hns3: Fix for using wrong mask and shift in
      hclge_get_ring_chain_from_mbx
    - net: hns3: Fix comments for hclge_get_ring_chain_from_mbx
    - net: hns3: Remove some redundant assignments
    - net: hns3: Standardize the handle of return value
    - net: hns3: Remove extra space and brackets
    - net: hns3: Correct unreasonable code comments
    - net: hns3: Use decimal for bit offset macros
    - net: hns3: Modify inconsistent bit mask macros
    - net: hns3: Fix misleading parameter name
    - net: hns3: Remove unused struct member and definition
    - net: hns3: Add SPDX tags to HNS3 PF driver
    - net: hns3: Add support for serdes loopback selftest
    - net: hns3: Fix for phy link issue when using marvell phy driver
    - SAUCE: {topost} net: hns3: separate roce from nic when resetting
  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt
  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
  * Bionic update: upstream stable patchset 2018-08-31 (LP: #1790188)
    - netfilter: nf_tables: fix NULL pointer dereference on
      nft_ct_helper_obj_dump()
    - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers
    - af_key: Always verify length of provided sadb_key
    - gpio: No NULL owner
    - KVM: X86: Fix reserved bits check for MOV to CR3
    - KVM: x86: introduce linear_{read,write}_system
    - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and
      kvm_write_guest_virt_system
    - staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
    - NFC: pn533: don't send USB data off of the stack
    - usbip: vhci_sysfs: fix potential Spectre v1
    - usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver
    - usb-storage: Add compatibility quirk flags for G-Technologies G-Drive
    - Input: xpad - add GPD Win 2 Controller USB IDs
    - phy: qcom-qusb2: Fix crash if nvmem cell not specified
    - usb: gadget: function: printer: avoid wrong list handling in printer_write()
    - usb: gadget: udc: renesas_usb3: disable the controller's irqs for
      reconnecting
    - serial: sh-sci: Stop using printk format %pCr
    - tty/serial: atmel: use port->name as name in request_irq()
    - serial: samsung: fix maxburst parameter for DMA transactions
    - serial: 8250: omap: Fix idling of clocks for unused uarts
    - vmw_balloon: fixing double free when batching mode is off
    - tty: pl011: Avoid spuriously stuck-off interrupts
    - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
    - Input: goodix - add new ACPI id for GPD Win 2 touch screen
    - crypto: caam - strip input zeros from RSA input buffer
    - crypto: caam - fix DMA mapping dir for generated IV
    - crypto: caam - fix IV DMA mapping and updating
    - crypto: caam/qi - fix IV DMA mapping and updating
    - crypto: caam - fix size of RSA prime factor q
    - crypto: vmx - Remove overly verbose printk from AES init routines
    - crypto: vmx - Remove overly verbose printk from AES XTS init
    - crypto: omap-sham - fix memleak
    - usb: typec: wcove: Remove dependency on HW FSM
    - usb: gadget: udc: renesas_usb3: fix double phy_put()
    - usb: gadget: udc: renesas_usb3: should remove debugfs
    - usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add
      udc
    - usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add udc
    - usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns error
  * Bionic update: upstream stable patchset 2018-08-29 (LP: #1789666)
    - scsi: sd_zbc: Avoid that resetting a zone fails sporadically
    - mmap: introduce sane default mmap limits
    - mmap: relax file size limit for regular files
    - btrfs: define SUPER_FLAG_METADUMP_V2
    - kconfig: Avoid format overflow warning from GCC 8.1
    - be2net: Fix error detection logic for BE3
    - bnx2x: use the right constant
    - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
    - enic: set DMA mask to 47 bit
    - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
    - ip6_tunnel: remove magic mtu value 0xFFF8
    - ipmr: properly check rhltable_init() return value
    - ipv4: remove warning in ip_recv_error
    - ipv6: omit traffic class when calculating flow hash
    - isdn: eicon: fix a missing-check bug
    - kcm: Fix use-after-free caused by clonned sockets
    - netdev-FAQ: clarify DaveM's position for stable backports
    - net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy
    - net: metrics: add proper netlink validation
    - net/packet: refine check for priv area size
    - net: phy: broadcom: Fix bcm_write_exp()
    - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
    - packet: fix reserve calculation
    - qed: Fix mask for physical address in ILT entry
    - sctp: not allow transport timeout value less than HZ/5 for hb_timer
    - team: use netdev_features_t instead of u32
    - vhost: synchronize IOTLB message with dev cleanup
    - vrf: check the original netdevice for generating redirect
    - ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline
    - net: phy: broadcom: Fix auxiliary control register reads
    - net-sysfs: Fix memory leak in XPS configuration
    - virtio-net: correctly transmit XDP buff after linearizing
    - net/mlx4: Fix irq-unsafe spinlock usage
    - tun: Fix NULL pointer dereference in XDP redirect
    - virtio-net: correctly check num_buf during err path
    - net/mlx5e: When RXFCS is set, add FCS data into checksum calculation
    - virtio-net: fix leaking page for gso packet during mergeable XDP
    - rtnetlink: validate attributes in do_setlink()
    - cls_flower: Fix incorrect idr release when failing to modify rule
    - PCI: hv: Do not wait forever on a device that has disappeared
    - drm: set FMODE_UNSIGNED_OFFSET for drm files
    - l2tp: fix refcount leakage on PPPoL2TP sockets
    - mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG
    - net: ethernet: ti: cpdma: correct error handling for chan create
    - net: ethernet: davinci_emac: fix error handling in probe()
    - net: dsa: b53: Fix for brcm tag issue in Cygnus SoC
    - net : sched: cls_api: deal with egdev path only if needed
  * Bionic update: upstream stable patchset 2018-08-24 (LP: #1788897)
    - fix io_destroy()/aio_complete() race
    - mm: fix the NULL mapping case in __isolate_lru_page()
    - objtool: Support GCC 8's cold subfunctions
    - objtool: Support GCC 8 switch tables
    - objtool: Detect RIP-relative switch table references
    - objtool: Detect RIP-relative switch table references, part 2
    - objtool: Fix "noreturn" detection for recursive sibling calls
    - xfs: convert XFS_AGFL_SIZE to a helper function
    - xfs: detect agfl count corruption and reset agfl
    - Input: synaptics - Lenovo Carbon X1 Gen5 (2017) devices should use RMI
    - Input: synaptics - add Lenovo 80 series ids to SMBus
    - Input: elan_i2c_smbus - fix corrupted stack
    - tracing: Fix crash when freeing instances with event triggers
    - tracing: Make the snapshot trigger work with instances
    - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
    - cfg80211: further limit wiphy names to 64 bytes
    - drm/amd/powerplay: Fix enum mismatch
    - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
    - platform/chrome: cros_ec_lpc: remove redundant pointer request
    - kbuild: clang: disable unused variable warnings only when constant
    - tcp: avoid integer overflows in tcp_rcv_space_adjust()
    - iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ
    - iio:buffer: make length types match kfifo types
    - iio:kfifo_buf: check for uint overflow
    - iio: adc: select buffer for at91-sama5d2_adc
    - MIPS: lantiq: gphy: Drop reboot/remove reset asserts
    - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
    - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
    - scsi: scsi_transport_srp: Fix shost to rport translation
    - stm class: Use vmalloc for the master map
    - hwtracing: stm: fix build error on some arches
    - IB/core: Fix error code for invalid GID entry
    - mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty()
    - Revert "rt2800: use TXOP_BACKOFF for probe frames"
    - intel_th: Use correct device when freeing buffers
    - drm/psr: Fix missed entry in PSR setup time table.
    - drm/i915/lvds: Move acpi lid notification registration to registration phase
    - drm/i915: Disable LVDS on Radiant P845
    - drm/vmwgfx: Use kasprintf
    - drm/vmwgfx: Fix host logging / guestinfo reading error paths
    - nvme: fix extended data LBA supported setting
    - iio: hid-sensor-trigger: Fix sometimes not powering up the sensor after
      resume
    - x86/MCE/AMD: Define a function to get SMCA bank type
    - x86/mce/AMD: Pass the bank number to smca_get_bank_type()
    - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type
    - x86/mce/AMD: Carve out SMCA get_block_address() code
    - x86/MCE/AMD: Cache SMCA MISC block addresses
  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk
  * tlbie master timeout checkstop (using NVidia/GPU) (LP: #1789772)
    - powerpc/mm/hugetlb: Update huge_ptep_set_access_flags to call
      __ptep_set_access_flags directly
    - powerpc/mm/radix: Move function from radix.h to pgtable-radix.c
    - powerpc/mm: Change function prototype
    - powerpc/mm/radix: Change pte relax sequence to handle nest MMU hang
  * performance drop with ATS enabled (LP: #1788097)
    - powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage
  * [Regression] kernel crashdump fails on arm64 (LP: #1786878)
    - arm64: export memblock_reserve()d regions via /proc/iomem
    - drivers: acpi: add dependency of EFI for arm64
    - efi/arm: preserve early mapping of UEFI memory map longer for BGRT
    - efi/arm: map UEFI memory map even w/o runtime services enabled
    - arm64: acpi: fix alignment fault in accessing ACPI
    - [Config] CONFIG_ARCH_SUPPORTS_ACPI=y
    - arm64: fix ACPI dependencies
    - ACPI: fix menuconfig presentation of ACPI submenu
  * TB 16 issue on Dell Lattitude 7490 with large amount of data (LP: #1785780)
    - r8152: disable RX aggregation on new Dell TB16 dock
  * dell_wmi: Unknown key codes (LP: #1762385)
    - platform/x86: dell-wmi: Ignore new rfkill and fn-lock events
  * Enable AMD PCIe MP2 for AMDI0011 (LP: #1773940)
    - SAUCE: i2c:amd I2C Driver based on PCI Interface for upcoming platform
    - SAUCE: i2c:amd move out pointer in union i2c_event_base
    - SAUCE: i2c:amd Depends on ACPI
    - [Config] i2c: CONFIG_I2C_AMD_MP2=y on x86
  * r8169 no internet after suspending (LP: #1779817)
    - r8169: restore previous behavior to accept BIOS WoL settings
    - r8169: don't use MSI-X on RTL8168g
    - r8169: don't use MSI-X on RTL8106e
  * Fix Intel Cannon Lake LPSS I2C input clock (LP: #1789790)
    - mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock
  * Microphone cannot be detected with front panel audio combo jack on HP Z8-G4
    machine (LP: #1789145)
    - ALSA: hda/realtek - Fix HP Headset Mic can't record
  * Tango platform uses __initcall without further checks (LP: #1787945)
    - [Config] disable ARCH_TANGO
  * [18.10 FEAT] Add kernel config option "CONFIG_SCLP_OFB" (LP: #1787898)
    - [Config] CONFIG_SCLP_OFB=y for s390x

 -- Khalid Elmously <email address hidden>  Wed, 12 Sep 2018 14:45:07 -0400

Available diffs

Deleted in xenial-proposed on 2018-09-27 (Reason: NBS)
linux-kvm (4.4.0-1034.40) xenial; urgency=medium

  * linux-kvm: 4.4.0-1034.40 -proposed tracker (LP: #1791751)

  * Xenial update to 4.4.141 stable release (LP: #1790620)
    - [config] updateconfigs for master changes

  * please include the kernel module IPIP (LP: #1790605)
    - kvm: [config] enable CONFIG_NET_IPIP

  [ Ubuntu: 4.4.0-136.162 ]

  * linux: 4.4.0-136.162 -proposed tracker (LP: #1791745)
  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - Revert "UBUNTU: SAUCE: bpf: Use barrier_nospec() instead of osb()"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"
  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
  * Xenial update to 4.4.144 stable release (LP: #1791080)
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ARC: Fix CONFIG_SWAP
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - tg3: Add higher cpu clock for 5762.
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - xhci: Fix perceived dead host due to runtime suspend race with event handler
    - x86/paravirt: Make native_save_fl() extern inline
    - SAUCE: Add missing CPUID_7_EDX defines
    - SAUCE: x86/speculation: Expose indirect_branch_prediction_barrier()
    - x86/pti: Mark constant arrays as __initconst
    - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
    - x86/entry/64/compat: Clear registers for compat syscalls, to reduce
      speculation attack surface
    - x86/speculation: Clean up various Spectre related details
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/mm: Factor out LDT init from context init
    - x86/mm: Give each mm TLB flush generation a unique ID
    - SAUCE: x86/speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - selftest/seccomp: Fix the seccomp(2) signature
    - xen: set cpu capabilities from xen_start_kernel()
    - x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
    - SAUCE: Preserve SPEC_CTRL MSR in new inlines
    - SAUCE: Add Knights Mill to NO SSB list
    - x86/process: Correct and optimize TIF_BLOCKSTEP switch
    - x86/process: Optimize TIF_NOTSC switch
    - Revert "x86/cpufeatures: Add FEATURE_ZEN"
    - Revert "x86/cpu/AMD: Fix erratum 1076 (CPB bit)"
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
    - x86/cpu: Re-apply forced caps every time CPU caps are re-read
    - block: do not use interruptible wait anywhere
    - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
    - ubi: Introduce vol_ignored()
    - ubi: Rework Fastmap attach base code
    - ubi: Be more paranoid while seaching for the most recent Fastmap
    - ubi: Fix races around ubi_refill_pools()
    - ubi: Fix Fastmap's update_vol()
    - ubi: fastmap: Erase outdated anchor PEBs during attach
    - Linux 4.4.144
  * CVE-2017-5715 (Spectre v2 s390x)
    - s390: detect etoken facility
    - s390/lib: use expoline for all bcr instructions
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
  * Xenial update to 4.4.143 stable release (LP: #1790884)
    - compiler, clang: suppress warning for unused static inline functions
    - compiler, clang: properly override 'inline' for clang
    - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
    - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
    - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
    - bcm63xx_enet: correct clock usage
    - bcm63xx_enet: do not write to random DMA channel on BCM6345
    - crypto: crypto4xx - remove bad list_del
    - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
    - atm: zatm: Fix potential Spectre v1
    - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
    - net: dccp: switch rx_tstamp_last_feedback to monotonic clock
    - net/mlx5: Fix incorrect raw command length parsing
    - net: sungem: fix rx checksum support
    - qed: Limit msix vectors in kdump kernel to the minimum required count.
    - r8152: napi hangup fix after disconnect
    - tcp: fix Fast Open key endianness
    - tcp: prevent bogus FRTO undos with non-SACK flows
    - vhost_net: validate sock before trying to put its fd
    - net_sched: blackhole: tell upper qdisc about dropped packets
    - net/mlx5: Fix command interface race in polling mode
    - net: cxgb3_main: fix potential Spectre v1
    - rtlwifi: rtl8821ae: fix firmware is not ready to run
    - MIPS: Call dump_stack() from show_regs()
    - MIPS: Use async IPIs for arch_trigger_cpumask_backtrace()
    - netfilter: ebtables: reject non-bridge targets
    - KEYS: DNS: fix parsing multiple options
    - rds: avoid unenecessary cong_update in loop transport
    - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
    - Linux 4.4.143
  * Xenial update to 4.4.142 stable release (LP: #1790883)
    - Kbuild: fix # escaping in .cmd files for future Make
    - perf tools: Move syscall number fallbacks from perf-sys.h to
      tools/arch/x86/include/asm/
    - Linux 4.4.142
  * Xenial update to 4.4.141 stable release (LP: #1790620)
    - MIPS: Fix ioremap() RAM check
    - ibmasm: don't write out of bounds in read handler
    - vmw_balloon: fix inflation with batching
    - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
    - USB: serial: ch341: fix type promotion bug in ch341_control_in()
    - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
    - USB: serial: keyspan_pda: fix modem-status error handling
    - USB: yurex: fix out-of-bounds uaccess in read handler
    - USB: serial: mos7840: fix status-register error handling
    - usb: quirks: add delay quirks for Corsair Strafe
    - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
    - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
    - tools build: fix # escaping in .cmd files for future Make
    - iw_cxgb4: correctly enforce the max reg_mr depth
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpu: Provide a config option to disable static_cpu_has
    - x86/fpu: Add an XSTATE_OP() macro
    - x86/fpu: Get rid of xstate_fault()
    - x86/headers: Don't include asm/processor.h in asm/atomic.h
    - x86/cpufeature: Replace the old static_cpu_has() with safe variant
    - x86/cpufeature: Get rid of the non-asm goto variant
    - x86/alternatives: Add an auxilary section
    - x86/alternatives: Discard dynamic check after init
    - x86/vdso: Use static_cpu_has()
    - x86/boot: Simplify kernel load address alignment check
    - x86/cpufeature: Speed up cpu_feature_enabled()
    - x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions
    - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
    - x86/cpu: Add detection of AMD RAS Capabilities
    - x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys
    - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated
    - x86/cpufeature: Add helper macro for mask check macros
    - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
    - netfilter: nf_queue: augment nfqa_cfg_policy
    - netfilter: x_tables: initialise match/target check parameter struct
    - loop: add recursion validation to LOOP_CHANGE_FD
    - PM / hibernate: Fix oops at snapshot_write()
    - SAUCE: RDMA/ucm: Blacklist UCM module
    - loop: remember whether sysfs_create_group() was done
    - Linux 4.4.141
    - [Config] Refresh configs for 4.4.141
  * regression with EXT4 file systems and meta_bg flag (LP: #1789653)
    - ext4: fix false negatives *and* false positives in ext4_check_descriptors()
  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB
  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup
  * CVE-2018-6555
    - SAUCE: irda: Only insert new objects into the global database via setsockopt
  * CVE-2018-6554
    - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
  * errors when scanning partition table of corrupted AIX disk (LP: #1787281)
    - partitions/aix: fix usage of uninitialized lv_info and lvname structures
    - partitions/aix: append null character to print data from disk

 -- Kleber Sacilotto de Souza <email address hidden>  Tue, 11 Sep 2018 18:23:57 +0200

Available diffs

Superseded in cosmic-release on 2018-10-08
Superseded in bionic-security on 2018-10-01
Superseded in bionic-updates on 2018-10-01
Deleted in cosmic-proposed (Reason: moved to release)
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1021.21) bionic; urgency=medium

  * linux-kvm: 4.15.0-1021.21 -proposed tracker (LP: #1788753)

  * zram module not found in 4.4/4.15 KVM kernel (LP: #1766823)
    - [Config]: enable CONFIG_ZRAM

  [ Ubuntu: 4.15.0-34.37 ]

  * linux: 4.15.0-34.37 -proposed tracker (LP: #1788744)
  * Bionic update: upstream stable patchset 2018-08-09 (LP: #1786352)
    - MIPS: c-r4k: Fix data corruption related to cache coherence
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - fs: don't scan the inode cache before SB_BORN is set
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - do d_instantiate/unlock_new_inode combinations safely
    - mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
    - arm64: lse: Add early clobbers to some input/output asm operands
    - powerpc/64s: Clear PCR on boot
    - IB/hfi1: Use after free race condition in send context error path
    - IB/umem: Use the correct mm during ib_umem_release
    - idr: fix invalid ptr dereference on item delete
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - mm/kasan: don't vfree() nonexistent vm_area
    - kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - KVM: s390: vsie: fix < 8k check for the itdba
    - KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
    - kvm: x86: IA32_ARCH_CAPABILITIES is always supported
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
    - MIPS: generic: Fix machine compatible matching
    - mac80211: mesh: fix wrong mesh TTL offset calculation
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - ptr_ring: prevent integer overflow when calculating size
    - arm64: dts: rockchip: fix rock64 gmac2io stability issues
    - arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
    - libata: Fix compile warning with ATA_DEBUG enabled
    - selftests: sync: missing CFLAGS while compiling
    - selftest/vDSO: fix O=
    - selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
    - selftests: memfd: add config fragment for fuse
    - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
    - ARM: OMAP3: Fix prm wake interrupt for resume
    - ARM: OMAP2+: Fix sar_base inititalization for HS omaps
    - ARM: OMAP1: clock: Fix debugfs_create_*() usage
    - tls: retrun the correct IV in getsockopt
    - xhci: workaround for AMD Promontory disabled ports wakeup
    - IB/uverbs: Fix method merging in uverbs_ioctl_merge
    - IB/uverbs: Fix possible oops with duplicate ioctl attributes
    - IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
    - arm64: dts: rockchip: Fix DWMMC clocks
    - ARM: dts: rockchip: Fix DWMMC clocks
    - iwlwifi: mvm: fix security bug in PN checking
    - iwlwifi: mvm: fix IBSS for devices that support station type API
    - iwlwifi: mvm: always init rs with 20mhz bandwidth rates
    - NFC: llcp: Limit size of SDP URI
    - rxrpc: Work around usercopy check
    - MD: Free bioset when md_run fails
    - md: fix md_write_start() deadlock w/o metadata devices
    - s390/dasd: fix handling of internal requests
    - xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
    - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
    - mac80211: fix a possible leak of station stats
    - mac80211: fix calling sleeping function in atomic context
    - cfg80211: clear wep keys after disconnection
    - mac80211: Do not disconnect on invalid operating class
    - mac80211: Fix sending ADDBA response for an ongoing session
    - gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
    - gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
    - md raid10: fix NULL deference in handle_write_completed()
    - drm/exynos: g2d: use monotonic timestamps
    - drm/exynos: fix comparison to bitshift when dealing with a mask
    - drm/meson: fix vsync buffer update
    - arm64: perf: correct PMUVer probing
    - RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
    - RDMA/bnxt_re: Fix system crash during load/unload
    - net/mlx5e: Return error if prio is specified when offloading eswitch vlan
      push
    - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
    - md: raid5: avoid string overflow warning
    - virtio_net: fix XDP code path in receive_small()
    - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
    - bug.h: work around GCC PR82365 in BUG()
    - selftests/memfd: add run_fuse_test.sh to TEST_FILES
    - seccomp: add a selftest for get_metadata
    - soc: imx: gpc: de-register power domains only if initialized
    - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
    - s390/cio: fix ccw_device_start_timeout API
    - s390/cio: fix return code after missing interrupt
    - s390/cio: clear timer when terminating driver I/O
    - selftests/bpf/test_maps: exit child process without error in ENOMEM case
    - PKCS#7: fix direct verification of SignerInfo signature
    - arm64: dts: cavium: fix PCI bus dtc warnings
    - nfs: system crashes after NFS4ERR_MOVED recovery
    - ARM: OMAP: Fix dmtimer init for omap1
    - smsc75xx: fix smsc75xx_set_features()
    - regulatory: add NUL to request alpha2
    - integrity/security: fix digsig.c build error with header file
    - x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-
      directory in resctrl file system
    - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
    - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across
      CPU hotplug operations
    - mac80211: drop frames with unexpected DS bits from fast-rx to slow path
    - arm64: fix unwind_frame() for filtered out fn for function graph tracing
    - macvlan: fix use-after-free in macvlan_common_newlink()
    - KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2
    - kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
    - ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6
      DualLite/Solo RQS
    - fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
    - fs: dcache: Use READ_ONCE when accessing i_dir_seq
    - md: fix a potential deadlock of raid5/raid10 reshape
    - md/raid1: fix NULL pointer dereference
    - batman-adv: fix packet checksum in receive path
    - batman-adv: invalidate checksum on fragment reassembly
    - netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct
      refcount
    - netfilter: ipt_CLUSTERIP: put config instead of freeing it
    - netfilter: ebtables: convert BUG_ONs to WARN_ONs
    - batman-adv: Ignore invalid batadv_iv_gw during netlink send
    - batman-adv: Ignore invalid batadv_v_gw during netlink send
    - batman-adv: Fix netlink dumping of BLA claims
    - batman-adv: Fix netlink dumping of BLA backbones
    - nvme-pci: Fix nvme queue cleanup if IRQ setup fails
    - clocksource/drivers/fsl_ftm_timer: Fix error return checking
    - libceph, ceph: avoid memory leak when specifying same option several times
    - ceph: fix dentry leak when failing to init debugfs
    - xen/pvcalls: fix null pointer dereference on map->sock
    - ARM: orion5x: Revert commit 4904dbda41c8.
    - qrtr: add MODULE_ALIAS macro to smd
    - selftests/futex: Fix line continuation in Makefile
    - r8152: fix tx packets accounting
    - virtio-gpu: fix ioctl and expose the fixed status to userspace.
    - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
    - bcache: fix kcrashes with fio in RAID5 backend dev
    - ip_gre: fix IFLA_MTU ignored on NEWLINK
    - ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
    - sit: fix IFLA_MTU ignored on NEWLINK
    - nbd: fix return value in error handling path
    - ARM: dts: NSP: Fix amount of RAM on BCM958625HR
    - ARM: dts: bcm283x: Fix unit address of local_intc
    - powerpc/boot: Fix random libfdt related build errors
    - clocksource/drivers/mips-gic-timer: Use correct shift count to extract data
    - gianfar: Fix Rx byte accounting for ndev stats
    - net/tcp/illinois: replace broken algorithm reference link
    - nvmet: fix PSDT field check in command format
    - net/smc: use link_id of server in confirm link reply
    - mlxsw: core: Fix flex keys scratchpad offset conflict
    - mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast
    - spectrum: Reference count VLAN entries
    - ARC: mcip: halt GFRC counter when ARC cores halt
    - ARC: mcip: update MCIP debug mask when the new cpu came online
    - ARC: setup cpu possible mask according to possible-cpus dts property
    - ipvs: remove IPS_NAT_MASK check to fix passive FTP
    - IB/mlx: Set slid to zero in Ethernet completion struct
    - RDMA/bnxt_re: Unconditionly fence non wire memory operations
    - RDMA/bnxt_re: Fix incorrect DB offset calculation
    - RDMA/bnxt_re: Fix the ib_reg failure cleanup
    - xen/pirq: fix error path cleanup when binding MSIs
    - drm/amd/amdgpu: Correct VRAM width for APUs with GMC9
    - xfrm: Fix ESN sequence number handling for IPsec GSO packets.
    - arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset)
    - drm/sun4i: Fix dclk_set_phase
    - btrfs: use kvzalloc to allocate btrfs_fs_info
    - Btrfs: send, fix issuing write op when processing hole in no data mode
    - Btrfs: fix log replay failure after linking special file and fsync
    - ceph: fix potential memory leak in init_caches()
    - block: display the correct diskname for bio
    - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
    - net: ethtool: don't ignore return from driver get_fecparam method
    - iwlwifi: mvm: fix TX of CCMP 256
    - iwlwifi: mvm: Fix channel switch for count 0 and 1
    - iwlwifi: mvm: fix assert 0x2B00 on older FWs
    - iwlwifi: avoid collecting firmware dump if not loaded
    - iwlwifi: mvm: Direct multicast frames to the correct station
    - iwlwifi: mvm: Correctly set the tid for mcast queue
    - rds: Incorrect reference counting in TCP socket creation
    - watchdog: f71808e_wdt: Fix magic close handling
    - batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag
    - hv_netvsc: use napi_schedule_irqoff
    - hv_netvsc: filter multicast/broadcast
    - hv_netvsc: propagate rx filters to VF
    - ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288
    - e1000e: Fix check_for_link return value with autoneg off
    - e1000e: allocate ring descriptors with dma_zalloc_coherent
    - ia64/err-inject: Use get_user_pages_fast()
    - RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
    - RDMA/qedr: Fix iWARP write and send with immediate
    - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
    - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
    - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
    - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
      sbusfb_ioctl_helper().
    - fsl/fman: avoid sleeping in atomic context while adding an address
    - qed: Free RoCE ILT Memory on rmmod qedr
    - net: qcom/emac: Use proper free methods during TX
    - net: smsc911x: Fix unload crash when link is up
    - IB/core: Fix possible crash to access NULL netdev
    - cxgb4: do not set needs_free_netdev for mgmt dev's
    - xen-blkfront: move negotiate_mq to cover all cases of new VBDs
    - xen: xenbus: use put_device() instead of kfree()
    - hv_netvsc: fix filter flags
    - hv_netvsc: fix locking for rx_mode
    - hv_netvsc: fix locking during VF setup
    - ARM: davinci: fix the GPIO lookup for omapl138-hawk
    - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
    - selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus
    - lib/test_kmod.c: fix limit check on number of test devices created
    - dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
    - netfilter: ebtables: fix erroneous reject of last rule
    - can: m_can: change comparison to bitshift when dealing with a mask
    - can: m_can: select pinctrl state in each suspend/resume function
    - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
    - workqueue: use put_device() instead of kfree()
    - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
    - sunvnet: does not support GSO for sctp
    - KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending
    - gpu: ipu-v3: prg: avoid possible array underflow
    - drm/imx: move arming of the vblank event to atomic_flush
    - drm/nouveau/bl: fix backlight regression
    - xfrm: fix rcu_read_unlock usage in xfrm_local_error
    - iwlwifi: mvm: set the correct tid when we flush the MCAST sta
    - iwlwifi: mvm: Correctly set IGTK for AP
    - iwlwifi: mvm: fix error checking for multi/broadcast sta
    - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
    - vlan: Fix out of order vlan headers with reorder header off
    - batman-adv: fix header size check in batadv_dbg_arp()
    - batman-adv: Fix skbuff rcsum on packet reroute
    - vti4: Don't count header length twice on tunnel setup
    - ip_tunnel: Clamp MTU to bounds on new link
    - vti6: Fix dev->max_mtu setting
    - iwlwifi: mvm: Increase session protection time after CS
    - iwlwifi: mvm: clear tx queue id when unreserving aggregation queue
    - iwlwifi: mvm: make sure internal station has a valid id
    - iwlwifi: mvm: fix array out of bounds reference
    - drm/tegra: Shutdown on driver unbind
    - perf/cgroup: Fix child event counting bug
    - brcmfmac: Fix check for ISO3166 code
    - kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
    - RDMA/ucma: Correct option size check using optlen
    - RDMA/qedr: fix QP's ack timeout configuration
    - RDMA/qedr: Fix rc initialization on CNQ allocation failure
    - RDMA/qedr: Fix QP state initialization race
    - net/sched: fix idr leak on the error path of tcf_bpf_init()
    - net/sched: fix idr leak in the error path of tcf_simp_init()
    - net/sched: fix idr leak in the error path of tcf_act_police_init()
    - net/sched: fix idr leak in the error path of tcp_pedit_init()
    - net/sched: fix idr leak in the error path of __tcf_ipt_init()
    - net/sched: fix idr leak in the error path of tcf_skbmod_init()
    - net: dsa: Fix functional dsa-loop dependency on FIXED_PHY
    - drm/ast: Fixed 1280x800 Display Issue
    - mm/mempolicy.c: avoid use uninitialized preferred_node
    - mm, thp: do not cause memcg oom for thp
    - xfrm: Fix transport mode skb control buffer usage.
    - selftests: ftrace: Add probe event argument syntax testcase
    - selftests: ftrace: Add a testcase for string type with kprobe_event
    - selftests: ftrace: Add a testcase for probepoint
    - drm/amdkfd: Fix scratch memory with HWS enabled
    - batman-adv: fix multicast-via-unicast transmission with AP isolation
    - batman-adv: fix packet loss for broadcasted DHCP packets to a server
    - ARM: 8748/1: mm: Define vdso_start, vdso_end as array
    - lan78xx: Set ASD in MAC_CR when EEE is enabled.
    - net: qmi_wwan: add BroadMobi BM806U 2020:2033
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - net: dsa: mt7530: fix module autoloading for OF platform drivers
    - net/mlx5: Make eswitch support to depend on switchdev
    - perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
    - x86/alternatives: Fixup alternative_call_2
    - llc: properly handle dev_queue_xmit() return value
    - builddeb: Fix header package regarding dtc source links
    - qede: Fix barrier usage after tx doorbell write.
    - mm, slab: memcg_link the SLAB's kmem_cache
    - mm/page_owner: fix recursion bug after changing skip entries
    - mm/kmemleak.c: wait for scan completion before disabling free
    - hv_netvsc: enable multicast if necessary
    - qede: Do not drop rx-checksum invalidated packets.
    - net: Fix untag for vlan packets without ethernet header
    - vlan: Fix vlan insertion for packets without ethernet header
    - net: mvneta: fix enable of all initialized RXQs
    - sh: fix debug trap failure to process signals before return to user
    - firmware: dmi_scan: Fix UUID length safety check
    - nvme: don't send keep-alives to the discovery controller
    - Btrfs: clean up resources during umount after trans is aborted
    - Btrfs: fix loss of prealloc extents past i_size after fsync log replay
    - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
    - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl
      table
    - swap: divide-by-zero when zero length swap file on ssd
    - z3fold: fix memory leak
    - sr: get/drop reference to device in revalidate and check_events
    - Force log to disk before reading the AGF during a fstrim
    - cpufreq: CPPC: Initialize shared perf capabilities of CPUs
    - powerpc/fscr: Enable interrupts earlier before calling get_user()
    - perf tools: Fix perf builds with clang support
    - perf clang: Add support for recent clang versions
    - dp83640: Ensure against premature access to PHY registers after reset
    - ibmvnic: Zero used TX descriptor counter on reset
    - mm/ksm: fix interaction with THP
    - mm: fix races between address_space dereference and free in page_evicatable
    - mm: thp: fix potential clearing to referenced flag in
      page_idle_clear_pte_refs_one()
    - Btrfs: bail out on error during replay_dir_deletes
    - Btrfs: fix NULL pointer dereference in log_dir_items
    - btrfs: Fix possible softlock on single core machines
    - IB/rxe: Fix for oops in rxe_register_device on ppc64le arch
    - ocfs2/dlm: don't handle migrate lockres if already in shutdown
    - powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep
    - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
    - x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of
      this_cpu_has() in build_cr3_noflush()
    - KVM: VMX: raise internal error for exception during invalid protected mode
      state
    - lan78xx: Connect phy early
    - sparc64: Make atomic_xchg() an inline function rather than a macro.
    - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
    - net: bgmac: Correctly annotate register space
    - btrfs: tests/qgroup: Fix wrong tree backref level
    - Btrfs: fix copy_items() return value when logging an inode
    - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
    - btrfs: qgroup: Fix root item corruption when multiple same source snapshots
      are created with quota enabled
    - rxrpc: Fix Tx ring annotation after initial Tx failure
    - rxrpc: Don't treat call aborts as conn aborts
    - xen/acpi: off by one in read_acpi_id()
    - drivers: macintosh: rack-meter: really fix bogus memsets
    - ACPI: acpi_pad: Fix memory leak in power saving threads
    - powerpc/mpic: Check if cpu_possible() in mpic_physmask()
    - ieee802154: ca8210: fix uninitialised data read
    - ath10k: advertize beacon_int_min_gcd
    - iommu/amd: Take into account that alloc_dev_data() may return NULL
    - intel_th: Use correct method of finding hub
    - m68k: set dma and coherent masks for platform FEC ethernets
    - iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq
    - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
    - hwmon: (nct6775) Fix writing pwmX_mode
    - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
    - powerpc/perf: Fix kernel address leak via sampling registers
    - rsi: fix kernel panic observed on 64bit machine
    - tools/thermal: tmon: fix for segfault
    - selftests: Print the test we're running to /dev/kmsg
    - net/mlx5: Protect from command bit overflow
    - watchdog: davinci_wdt: fix error handling in davinci_wdt_probe()
    - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
    - nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A
    - ath9k: fix crash in spectral scan
    - cxgb4: Setup FW queues before registering netdev
    - ima: Fix Kconfig to select TPM 2.0 CRB interface
    - ima: Fallback to the builtin hash algorithm
    - watchdog: aspeed: Allow configuring for alternate boot
    - arm: dts: socfpga: fix GIC PPI warning
    - ext4: don't complain about incorrect features when probing
    - drm/vmwgfx: Unpin the screen object backup buffer when not used
    - iommu/mediatek: Fix protect memory setting
    - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
    - IB/mlx5: Set the default active rate and width to QDR and 4X
    - zorro: Set up z->dev.dma_mask for the DMA API
    - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
    - remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()'
    - dt-bindings: add device tree binding for Allwinner H6 main CCU
    - ACPICA: Events: add a return on failure from acpi_hw_register_read
    - ACPICA: Fix memory leak on unusual memory leak
    - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
    - cxgb4: Fix queue free path of ULD drivers
    - i2c: mv64xxx: Apply errata delay only in standard mode
    - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
    - perf top: Fix top.call-graph config option reading
    - perf stat: Fix core dump when flag T is used
    - IB/core: Honor port_num while resolving GID for IB link layer
    - drm/amdkfd: add missing include of mm.h
    - coresight: Use %px to print pcsr instead of %p
    - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()'
    - spi: bcm-qspi: fIX some error handling paths
    - net/smc: pay attention to MAX_ORDER for CQ entries
    - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
    - watchdog: dw: RMW the control register
    - watchdog: aspeed: Fix translation of reset mode to ctrl register
    - drm/meson: Fix some error handling paths in 'meson_drv_bind_master()'
    - drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()'
    - powerpc: Add missing prototype for arch_irq_work_raise()
    - f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range
    - f2fs: fix to clear CP_TRIMMED_FLAG
    - f2fs: fix to check extent cache in f2fs_drop_extent_tree
    - perf/core: Fix installing cgroup events on CPU
    - max17042: propagate of_node to power supply device
    - perf/core: Fix perf_output_read_group()
    - drm/panel: simple: Fix the bus format for the Ontat panel
    - hwmon: (pmbus/max8688) Accept negative page register values
    - hwmon: (pmbus/adm1275) Accept negative page register values
    - perf/x86/intel: Properly save/restore the PMU state in the NMI handler
    - cdrom: do not call check_disk_change() inside cdrom_open()
    - efi/arm*: Only register page tables when they exist
    - perf/x86/intel: Fix large period handling on Broadwell CPUs
    - perf/x86/intel: Fix event update for auto-reload
    - arm64: dts: qcom: Fix SPI5 config on MSM8996
    - soc: qcom: wcnss_ctrl: Fix increment in NV upload
    - gfs2: Fix fallocate chunk size
    - x86/devicetree: Initialize device tree before using it
    - x86/devicetree: Fix device IRQ settings in DT
    - phy: rockchip-emmc: retry calpad busy trimming
    - ALSA: vmaster: Propagate slave error
    - phy: qcom-qmp: Fix phy pipe clock gating
    - drm/bridge: sii902x: Retry status read after DDI I2C
    - tools: hv: fix compiler warnings about major/target_fname
    - block: null_blk: fix 'Invalid parameters' when loading module
    - dmaengine: pl330: fix a race condition in case of threaded irqs
    - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
    - enic: enable rq before updating rq descriptors
    - watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe()
    - hwrng: stm32 - add reset during probe
    - pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs
    - pinctrl: artpec6: dt: add missing pin group uart5nocts
    - vfio-ccw: fence off transport mode
    - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
    - drm: omapdrm: dss: Move initialization code from component bind to probe
    - ARM: dts: dra71-evm: Correct evm_sd regulator max voltage
    - drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini
    - drm/amdgpu: adjust timeout for ib_ring_tests(v2)
    - net: stmmac: ensure that the device has released ownership before reading
      data
    - net: stmmac: ensure that the MSS desc is the last desc to set the own bit
    - cpufreq: Reorder cpufreq_online() error code path
    - dpaa_eth: fix SG mapping
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
    - udf: Provide saner default for invalid uid / gid
    - ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode
    - sh_eth: fix TSU init on SH7734/R8A7740
    - power: supply: ltc2941-battery-gauge: Fix temperature units
    - ARM: dts: bcm283x: Fix probing of bcm2835-i2s
    - ARM: dts: bcm283x: Fix pin function of JTAG pins
    - PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle
    - audit: return on memory error to avoid null pointer dereference
    - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing()
    - rcu: Call touch_nmi_watchdog() while printing stall warnings
    - pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins
      group
    - dpaa_eth: fix pause capability advertisement logic
    - MIPS: Octeon: Fix logging messages with spurious periods after newlines
    - drm/rockchip: Respect page offset for PRIME mmap calls
    - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
      specified
    - perf test: Fix test case inet_pton to accept inlines.
    - perf report: Fix wrong jump arrow
    - perf tests: Use arch__compare_symbol_names to compare symbols
    - perf report: Fix memory corruption in --branch-history mode --branch-history
    - perf tests: Fix dwarf unwind for stripped binaries
    - selftests/net: fixes psock_fanout eBPF test case
    - netlabel: If PF_INET6, check sk_buff ip header version
    - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3
    - drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2
    - ARM: dts: at91: tse850: use the correct compatible for the eeprom
    - regmap: Correct comparison in regmap_cached
    - i40e: Add delay after EMP reset for firmware to recover
    - ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
    - ARM: dts: porter: Fix HDMI output routing
    - regulator: of: Add a missing 'of_node_put()' in an error handling path of
      'of_regulator_match()'
    - pinctrl: mcp23s08: spi: Fix regmap debugfs entries
    - kdb: make "mdr" command repeat
    - drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful
    - perf tools: Add trace/beauty/generated/ into .gitignore
    - tools: sync up .h files with the repective arch and uapi .h files
    - MIPS: xilfpga: Stop generating useless dtb.o
    - MIPS: xilfpga: Actually include FDT in fitImage
    - MIPS: Fix build with DEBUG_ZBOOT and MACH_JZ4770
    - fix breakage caused by d_find_alias() semantics change
    - Btrfs: fix error handling in btrfs_truncate()
    - mmc: block: propagate correct returned value in mmc_rpmb_ioctl
    - arm64: export tishift functions to modules
    - bcma: fix buffer size caused crash in bcma_core_mips_print_irq()
    - PM / core: Fix direct_complete handling for devices with no callbacks
    - ARM: dts: sun4i: Fix incorrect clocks for displays
    - bnxt_en: Ignore src port field in decap filter nodes
    - kasan, slub: fix handling of kasan_slab_free hook
    - riscv/spinlock: Strengthen implementations with fences
    - platform/x86: dell-smbios: Fix memory leaks in build_tokens_sysfs()
    - rxrpc: Fix resend event time calculation
    - i40e: hold the RTNL lock while changing interrupt schemes
    - hv_netvsc: Fix the return status in RX path
    - firmware: fix checking for return values for fw_add_devm_name()
    - bcache: set writeback_rate_update_seconds in range [1, 60] seconds
    - bcache: fix cached_dev->count usage for bch_cache_set_error()
    - bcache: stop dc->writeback_rate_update properly
    - ibmvnic: Fix reset return from closed state
    - powerpc/vas: Fix cleanup when VAS is not configured
    - f2fs: flush cp pack except cp pack 2 page at first
    - drm/amdgpu: Clean sdma wptr register when only enable wptr polling
    - powerpc/mm/slice: Remove intermediate bitmap copy
    - powerpc/mm/slice: create header files dedicated to slices
    - powerpc/mm/slice: Enhance for supporting PPC32
    - powerpc/mm/slice: Fix hugepage allocation at hint address on 8xx
    - ibmvnic: Allocate statistics buffers during probe
    - dt-bindings: display: msm/dsi: Fix the PHY regulator supply props
    - drm/amd/display: Set vsc pack revision when DPCD revision is >= 1.2
    - soc: renesas: r8a77970-sysc: fix power area parents
    - drm/vblank: Data type fixes for 64-bit vblank sequences.
    - selftests: Add FIB onlink tests
    - soc: amlogic: meson-gx-pwrc-vpu: fix error on shutdown when domain is
      powered off
  * arm-smmu-v3 arm-smmu-v3.1.auto: failed to allocate MSIs (LP: #1785282)
    - ACPICA: iasl: Add SMMUv3 device ID mapping index support
    - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard
  * Driver iwlwifi for Intel Wireless-AC 9560 is slow and unreliable in kernel
    4.15.0-20-generic (LP: #1772467)
    - scsi: hpsa: disable device during shutdown
  * [Bionic] i2c: xlp9xx: Add SMBAlert support  (LP: #1786981)
    - i2c: xlp9xx: Add support for SMBAlert
  * qeth: don't clobber buffer on async TX completion (LP: #1786057)
    - s390/qeth: don't clobber buffer on async TX completion
  * Linux 4.15.0-23 crashes during the boot process with a "Unable to handle
    kernel NULL pointer dereference" message (LP: #1777338)
    - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
  * ThinkPad systems have no HDMI sound when using the nvidia GPU (LP: #1787058)
    - ACPI / OSI: Add OEM _OSI string to enable NVidia HDMI audio
  * [Bionic] i2c: xlp9xx: Fix case where SSIF read transaction completes early
    (LP: #1787240)
    - i2c: xlp9xx: Fix case where SSIF read transaction completes early
  * [Bionic] integrate upstream fix for Cavium zram driver (LP: #1787469)
    - Revert "UBUNTU: SAUCE: crypto: thunderx_zip: Fix fallout from
      CONFIG_VMAP_STACK"
    - crypto: cavium - Fix fallout from CONFIG_VMAP_STACK
    - crypto: cavium - Limit result reading attempts
    - crypto: cavium - Prevent division by zero
    - crypto: cavium - Fix statistics pending request value
    - crypto: cavium - Fix smp_processor_id() warnings
  * Bugfix for handling of shadow doorbell buffer (LP: #1788222)
    - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
  * nvme devices namespace assigned to the wrong controller (LP: #1789227)
    - nvme/multipath: Fix multipath disabled naming collisions
  * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
    walinuxagent.service (LP: #1739107)
    - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
      walinuxagent.service
  * hinic interfaces aren't getting predictable names (LP: #1783138)
    - hinic: Link the logical network device to the pci device in sysfs
  * Suspend fails in Ubuntu and Kubuntu 18.04 but works fine in Ubuntu and
    Kubuntu 17.10 (and on Kubuntu 18.04 using kernel 4.14.47) (LP: #1774950)
    - ACPI / LPSS: Avoid PM quirks on suspend and resume from S3
    - ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation
  * [Bionic] Bluetooth: Support RTL8723D and RTL8821C Devices (LP: #1784835)
    - Bluetooth: btrtl: Add RTL8723D and RTL8821C devices
  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
    object allocation (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling
  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring
  * SMB3: Fix regression in server reconnect detection (LP: #1786110)
    - smb3: on reconnect set PreviousSessionId field
  * CVE-2018-1118
    - vhost: fix info leak due to uninitialized memory

 -- Khalid Elmously <email address hidden>  Mon, 27 Aug 2018 11:40:55 -0400
Superseded in xenial-updates on 2018-10-01
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1033.39) xenial; urgency=medium

  * linux-kvm: 4.4.0-1033.39 -proposed tracker (LP: #1788771)

  * zram module not found in 4.4/4.15 KVM kernel (LP: #1766823)
    - [Config]: enable CONFIG_ZRAM
    - [Config]: enable CONFIG_ZRAM (continued)

  [ Ubuntu: 4.4.0-135.161 ]

  * linux: 4.4.0-135.161 -proposed tracker (LP: #1788766)
  * [Regression] APM Merlin boards fail to recover link after interface down/up
    (LP: #1785739)
    - net: phylib: fix interrupts re-enablement in phy_start
    - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
  * qeth: don't clobber buffer on async TX completion (LP: #1786057)
    - s390/qeth: don't clobber buffer on async TX completion
  * nvme: avoid cqe corruption (LP: #1788035)
    - nvme: avoid cqe corruption when update at the same time as read
  * CacheFiles: Error: Overlong wait for old active object to go away.
    (LP: #1776254)
    - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag
    - cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
  * fscache cookie refcount updated incorrectly during fscache object allocation
    (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache
    object allocation (LP: #1776277)
    - fscache: Fix reference overput in fscache_attach_object() error handling
  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race"
    - fscache: Allow cancelled operations to be enqueued
    - cachefiles: Fix refcounting bug in backing-file read monitoring
  * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before
    walinuxagent.service (LP: #1739107)
    - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before
      walinuxagent.service

 -- Khalid Elmously <email address hidden>  Mon, 27 Aug 2018 00:14:00 -0400
Superseded in cosmic-release on 2018-09-11
Deleted in cosmic-proposed (Reason: moved to release)
Superseded in bionic-security on 2018-09-10
Superseded in bionic-updates on 2018-09-10
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1020.20) bionic; urgency=medium

  * linux-kvm: 4.15.0-1020.20 -proposed tracker (LP: #1787158)

  * DEBUG_WX is not set in Bionic KVM kernel (LP: #1782721)
    - kvm: [Config] enable CONFIG_DEBUG_WX

  * test_182_config_hardened_usercopy  in kernel security test failed with 4.15
    KVM kernel (LP: #1766777)
    - usercopy: Do not select BUG with HARDENED_USERCOPY
    - kvm: [Config] Enable CONFIG_HARDENED_USERCOPY

  [ Ubuntu: 4.15.0-33.36 ]

  * linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)
  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"
  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390
  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id
  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process
  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes
  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook
  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5
  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE
  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode
  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules
  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound
  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3
  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()
  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree
  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION
  * Cephfs + fscache: unable to handle kernel NULL pointer dereference at
    0000000000000000 IP: jbd2__journal_start+0x22/0x1f0 (LP: #1783246)
    - ceph: track read contexts in ceph_file_info
  * Touchpad of ThinkPad P52 failed to work with message "lost sync at byte"
    (LP: #1779802)
    - Input: elantech - fix V4 report decoding for module with middle key
    - Input: elantech - enable middle button of touchpads on ThinkPad P52
  * xhci_hcd 0000:00:14.0: Root hub is not suspended (LP: #1779823)
    - usb: xhci: dbc: Fix lockdep warning
    - usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started
  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation
  * CVE-2018-10840
    - ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
  * CVE-2018-11412
    - ext4: do not allow external inodes for inline data
  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data
  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  * CVE-2018-12904
    - kvm: nVMX: Enforce cpl=0 for VMX instructions
  * Error parsing PCC subspaces from PCCT (LP: #1528684)
    - mailbox: PCC: erroneous error message when parsing ACPI PCCT
  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp
  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories
  * Invoking obsolete 'firmware_install' target breaks snap build (LP: #1782166)
    - snapcraft.yaml: stop invoking the obsolete (and non-existing)
      'firmware_install' target
  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build
  * Allow Raven Ridge's audio controller to be runtime suspended (LP: #1782540)
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
  * CVE-2018-11506
    - sr: pass down correctly sized SCSI sense buffer
  * Bionic update: upstream stable patchset 2018-07-24 (LP: #1783418)
    - net: Fix a bug in removing queues from XPS map
    - net/mlx4_core: Fix error handling in mlx4_init_port_info.
    - net/sched: fix refcnt leak in the error path of tcf_vlan_init()
    - net: sched: red: avoid hashing NULL child
    - net/smc: check for missing nlattrs in SMC_PNETID messages
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - vmxnet3: set the DMA mask before the first DMA map operation
    - vmxnet3: use DMA memory barriers where required
    - hv_netvsc: empty current transmit aggregation if flow blocked
    - hv_netvsc: Use the num_online_cpus() for channel limit
    - hv_netvsc: avoid retry on send during shutdown
    - hv_netvsc: only wake transmit queue if link is up
    - hv_netvsc: fix error unwind handling if vmbus_open fails
    - hv_netvsc: cancel subchannel setup before halting device
    - hv_netvsc: fix race in napi poll when rescheduling
    - hv_netvsc: defer queue selection to VF
    - hv_netvsc: disable NAPI before channel close
    - hv_netvsc: use RCU to fix concurrent rx and queue changes
    - hv_netvsc: change GPAD teardown order on older versions
    - hv_netvsc: common detach logic
    - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown
    - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl()
    - hv_netvsc: Ensure correct teardown message sequence order
    - hv_netvsc: Fix a network regression after ifdown/ifup
    - sparc: vio: use put_device() instead of kfree()
    - ext2: fix a block leak
    - s390: add assembler macros for CPU alternatives
    - s390: move expoline assembler macros to a header
    - s390/crc32-vx: use expoline for indirect branches
    - s390/lib: use expoline for indirect branches
    - s390/ftrace: use expoline for indirect branches
    - s390/kernel: use expoline for indirect branches
    - s390: move spectre sysfs attribute code
    - s390: extend expoline to BC instructions
    - s390: use expoline thunks in the BPF JIT
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
    - scsi: zfcp: fix infinite iteration on ERP ready list
    - loop: don't call into filesystem while holding lo_ctl_mutex
    - loop: fix LOOP_GET_STATUS lock imbalance
    - cfg80211: limit wiphy names to 128 bytes
    - hfsplus: stop workqueue when fill_super() failed
    - x86/kexec: Avoid double free_page() upon do_kexec_load() failure
    - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
    - usb: dwc3: Undo PHY init if soft reset fails
    - usb: dwc3: omap: don't miss events during suspend/resume
    - usb: gadget: core: Fix use-after-free of usb_request
    - usb: gadget: fsl_udc_core: fix ep valid checks
    - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
    - usb: cdc_acm: prevent race at write to acm while system resumes
    - net: usbnet: fix potential deadlock on 32bit hosts
    - ARM: dts: imx7d-sdb: Fix regulator-usb-otg2-vbus node name
    - usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume
      timing"
    - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
    - net/usb/qmi_wwan.c: Add USB id for lt4120 modem
    - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
    - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
    - ALSA: usb-audio: Add native DSD support for Luxman DA-06
    - usb: dwc3: Add SoftReset PHY synchonization delay
    - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
    - usb: dwc3: Makefile: fix link error on randconfig
    - xhci: zero usb device slot_id member when disabling and freeing a xhci slot
    - usb: dwc2: Fix interval type issue
    - usb: dwc2: hcd: Fix host channel halt flow
    - usb: dwc2: host: Fix transaction errors in host mode
    - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
    - usb: gadget: ffs: Execute copy_to_user() with USER_DS set
    - usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS
    - usb: gadget: udc: change comparison to bitshift when dealing with a mask
    - usb: gadget: composite: fix incorrect handling of OS desc requests
    - media: lgdt3306a: Fix module count mismatch on usb unplug
    - media: em28xx: USB bulk packet size fix
    - Bluetooth: btusb: Add device ID for RTL8822BE
    - xhci: Show what USB release number the xHC supports from protocol capablity
    - staging: bcm2835-audio: Release resources on module_exit()
    - staging: lustre: fix bug in osc_enter_cache_try
    - staging: fsl-dpaa2/eth: Fix incorrect casts
    - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
    - staging: ks7010: Use constants from ieee80211_eid instead of literal ints.
    - staging: lustre: lmv: correctly iput lmo_root
    - crypto: inside-secure - wait for the request to complete if in the backlog
    - crypto: atmel-aes - fix the keys zeroing on errors
    - crypto: ccp - don't disable interrupts while setting up debugfs
    - crypto: inside-secure - do not process request if no command was issued
    - crypto: inside-secure - fix the cache_len computation
    - crypto: inside-secure - fix the extra cache computation
    - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
    - crypto: inside-secure - fix the invalidation step during cra_exit
    - scsi: mpt3sas: fix an out of bound write
    - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
    - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
    - scsi: sym53c8xx_2: iterator underflow in sym_getsync()
    - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
    - scsi: qla2xxx: Avoid triggering undefined behavior in
      qla2x00_mbx_completion()
    - scsi: storvsc: Increase cmd_per_lun for higher speed devices
    - scsi: qedi: Fix truncation of CHAP name and secret
    - scsi: aacraid: fix shutdown crash when init fails
    - scsi: qla4xxx: skip error recovery in case of register disconnect.
    - scsi: qedi: Fix kernel crash during port toggle
    - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
    - scsi: sd: Keep disk read-only when re-reading partition
    - scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled
    - scsi: aacraid: Insure command thread is not recursively stopped
    - scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD
    - scsi: mvsas: fix wrong endianness of sgpio api
    - ASoC: hdmi-codec: Fix module unloading caused kernel crash
    - ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs
    - ASoC: samsung: odroid: Fix 32000 sample rate handling
    - ASoC: topology: create TLV data for dapm widgets
    - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
    - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228
    - clk: Don't show the incorrect clock phase
    - clk: hisilicon: mark wdt_mux_p[] as const
    - clk: tegra: Fix pll_u rate configuration
    - clk: rockchip: Prevent calculating mmc phase if clock rate is zero
    - clk: samsung: s3c2410: Fix PLL rates
    - clk: samsung: exynos7: Fix PLL rates
    - clk: samsung: exynos5260: Fix PLL rates
    - clk: samsung: exynos5433: Fix PLL rates
    - clk: samsung: exynos5250: Fix PLL rates
    - clk: samsung: exynos3250: Fix PLL rates
    - media: dmxdev: fix error code for invalid ioctls
    - media: Don't let tvp5150_get_vbi() go out of vbi_ram_default array
    - media: ov5645: add missing of_node_put() in error path
    - media: cx23885: Override 888 ImpactVCBe crystal frequency
    - media: cx23885: Set subdev host data to clk_freq pointer
    - media: s3c-camif: fix out-of-bounds array access
    - media: lgdt3306a: Fix a double kfree on i2c device remove
    - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models
    - media: v4l: vsp1: Fix display stalls when requesting too many inputs
    - media: i2c: adv748x: fix HDMI field heights
    - media: vb2: Fix videobuf2 to map correct area
    - media: vivid: fix incorrect capabilities for radio
    - media: cx25821: prevent out-of-bounds read on array card
    - serial: xuartps: Fix out-of-bounds access through DT alias
    - serial: sh-sci: Fix out-of-bounds access through DT alias
    - serial: samsung: Fix out-of-bounds access through serial port index
    - serial: mxs-auart: Fix out-of-bounds access through serial port index
    - serial: imx: Fix out-of-bounds access through serial port index
    - serial: fsl_lpuart: Fix out-of-bounds access through DT alias
    - serial: arc_uart: Fix out-of-bounds access through DT alias
    - serial: 8250: Don't service RX FIFO if interrupts are disabled
    - serial: altera: ensure port->regshift is honored consistently
    - rtc: snvs: Fix usage of snvs_rtc_enable
    - rtc: hctosys: Ensure system time doesn't overflow time_t
    - rtc: rk808: fix possible race condition
    - rtc: m41t80: fix race conditions
    - rtc: tx4939: avoid unintended sign extension on a 24 bit shift
    - rtc: rp5c01: fix possible race condition
    - rtc: goldfish: Add missing MODULE_LICENSE
    - cxgb4: Correct ntuple mask validation for hash filters
    - net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule
    - net: dsa: Do not register devlink for unused ports
    - net: dsa: bcm_sf2: Fix IPv6 rules and chain ID
    - net: dsa: bcm_sf2: Fix IPv6 rule half deletion
    - 3c59x: convert to generic DMA API
    - net: ip6_gre: Request headroom in __gre6_xmit()
    - net: ip6_gre: Split up ip6gre_tnl_link_config()
    - net: ip6_gre: Split up ip6gre_tnl_change()
    - net: ip6_gre: Split up ip6gre_newlink()
    - net: ip6_gre: Split up ip6gre_changelink()
    - qed: LL2 flush isles when connection is closed
    - qed: Fix possibility of list corruption during rmmod flows
    - qed: Fix LL2 race during connection terminate
    - powerpc: Move default security feature flags
    - Bluetooth: btusb: Add support for Intel Bluetooth device 22560 [8087:0026]
    - staging: fsl-dpaa2/eth: Fix incorrect kfree
    - crypto: inside-secure - move the digest to the request context
    - scsi: lpfc: Fix NVME Initiator FirstBurst
    - serial: mvebu-uart: fix tx lost characters
  * Bionic update: upstream stable patchset 2018-07-20 (LP: #1782846)
    - usbip: usbip_host: refine probe and disconnect debug msgs to be useful
    - usbip: usbip_host: delete device from busid_table after rebind
    - usbip: usbip_host: run rebind from exit when module is removed
    - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
    - usbip: usbip_host: fix bad unlock balance during stub_probe()
    - ALSA: usb: mixer: volume quirk for CM102-A+/102S+
    - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
    - ALSA: control: fix a redundant-copy issue
    - spi: pxa2xx: Allow 64-bit DMA
    - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
    - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
    - KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
    - KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
    - vfio: ccw: fix cleanup if cp_prefetch fails
    - tracing/x86/xen: Remove zero data size trace events
      trace_xen_mmu_flush_tlb{_all}
    - tee: shm: fix use-after-free via temporarily dropped reference
    - netfilter: nf_tables: free set name in error path
    - netfilter: nf_tables: can't fail after linking rule into active rule list
    - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
    - i2c: designware: fix poll-after-enable regression
    - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
    - drm: Match sysfs name in link removal to link creation
    - lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
    - radix tree: fix multi-order iteration race
    - mm: don't allow deferred pages with NEED_PER_CPU_KM
    - drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
    - s390/qdio: fix access to uninitialized qdio_q fields
    - s390/qdio: don't release memory in qdio_setup_irq()
    - s390: remove indirect branch from do_softirq_own_stack
    - x86/pkeys: Override pkey when moving away from PROT_EXEC
    - x86/pkeys: Do not special case protection key 0
    - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
      definition for mixed mode
    - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
    - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
    - tick/broadcast: Use for_each_cpu() specially on UP kernels
    - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
    - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
    - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
    - Btrfs: fix xattr loss after power failure
    - Btrfs: send, fix invalid access to commit roots due to concurrent
      snapshotting
    - btrfs: property: Set incompat flag if lzo/zstd compression is set
    - btrfs: fix crash when trying to resume balance without the resume flag
    - btrfs: Split btrfs_del_delalloc_inode into 2 functions
    - btrfs: Fix delalloc inodes invalidation during transaction abort
    - btrfs: fix reading stale metadata blocks after degraded raid1 mounts
    - xhci: Fix USB3 NULL pointer dereference at logical disconnect.
    - KVM: arm/arm64: Properly protect VGIC locks from IRQs
    - KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity
    - hwmon: (k10temp) Fix reading critical temperature register
    - hwmon: (k10temp) Use API function to access System Management Network
    - vsprintf: Replace memory barrier with static_key for random_ptr_key update
    - x86/amd_nb: Add support for Raven Ridge CPUs
    - x86/apic/x2apic: Initialize cluster ID properly
  * Bionic update: upstream stable patchset 2018-07-09 (LP: #1780858)
    - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
    - bridge: check iface upper dev when setting master via ioctl
    - dccp: fix tasklet usage
    - ipv4: fix fnhe usage by non-cached routes
    - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
    - llc: better deal with too small mtu
    - net: ethernet: sun: niu set correct packet size in skb
    - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
    - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
    - net/mlx4_en: Verify coalescing parameters are in range
    - net/mlx5e: Err if asked to offload TC match on frag being first
    - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
    - net sched actions: fix refcnt leak in skbmod
    - net_sched: fq: take care of throttled flows before reuse
    - net: support compat 64-bit time in {s,g}etsockopt
    - net/tls: Don't recursively call push_record during tls_write_space callbacks
    - net/tls: Fix connection stall on partial tls record
    - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
    - qmi_wwan: do not steal interfaces from class drivers
    - r8169: fix powering up RTL8168h
    - rds: do not leak kernel memory to user land
    - sctp: delay the authentication for the duplicated cookie-echo chunk
    - sctp: fix the issue that the cookie-ack with auth can't get processed
    - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
    - sctp: remove sctp_chunk_put from fail_mark err path in
      sctp_ulpevent_make_rcvmsg
    - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
    - tcp_bbr: fix to zero idle_restart only upon S/ACKed data
    - tcp: ignore Fast Open on repair mode
    - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
    - bonding: do not allow rlb updates to invalid mac
    - bonding: send learning packets for vlans on slave
    - net: sched: fix error path in tcf_proto_create() when modules are not
      configured
    - net/mlx5e: TX, Use correct counter in dma_map error flow
    - net/mlx5: Avoid cleaning flow steering table twice during error flow
    - hv_netvsc: set master device
    - ipv6: fix uninit-value in ip6_multipath_l3_keys()
    - net/mlx5e: Allow offloading ipv4 header re-write for icmp
    - nsh: fix infinite loop
    - udp: fix SO_BINDTODEVICE
    - l2tp: revert "l2tp: fix missing print session offset info"
    - proc: do not access cmdline nor environ from file-backed areas
    - net/smc: restrict non-blocking connect finish
    - mlxsw: spectrum_switchdev: Do not remove mrouter port from MDB's ports list
    - net/mlx5e: DCBNL fix min inline header size for dscp
    - net: systemport: Correclty disambiguate driver instances
    - sctp: clear the new asoc's stream outcnt in sctp_stream_update
    - tcp: restore autocorking
    - tipc: fix one byte leak in tipc_sk_set_orig_addr()
    - hv_netvsc: Fix net device attach on older Windows hosts
  * Bionic update: upstream stable patchset 2018-07-06 (LP: #1780499)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ipvs: fix rtnl_lock lockups caused by start_sync_thread
    - netfilter: ebtables: don't attempt to allocate 0-sized compat array
    - kcm: Call strp_stop before strp_done in kcm_attach
    - crypto: af_alg - fix possible uninit-value in alg_bind()
    - netlink: fix uninit-value in netlink_sendmsg
    - net: fix rtnh_ok()
    - net: initialize skb->peeked when cloning
    - net: fix uninit-value in __hw_addr_add_ex()
    - dccp: initialize ireq->ir_mark
    - ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
    - soreuseport: initialise timewait reuseport field
    - inetpeer: fix uninit-value in inet_getpeer
    - memcg: fix per_node_info cleanup
    - perf: Remove superfluous allocation error check
    - tcp: fix TCP_REPAIR_QUEUE bound checking
    - bdi: wake up concurrent wb_shutdown() callers.
    - bdi: Fix oops in wb_workfn()
    - gpioib: do not free unrequested descriptors
    - gpio: fix aspeed_gpio unmask irq
    - gpio: fix error path in lineevent_create
    - rfkill: gpio: fix memory leak in probe error path
    - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
    - dm integrity: use kvfree for kvmalloc'd memory
    - tracing: Fix regex_match_front() to not over compare the test string
    - z3fold: fix reclaim lock-ups
    - mm: sections are not offlined during memory hotremove
    - mm, oom: fix concurrent munlock and oom reaper unmap, v3
    - ceph: fix rsize/wsize capping in ceph_direct_read_write()
    - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
    - can: hi311x: Acquire SPI lock on ->do_get_berr_counter
    - can: hi311x: Work around TX complete interrupt erratum
    - drm/vc4: Fix scaling of uni-planar formats
    - drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log
    - drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear()
    - drm/atomic: Clean private obj old_state/new_state in
      drm_atomic_state_default_clear()
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - cpufreq: schedutil: Avoid using invalid next_freq
    - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
    - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome
      chipsets
    - thermal: exynos: Reading temperature makes sense only when TMU is turned on
    - thermal: exynos: Propagate error value from tmu_read()
    - nvme: add quirk to force medium priority for SQ creation
    - smb3: directory sync should not return an error
    - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
    - tracing/uprobe_event: Fix strncpy corner case
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
    - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr()
    - bdi: Fix use after free bug in debugfs_remove()
    - drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages
    - drm/i915: Adjust eDP's logical vco in a reliable place.
    - drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client
    - sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
  * Bionic update: upstream stable patchset 2018-06-26 (LP: #1778759)
    - percpu: include linux/sched.h for cond_resched()
    - ACPI / button: make module loadable when booted in non-ACPI mode
    - USB: serial: option: Add support for Quectel EP06
    - ALSA: hda - Fix incorrect usage of IS_REACHABLE()
    - ALSA: pcm: Check PCM state at xfern compat ioctl
    - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
    - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation
      for array index
    - ALSA: aloop: Mark paused device as inactive
    - ALSA: aloop: Add missing cable lock to ctl API callbacks
    - tracepoint: Do not warn on ENOMEM
    - scsi: target: Fix fortify_panic kernel exception
    - Input: leds - fix out of bound access
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - rtlwifi: btcoex: Add power_on_setting routine
    - rtlwifi: cleanup 8723be ant_sel definition
    - xfs: prevent creating negative-sized file via INSERT_RANGE
    - RDMA/cxgb4: release hw resources on device removal
    - RDMA/ucma: Allow resolving address w/o specifying source address
    - RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow
    - RDMA/mlx5: Protect from shift operand overflow
    - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
    - IB/mlx5: Use unlimited rate when static rate is not supported
    - IB/hfi1: Fix handling of FECN marked multicast packet
    - IB/hfi1: Fix loss of BECN with AHG
    - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used
    - iw_cxgb4: Atomically flush per QP HW CQEs
    - drm/vmwgfx: Fix a buffer object leak
    - drm/bridge: vga-dac: Fix edid memory leak
    - test_firmware: fix setting old custom fw path back on exit, second try
    - errseq: Always report a writeback error once
    - USB: serial: visor: handle potential invalid device configuration
    - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue
    - USB: Accept bulk endpoints with 1024-byte maxpacket
    - USB: serial: option: reimplement interface masking
    - USB: serial: option: adding support for ublox R410M
    - usb: musb: host: fix potential NULL pointer dereference
    - usb: musb: trace: fix NULL pointer dereference in musb_g_tx()
    - platform/x86: asus-wireless: Fix NULL pointer dereference
    - irqchip/qcom: Fix check for spurious interrupts
    - tracing: Fix bad use of igrab in trace_uprobe.c
    - [Config] CONFIG_ARM64_ERRATUM_1024718=y
    - arm64: Add work around for Arm Cortex-A55 Erratum 1024718
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m
    - btrfs: Take trans lock before access running trans in check_delayed_ref
    - drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced
    - xhci: Fix use-after-free in xhci_free_virt_device
    - platform/x86: Kconfig: Fix dell-laptop dependency chain.
    - KVM: x86: remove APIC Timer periodic/oneshot spikes
    - clocksource: Allow clocksource_mark_unstable() on unregistered clocksources
    - clocksource: Initialize cs->wd_list
    - clocksource: Consistent de-rate when marking unstable
  * Bionic update: upstream stable patchset 2018-06-22 (LP: #1778265)
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - random: fix possible sleeping allocation from irq context
    - random: rate limit unseeded randomness warnings
    - usbip: usbip_event: fix to not print kernel pointer address
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - usbip: vhci_hcd: check rhport before using in vhci_hub_control()
    - Revert "xhci: plat: Register shutdown for xhci_plat"
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: don't tie bufs to a vq
    - virtio_console: free buffers after reset
    - virtio_console: drop custom control queue cleanup
    - virtio_console: move removal code
    - virtio_console: reset on out of memory
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Avoid possible error pointer dereference at tty_ldisc_restore().
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: dice: fix OUI for TC group
    - ALSA: dice: fix error path to destroy initialized stream data
    - ALSA: hda - Skip jack and others for non-existing PCM streams
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - ALSA: hda/realtek - Add some fixes for ALC233
    - ALSA: hda/realtek - Update ALC255 depop optimize
    - ALSA: hda/realtek - change the location for one of two front mics
    - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - mtd: rawnand: tango: Fix struct clk memory leak
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
    - vfio: ccw: process ssch with interrupts disabled
    - ANDROID: binder: prevent transactions into own process.
    - PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
    - PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
    - PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
    - PCI: aardvark: Fix PCIe Max Read Request Size setting
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
    - KVM: arm/arm64: Close VMID generation race
    - crypto: drbg - set freed buffers to NULL
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: un-backoff on tick when we have a authenticated session
    - libceph: reschedule a tick in finish_hunting()
    - libceph: validate con->state at the top of try_write()
    - fpga-manager: altera-ps-spi: preserve nCONFIG state
    - earlycon: Use a pointer table to fix __earlycon_table stride
    - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
    - drm/i915: Enable display WA#1183 from its correct spot
    - objtool, perf: Fix GCC 8 -Wrestrict error
    - tools/lib/subcmd/pager.c: do not alias select() params
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - x86/microcode/intel: Save microcode patch unconditionally
    - x86/microcode: Do not exit early from __reload_late()
    - tick/sched: Do not mess with an enqueued hrtimer
    - arm/arm64: KVM: Add PSCI version selection API
    - powerpc/eeh: Fix race with driver un/bind
    - serial: mvebu-uart: Fix local flags handling on termios update
    - block: do not use interruptible wait anywhere
    - ASoC: dmic: Fix clock parenting
    - PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend is
      set
    - module: Fix display of wrong module .text address
    - drm/edid: Reset more of the display info
    - drm/i915/fbdev: Enable late fbdev initial configuration
    - drm/i915/audio: set minimum CD clock to twice the BCLK
    - drm/amd/display: Fix deadlock when flushing irq
    - drm/amd/display: Disallow enabling CRTC without primary plane with FB
  * Bionic update: upstream stable patchset 2018-06-22 (LP: #1778265) //
    CVE-2018-1108.
    - random: set up the NUMA crng instances after the CRNG is fully initialized
  * Ryzen/Raven Ridge USB ports do not work (LP: #1756700)
    - xhci: Fix USB ports for Dell Inspiron 5775
  * [Ubuntu 1804][boston][ixgbe] EEH causes kernel BUG at /build/linux-
    jWa1Fv/linux-4.15.0/drivers/pci/msi.c:352 (i2S) (LP: #1776389)
    - ixgbe/ixgbevf: Free IRQ when PCI error recovery removes the device
  * Need fix to aacraid driver to prevent panic (LP: #1770095)
    - scsi: aacraid: Correct hba_send to include iu_type
  * kernel: Fix arch random implementation (LP: #1775391)
    - s390/archrandom: Rework arch random implementation.
  * kernel: Fix memory leak on CCA and EP11 CPRB processing. (LP: #1775390)
    - s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak.
  * Various fixes for CXL kernel module (LP: #1774471)
    - cxl: Remove function write_timebase_ctrl_psl9() for PSL9
    - cxl: Set the PBCQ Tunnel BAR register when enabling capi mode
    - cxl: Report the tunneled operations status
    - cxl: Configure PSL to not use APC virtual machines
    - cxl: Disable prefault_mode in Radix mode
  * Bluetooth not working (LP: #1764645)
    - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
  * linux-snapdragon: wcn36xx: mac address generation on boot (LP: #1776491)
    - [Config] arm64: snapdragon: WCN36XX_SNAPDRAGON_HACKS=y
    - SAUCE: wcn36xx: read MAC from file or randomly generate one
  * fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
    - fscache: Fix hanging wait on page discarded by writeback

  [ Ubuntu: 4.15.0-32.35 ]

  * CVE-2018-3620 // CVE-2018-3646
    - cpu: Fix per-cpu regression on ARM64

 -- Khalid Elmously <email address hidden>  Thu, 16 Aug 2018 05:34:03 +0000
Superseded in xenial-security on 2018-10-01
Superseded in xenial-updates on 2018-09-10
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1032.38) xenial; urgency=medium

  * linux-kvm: 4.4.0-1032.38 -proposed tracker (LP: #1787182)

  * Xenial update to 4.4.136 stable release (LP: #1776177)
    - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y

  * DEBUG_WX is not set in Bionic KVM kernel (LP: #1782721)
    - kvm: [Config] enable CONFIG_DEBUG_WX

  [ Ubuntu: 4.4.0-134.160 ]

  * linux: 4.4.0-134.160 -proposed tracker (LP: #1787177)
  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
  * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
    - Introduce v3 namespaced file capabilities
    - commoncap: move assignment of fs_ns to avoid null pointer dereference
    - capabilities: fix buffer overread on very short xattr
    - commoncap: Handle memory allocation failure.
  * Xenial update to 4.4.140 stable release (LP: #1784409)
    - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
    - USB: serial: cp210x: add CESINEL device ids
    - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
    - n_tty: Fix stall at n_tty_receive_char_special().
    - staging: android: ion: Return an ERR_PTR in ion_map_kernel
    - n_tty: Access echo_* variables carefully.
    - x86/boot: Fix early command-line parsing when matching at end
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - i2c: rcar: fix resume by always initializing registers before transfer
    - ipv4: Fix error return value in fib_convert_metrics()
    - kprobes/x86: Do not modify singlestep buffer while resuming
    - nvme-pci: initialize queue memory before interrupts
    - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
    - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
    - ubi: fastmap: Correctly handle interrupted erasures in EBA
    - mm: hugetlb: yield when prepping struct pages
    - tracing: Fix missing return symbol in function_graph output
    - scsi: sg: mitigate read/write abuse
    - s390: Correct register corruption in critical section cleanup
    - drbd: fix access after free
    - cifs: Fix infinite loop when using hard mount option
    - jbd2: don't mark block as modified if the handle is out of credits
    - ext4: make sure bitmaps and the inode table don't overlap with bg
      descriptors
    - ext4: always check block group bounds in ext4_init_block_bitmap()
    - ext4: only look at the bg_flags field if it is valid
    - ext4: verify the depth of extent tree in ext4_find_extent()
    - ext4: include the illegal physical block in the bad map ext4_error msg
    - ext4: clear i_data in ext4_inode_info when removing inline data
    - ext4: add more inode number paranoia checks
    - ext4: add more mount time checks of the superblock
    - ext4: check superblock mapped prior to committing
    - HID: i2c-hid: Fix "incomplete report" noise
    - HID: hiddev: fix potential Spectre v1
    - HID: debug: check length before copy_to_user()
    - x86/mce: Detect local MCEs properly
    - x86/mce: Fix incorrect "Machine check from unknown source" message
    - media: cx25840: Use subdev host data for PLL override
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - dm bufio: avoid sleeping while holding the dm_bufio lock
    - dm bufio: drop the lock when doing GFP_NOIO allocation
    - mtd: rawnand: mxc: set spare area size register explicitly
    - dm bufio: don't take the lock in dm_bufio_shrink_count
    - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
    - mtd: cfi_cmdset_0002: Change erase functions to retry for error
    - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
    - netfilter: nf_log: don't hold nf_log_mutex during user access
    - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
    - Linux 4.4.140
  * Xenial update to 4.4.139 stable release (LP: #1784382)
    - xfrm6: avoid potential infinite loop in _decode_session6()
    - netfilter: ebtables: handle string from userspace with care
    - ipvs: fix buffer overflow with sync daemon and service
    - atm: zatm: fix memcmp casting
    - net: qmi_wwan: Add Netgear Aircard 779S
    - net/sonic: Use dma_mapping_error()
    - Revert "Btrfs: fix scrub to repair raid6 corruption"
    - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
    - Btrfs: make raid6 rebuild retry more
    - usb: musb: fix remote wakeup racing with suspend
    - bonding: re-evaluate force_primary when the primary slave name changes
    - tcp: verify the checksum of the first data segment in a new connection
    - ext4: update mtime in ext4_punch_hole even if no blocks are released
    - ext4: fix fencepost error in check for inode count overflow during resize
    - driver core: Don't ignore class_dir_create_and_add() failure.
    - btrfs: scrub: Don't use inode pages for device replace
    - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
    - ALSA: hda: add dock and led support for HP EliteBook 830 G5
    - ALSA: hda: add dock and led support for HP ProBook 640 G4
    - cpufreq: Fix new policy initialization during limits updates via sysfs
    - libata: zpodd: make arrays cdb static, reduces object code size
    - libata: zpodd: small read overflow in eject_tray()
    - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
    - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
    - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
    - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
    - usb: do not reset if a low-speed or full-speed device timed out
    - 1wire: family module autoload fails because of upper/lower case mismatch.
    - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
    - ASoC: cirrus: i2s: Fix LRCLK configuration
    - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
    - lib/vsprintf: Remove atomic-unsafe support for %pCr
    - mips: ftrace: fix static function graph tracing
    - branch-check: fix long->int truncation when profiling branches
    - ipmi:bt: Set the timeout before doing a capabilities check
    - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
    - fuse: atomic_o_trunc should truncate pagecache
    - fuse: don't keep dead fuse_conn at fuse_fill_super().
    - fuse: fix control dir setup and teardown
    - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
    - powerpc/ptrace: Fix setting 512B aligned breakpoints with
      PTRACE_SET_DEBUGREG
    - powerpc/ptrace: Fix enforcement of DAWR constraints
    - cpuidle: powernv: Fix promotion from snooze if next state disabled
    - powerpc/fadump: Unregister fadump on kexec down path.
    - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
    - of: unittest: for strings, account for trailing \0 in property length field
    - IB/qib: Fix DMA api warning with debug kernel
    - RDMA/mlx4: Discard unknown SQP work requests
    - mtd: cfi_cmdset_0002: Change write buffer to check correct value
    - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
    - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
    - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
    - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
    - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
    - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
      resume
    - MIPS: io: Add barrier after register read in inX()
    - time: Make sure jiffies_to_msecs() preserves non-zero time periods
    - Btrfs: fix clone vs chattr NODATASUM race
    - iio:buffer: make length types match kfifo types
    - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
    - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
    - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
    - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
    - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
    - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
      ERP_FAILED
    - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
    - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
    - linvdimm, pmem: Preserve read-only setting for pmem devices
    - md: fix two problems with setting the "re-add" device state.
    - ubi: fastmap: Cancel work upon detach
    - UBIFS: Fix potential integer overflow in allocation
    - xfrm: skip policies marked as dead while rehashing
    - backlight: as3711_bl: Fix Device Tree node lookup
    - backlight: max8925_bl: Fix Device Tree node lookup
    - backlight: tps65217_bl: Fix Device Tree node lookup
    - mfd: intel-lpss: Program REMAP register in PIO mode
    - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
    - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
    - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
    - perf intel-pt: Fix MTC timing after overflow
    - perf intel-pt: Fix "Unexpected indirect branch" error
    - perf intel-pt: Fix packet decoding of CYC packets
    - media: v4l2-compat-ioctl32: prevent go past max size
    - media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
    - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
    - NFSv4: Fix possible 1-byte stack overflow in
      nfs_idmap_read_and_verify_message
    - video: uvesafb: Fix integer overflow in allocation
    - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
    - xen: Remove unnecessary BUG_ON from __unbind_from_irq()
    - udf: Detect incorrect directory size
    - Input: elan_i2c_smbus - fix more potential stack buffer overflows
    - Input: elantech - enable middle button of touchpads on ThinkPad P52
    - Input: elantech - fix V4 report decoding for module with middle key
    - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
    - Btrfs: fix unexpected cow in run_delalloc_nocow
    - spi: Fix scatterlist elements size in spi_map_buf
    - block: Fix transfer when chunk sectors exceeds max
    - dm thin: handle running out of data space vs concurrent discard
    - cdc_ncm: avoid padding beyond end of skb
    - Bluetooth: Fix connection if directed advertising and privacy is used
    - Linux 4.4.139
  * Support AverMedia DVD EZMaker 7 USB video capture dongle (LP: #1620762) //
    Xenial update to 4.4.139 stable release (LP: #1784382)
    - media: cx231xx: Add support for AverMedia DVD EZMaker 7
  * vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
    (LP: #1779830)
    - vfio/pci: Hide broken INTx support from user
  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu25
  * Allow multiple mounts of zfs datasets (LP: #1759848)
    - SAUCE: Allow mounting datasets more than once (LP: #1759848)
  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  * Redpine: Observed kernel panic while running wireless tests in regression
    mode (LP: #1773410) // Redpine: Observed kernel panic while running soft-ap
    tests (LP: #1777850)
    - SAUCE: Redpine: improve cancel_hw_scan handling to fix kernel panic
  * [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways
    (LP: #1783241)
    - SAUCE: (no-up) upgrade IXXAT USB SocketCAN driver
  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp
  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories
  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build
  * Enable basic support for Solarflare 8000 series NIC (LP: #1783152)
    - sfc: make TSO version a per-queue parameter
    - sfc: Add PCI ID for Solarflare 8000 series 10/40G NIC
  * Redpine: Observed kernel panic while running wireless regressions tests
    (LP: #1777858)
    - SAUCE: Redpine: improve kernel thread handling to fix kernel panic
  * Xenial update to 4.4.138 stable release (LP: #1777389)
    - x86: Remove unused function cpu_has_ht_siblings()
    - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros
    - x86/fpu: Disable AVX when eagerfpu is off
    - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off")
    - x86/fpu: Hard-disable lazy FPU mode
    - af_key: Always verify length of provided sadb_key
    - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c
      code
    - gpio: No NULL owner
    - Clarify (and fix) MAX_LFS_FILESIZE macros
    - serial: samsung: fix maxburst parameter for DMA transactions
    - vmw_balloon: fixing double free when batching mode is off
    - Input: goodix - add new ACPI id for GPD Win 2 touch screen
    - crypto: vmx - Remove overly verbose printk from AES init routines
    - Linux 4.4.138
  * Redpine: wifi-ap stopped working after restart (LP: #1773400)
    - SAUCE: Redpine: fix soft-ap invisible issue
  * Xenial update to 4.4.137 stable release (LP: #1777063)
    - tpm: do not suspend/resume if power stays on
    - tpm: self test failure should not cause suspend to fail
    - mmap: introduce sane default mmap limits
    - mmap: relax file size limit for regular files
    - kconfig: Avoid format overflow warning from GCC 8.1
    - xfs: fix incorrect log_flushed on fsync
    - drm: set FMODE_UNSIGNED_OFFSET for drm files
    - brcmfmac: Fix check for ISO3166 code
    - bnx2x: use the right constant
    - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
    - enic: set DMA mask to 47 bit
    - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
    - ipv4: remove warning in ip_recv_error
    - isdn: eicon: fix a missing-check bug
    - netdev-FAQ: clarify DaveM's position for stable backports
    - net/packet: refine check for priv area size
    - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
    - packet: fix reserve calculation
    - qed: Fix mask for physical address in ILT entry
    - net/mlx4: Fix irq-unsafe spinlock usage
    - team: use netdev_features_t instead of u32
    - rtnetlink: validate attributes in do_setlink()
    - net: phy: broadcom: Fix bcm_write_exp()
    - net: metrics: add proper netlink validation
    - Linux 4.4.137
  * Xenial update to 4.4.136 stable release (LP: #1776177)
    - arm64: lse: Add early clobbers to some input/output asm operands
    - powerpc/64s: Clear PCR on boot
    - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
    - sh: New gcc support
    - xfs: detect agfl count corruption and reset agfl
    - Input: elan_i2c_smbus - fix corrupted stack
    - tracing: Fix crash when freeing instances with event triggers
    - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
    - cfg80211: further limit wiphy names to 64 bytes
    - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
    - ASoC: Intel: sst: remove redundant variable dma_dev_name
    - irda: fix overly long udelay()
    - tcp: avoid integer overflows in tcp_rcv_space_adjust()
    - i2c: rcar: make sure clocks are on when doing clock calculation
    - i2c: rcar: rework hw init
    - i2c: rcar: remove unused IOERROR state
    - i2c: rcar: remove spinlock
    - i2c: rcar: refactor setup of a msg
    - i2c: rcar: init new messages in irq
    - i2c: rcar: don't issue stop when HW does it automatically
    - i2c: rcar: check master irqs before slave irqs
    - i2c: rcar: revoke START request early
    - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
    - iio:kfifo_buf: check for uint overflow
    - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
    - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
    - scsi: scsi_transport_srp: Fix shost to rport translation
    - stm class: Use vmalloc for the master map
    - hwtracing: stm: fix build error on some arches
    - drm/i915: Disable LVDS on Radiant P845
    - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
    - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
    - fix io_destroy()/aio_complete() race
    - mm: fix the NULL mapping case in __isolate_lru_page()
    - sparc64: Fix build warnings with gcc 7.
    - Linux 4.4.136
  * Xenial update to 4.4.135 stable release (LP: #1776158)
    - Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
    - Linux 4.4.135

 -- Khalid Elmously <email address hidden>  Thu, 16 Aug 2018 07:27:02 +0000
Superseded in xenial-security on 2018-08-23
Superseded in xenial-updates on 2018-08-23
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1031.37) xenial; urgency=medium

  [ Ubuntu: 4.4.0-133.159 ]

  * CVE-2018-5390
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()
  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"
  * CVE-2018-3620 // CVE-2018-3646
    - KVM: x86: introduce linear_{read,write}_system
    - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and
      kvm_write_guest_virt_system
    - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/mm: Simplify p[g4um]d_page() macros
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - SAUCE: x86/cpu: Add Knights Mill/Gemini Lake
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Split do_cpu_down()
    - x86/topology: Add topology_max_smt_threads()
    - cpu/hotplug: Provide knobs to control SMT
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - SAUCE: x86/mce: register mce notifier earlier
    - cpu/hotplug: Boot HT siblings at least once
    - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present.
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Seperate the VMX AUTOLOAD guest/host number accounting.
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
    - KVM: x86: Add a framework for supporting MSR-based features
    - KVM: X86: Introduce kvm_get_msr_feature()
    - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - SAUCE: Add pfn_pud() and pud_mkhuge()
    - x86/mm/pat: Make set_memory_np() L1TF safe

  [ Ubuntu: 4.4.0-131.157 ]

  * linux: 4.4.0-131.157 -proposed tracker (LP: #1779376)
  * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
    - xen-netfront: Fix mismatched rtnl_unlock
    - xen-netfront: Update features after registering netdev

 -- Stefan Bader <email address hidden>  Fri, 10 Aug 2018 14:31:09 +0200
Deleted in cosmic-proposed (Reason: NBS)
Superseded in bionic-security on 2018-08-23
Superseded in bionic-updates on 2018-08-23
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1019.19) bionic; urgency=medium

  [ Ubuntu: 4.15.0-32.34 ]

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"
  * CVE-2018-3620 // CVE-2018-3646
    - x86/Centaur: Initialize supported CPU features properly
    - x86/Centaur: Report correct CPU/cache topology
    - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
    - perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
    - x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c
    - x86/CPU/AMD: Calculate last level cache ID from number of sharing threads
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/CPU: Move cpu local function declarations to local header
    - x86/CPU: Make intel_num_cpu_cores() generic
    - x86/CPU: Move cpu_detect_cache_sizes() into init_intel_cacheinfo()
    - x86/CPU: Move x86_cpuinfo::x86_max_cores assignment to
      detect_num_cpu_cores()
    - x86/CPU/AMD: Fix LLC ID bit-shift calculation
    - x86/mm: Factor out pageattr _PAGE_GLOBAL setting
    - x86/mm: Undo double _PAGE_PSE clearing
    - x86/mm: Introduce "default" kernel PTE mask
    - x86/espfix: Document use of _PAGE_GLOBAL
    - x86/mm: Do not auto-massage page protections
    - x86/mm: Remove extra filtering in pageattr code
    - x86/mm: Comment _PAGE_GLOBAL mystery
    - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
    - x86/ldt: Fix support_pte_mask filtering in map_ldt_struct()
    - x86/power/64: Fix page-table setup for temporary text mapping
    - x86/pti: Filter at vma->vm_page_prot population
    - x86/boot/64/clang: Use fixup_pointer() to access '__supported_pte_mask'
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/bugs: Move the l1tf function and define pr_fmt properly
    - sched/smt: Update sched_smt_present at runtime
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Make bringup/teardown of smp threads symmetric
    - cpu/hotplug: Split do_cpu_down()
    - cpu/hotplug: Provide knobs to control SMT
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - KVM: x86: Add a framework for supporting MSR-based features
    - KVM: X86: Introduce kvm_get_msr_feature()
    - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Make set_memory_np() L1TF safe

 -- Stefan Bader <email address hidden>  Fri, 10 Aug 2018 12:08:55 +0200
Deleted in bionic-proposed on 2018-08-17 (Reason: NBS)
linux-kvm (4.15.0-1018.18) bionic; urgency=medium

  * linux-kvm: 4.15.0-1018.18 -proposed tracker (LP: #1784291)

  * DEBUG_WX is not set in Bionic KVM kernel (LP: #1782721)
    - kvm: [Config] enable CONFIG_DEBUG_WX

  * test_182_config_hardened_usercopy  in kernel security test failed with 4.15
    KVM kernel (LP: #1766777)
    - usercopy: Do not select BUG with HARDENED_USERCOPY
    - kvm: [Config] Enable CONFIG_HARDENED_USERCOPY

  [ Ubuntu: 4.15.0-31.33 ]

  * linux: 4.15.0-31.33 -proposed tracker (LP: #1784281)
  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390
  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id
  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process
  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes
  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook
  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5
  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE
  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode
  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules
  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound
  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3
  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()
  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree
  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION
  * Cephfs + fscache: unable to handle kernel NULL pointer dereference at
    0000000000000000 IP: jbd2__journal_start+0x22/0x1f0 (LP: #1783246)
    - ceph: track read contexts in ceph_file_info
  * Touchpad of ThinkPad P52 failed to work with message "lost sync at byte"
    (LP: #1779802)
    - Input: elantech - fix V4 report decoding for module with middle key
    - Input: elantech - enable middle button of touchpads on ThinkPad P52
  * xhci_hcd 0000:00:14.0: Root hub is not suspended (LP: #1779823)
    - usb: xhci: dbc: Fix lockdep warning
    - usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started
  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation
  * CVE-2018-10840
    - ext4: correctly handle a zero-length xattr with a non-zero e_value_offs
  * CVE-2018-11412
    - ext4: do not allow external inodes for inline data
  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data
  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  * CVE-2018-12904
    - kvm: nVMX: Enforce cpl=0 for VMX instructions
  * Error parsing PCC subspaces from PCCT (LP: #1528684)
    - mailbox: PCC: erroneous error message when parsing ACPI PCCT
  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp
  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories
  * Invoking obsolete 'firmware_install' target breaks snap build (LP: #1782166)
    - snapcraft.yaml: stop invoking the obsolete (and non-existing)
      'firmware_install' target
  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build
  * Allow Raven Ridge's audio controller to be runtime suspended (LP: #1782540)
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
  * CVE-2018-11506
    - sr: pass down correctly sized SCSI sense buffer
  * Bionic update: upstream stable patchset 2018-07-24 (LP: #1783418)
    - net: Fix a bug in removing queues from XPS map
    - net/mlx4_core: Fix error handling in mlx4_init_port_info.
    - net/sched: fix refcnt leak in the error path of tcf_vlan_init()
    - net: sched: red: avoid hashing NULL child
    - net/smc: check for missing nlattrs in SMC_PNETID messages
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - vmxnet3: set the DMA mask before the first DMA map operation
    - vmxnet3: use DMA memory barriers where required
    - hv_netvsc: empty current transmit aggregation if flow blocked
    - hv_netvsc: Use the num_online_cpus() for channel limit
    - hv_netvsc: avoid retry on send during shutdown
    - hv_netvsc: only wake transmit queue if link is up
    - hv_netvsc: fix error unwind handling if vmbus_open fails
    - hv_netvsc: cancel subchannel setup before halting device
    - hv_netvsc: fix race in napi poll when rescheduling
    - hv_netvsc: defer queue selection to VF
    - hv_netvsc: disable NAPI before channel close
    - hv_netvsc: use RCU to fix concurrent rx and queue changes
    - hv_netvsc: change GPAD teardown order on older versions
    - hv_netvsc: common detach logic
    - hv_netvsc: Use Windows version instead of NVSP version on GPAD teardown
    - hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl()
    - hv_netvsc: Ensure correct teardown message sequence order
    - hv_netvsc: Fix a network regression after ifdown/ifup
    - sparc: vio: use put_device() instead of kfree()
    - ext2: fix a block leak
    - s390: add assembler macros for CPU alternatives
    - s390: move expoline assembler macros to a header
    - s390/crc32-vx: use expoline for indirect branches
    - s390/lib: use expoline for indirect branches
    - s390/ftrace: use expoline for indirect branches
    - s390/kernel: use expoline for indirect branches
    - s390: move spectre sysfs attribute code
    - s390: extend expoline to BC instructions
    - s390: use expoline thunks in the BPF JIT
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
    - scsi: zfcp: fix infinite iteration on ERP ready list
    - loop: don't call into filesystem while holding lo_ctl_mutex
    - loop: fix LOOP_GET_STATUS lock imbalance
    - cfg80211: limit wiphy names to 128 bytes
    - hfsplus: stop workqueue when fill_super() failed
    - x86/kexec: Avoid double free_page() upon do_kexec_load() failure
    - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
    - usb: dwc3: Undo PHY init if soft reset fails
    - usb: dwc3: omap: don't miss events during suspend/resume
    - usb: gadget: core: Fix use-after-free of usb_request
    - usb: gadget: fsl_udc_core: fix ep valid checks
    - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
    - usb: cdc_acm: prevent race at write to acm while system resumes
    - net: usbnet: fix potential deadlock on 32bit hosts
    - ARM: dts: imx7d-sdb: Fix regulator-usb-otg2-vbus node name
    - usb: host: xhci-plat: revert "usb: host: xhci-plat: enable clk in resume
      timing"
    - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
    - net/usb/qmi_wwan.c: Add USB id for lt4120 modem
    - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
    - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
    - ALSA: usb-audio: Add native DSD support for Luxman DA-06
    - usb: dwc3: Add SoftReset PHY synchonization delay
    - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
    - usb: dwc3: Makefile: fix link error on randconfig
    - xhci: zero usb device slot_id member when disabling and freeing a xhci slot
    - usb: dwc2: Fix interval type issue
    - usb: dwc2: hcd: Fix host channel halt flow
    - usb: dwc2: host: Fix transaction errors in host mode
    - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
    - usb: gadget: ffs: Execute copy_to_user() with USER_DS set
    - usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS
    - usb: gadget: udc: change comparison to bitshift when dealing with a mask
    - usb: gadget: composite: fix incorrect handling of OS desc requests
    - media: lgdt3306a: Fix module count mismatch on usb unplug
    - media: em28xx: USB bulk packet size fix
    - Bluetooth: btusb: Add device ID for RTL8822BE
    - xhci: Show what USB release number the xHC supports from protocol capablity
    - staging: bcm2835-audio: Release resources on module_exit()
    - staging: lustre: fix bug in osc_enter_cache_try
    - staging: fsl-dpaa2/eth: Fix incorrect casts
    - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
    - staging: ks7010: Use constants from ieee80211_eid instead of literal ints.
    - staging: lustre: lmv: correctly iput lmo_root
    - crypto: inside-secure - wait for the request to complete if in the backlog
    - crypto: atmel-aes - fix the keys zeroing on errors
    - crypto: ccp - don't disable interrupts while setting up debugfs
    - crypto: inside-secure - do not process request if no command was issued
    - crypto: inside-secure - fix the cache_len computation
    - crypto: inside-secure - fix the extra cache computation
    - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
    - crypto: inside-secure - fix the invalidation step during cra_exit
    - scsi: mpt3sas: fix an out of bound write
    - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
    - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
    - scsi: sym53c8xx_2: iterator underflow in sym_getsync()
    - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
    - scsi: qla2xxx: Avoid triggering undefined behavior in
      qla2x00_mbx_completion()
    - scsi: storvsc: Increase cmd_per_lun for higher speed devices
    - scsi: qedi: Fix truncation of CHAP name and secret
    - scsi: aacraid: fix shutdown crash when init fails
    - scsi: qla4xxx: skip error recovery in case of register disconnect.
    - scsi: qedi: Fix kernel crash during port toggle
    - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
    - scsi: sd: Keep disk read-only when re-reading partition
    - scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled
    - scsi: aacraid: Insure command thread is not recursively stopped
    - scsi: core: Make SCSI Status CONDITION MET equivalent to GOOD
    - scsi: mvsas: fix wrong endianness of sgpio api
    - ASoC: hdmi-codec: Fix module unloading caused kernel crash
    - ASoC: rockchip: rk3288-hdmi-analog: Select needed codecs
    - ASoC: samsung: odroid: Fix 32000 sample rate handling
    - ASoC: topology: create TLV data for dapm widgets
    - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
    - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228
    - clk: Don't show the incorrect clock phase
    - clk: hisilicon: mark wdt_mux_p[] as const
    - clk: tegra: Fix pll_u rate configuration
    - clk: rockchip: Prevent calculating mmc phase if clock rate is zero
    - clk: samsung: s3c2410: Fix PLL rates
    - clk: samsung: exynos7: Fix PLL rates
    - clk: samsung: exynos5260: Fix PLL rates
    - clk: samsung: exynos5433: Fix PLL rates
    - clk: samsung: exynos5250: Fix PLL rates
    - clk: samsung: exynos3250: Fix PLL rates
    - media: dmxdev: fix error code for invalid ioctls
    - media: Don't let tvp5150_get_vbi() go out of vbi_ram_default array
    - media: ov5645: add missing of_node_put() in error path
    - media: cx23885: Override 888 ImpactVCBe crystal frequency
    - media: cx23885: Set subdev host data to clk_freq pointer
    - media: s3c-camif: fix out-of-bounds array access
    - media: lgdt3306a: Fix a double kfree on i2c device remove
    - media: em28xx: Add Hauppauge SoloHD/DualHD bulk models
    - media: v4l: vsp1: Fix display stalls when requesting too many inputs
    - media: i2c: adv748x: fix HDMI field heights
    - media: vb2: Fix videobuf2 to map correct area
    - media: vivid: fix incorrect capabilities for radio
    - media: cx25821: prevent out-of-bounds read on array card
    - serial: xuartps: Fix out-of-bounds access through DT alias
    - serial: sh-sci: Fix out-of-bounds access through DT alias
    - serial: samsung: Fix out-of-bounds access through serial port index
    - serial: mxs-auart: Fix out-of-bounds access through serial port index
    - serial: imx: Fix out-of-bounds access through serial port index
    - serial: fsl_lpuart: Fix out-of-bounds access through DT alias
    - serial: arc_uart: Fix out-of-bounds access through DT alias
    - serial: 8250: Don't service RX FIFO if interrupts are disabled
    - serial: altera: ensure port->regshift is honored consistently
    - rtc: snvs: Fix usage of snvs_rtc_enable
    - rtc: hctosys: Ensure system time doesn't overflow time_t
    - rtc: rk808: fix possible race condition
    - rtc: m41t80: fix race conditions
    - rtc: tx4939: avoid unintended sign extension on a 24 bit shift
    - rtc: rp5c01: fix possible race condition
    - rtc: goldfish: Add missing MODULE_LICENSE
    - cxgb4: Correct ntuple mask validation for hash filters
    - net: dsa: bcm_sf2: Fix RX_CLS_LOC_ANY overwrite for last rule
    - net: dsa: Do not register devlink for unused ports
    - net: dsa: bcm_sf2: Fix IPv6 rules and chain ID
    - net: dsa: bcm_sf2: Fix IPv6 rule half deletion
    - 3c59x: convert to generic DMA API
    - net: ip6_gre: Request headroom in __gre6_xmit()
    - net: ip6_gre: Split up ip6gre_tnl_link_config()
    - net: ip6_gre: Split up ip6gre_tnl_change()
    - net: ip6_gre: Split up ip6gre_newlink()
    - net: ip6_gre: Split up ip6gre_changelink()
    - qed: LL2 flush isles when connection is closed
    - qed: Fix possibility of list corruption during rmmod flows
    - qed: Fix LL2 race during connection terminate
    - powerpc: Move default security feature flags
    - Bluetooth: btusb: Add support for Intel Bluetooth device 22560 [8087:0026]
    - staging: fsl-dpaa2/eth: Fix incorrect kfree
    - crypto: inside-secure - move the digest to the request context
    - scsi: lpfc: Fix NVME Initiator FirstBurst
    - serial: mvebu-uart: fix tx lost characters
  * Bionic update: upstream stable patchset 2018-07-20 (LP: #1782846)
    - usbip: usbip_host: refine probe and disconnect debug msgs to be useful
    - usbip: usbip_host: delete device from busid_table after rebind
    - usbip: usbip_host: run rebind from exit when module is removed
    - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
    - usbip: usbip_host: fix bad unlock balance during stub_probe()
    - ALSA: usb: mixer: volume quirk for CM102-A+/102S+
    - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
    - ALSA: control: fix a redundant-copy issue
    - spi: pxa2xx: Allow 64-bit DMA
    - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
    - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
    - KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
    - KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
    - vfio: ccw: fix cleanup if cp_prefetch fails
    - tracing/x86/xen: Remove zero data size trace events
      trace_xen_mmu_flush_tlb{_all}
    - tee: shm: fix use-after-free via temporarily dropped reference
    - netfilter: nf_tables: free set name in error path
    - netfilter: nf_tables: can't fail after linking rule into active rule list
    - netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
    - i2c: designware: fix poll-after-enable regression
    - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
    - drm: Match sysfs name in link removal to link creation
    - lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
    - radix tree: fix multi-order iteration race
    - mm: don't allow deferred pages with NEED_PER_CPU_KM
    - drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
    - s390/qdio: fix access to uninitialized qdio_q fields
    - s390/qdio: don't release memory in qdio_setup_irq()
    - s390: remove indirect branch from do_softirq_own_stack
    - x86/pkeys: Override pkey when moving away from PROT_EXEC
    - x86/pkeys: Do not special case protection key 0
    - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
      definition for mixed mode
    - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
    - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
    - tick/broadcast: Use for_each_cpu() specially on UP kernels
    - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
    - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
    - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
    - Btrfs: fix xattr loss after power failure
    - Btrfs: send, fix invalid access to commit roots due to concurrent
      snapshotting
    - btrfs: property: Set incompat flag if lzo/zstd compression is set
    - btrfs: fix crash when trying to resume balance without the resume flag
    - btrfs: Split btrfs_del_delalloc_inode into 2 functions
    - btrfs: Fix delalloc inodes invalidation during transaction abort
    - btrfs: fix reading stale metadata blocks after degraded raid1 mounts
    - xhci: Fix USB3 NULL pointer dereference at logical disconnect.
    - KVM: arm/arm64: Properly protect VGIC locks from IRQs
    - KVM: arm/arm64: VGIC/ITS: Promote irq_lock() in update_affinity
    - hwmon: (k10temp) Fix reading critical temperature register
    - hwmon: (k10temp) Use API function to access System Management Network
    - vsprintf: Replace memory barrier with static_key for random_ptr_key update
    - x86/amd_nb: Add support for Raven Ridge CPUs
    - x86/apic/x2apic: Initialize cluster ID properly
  * Bionic update: upstream stable patchset 2018-07-09 (LP: #1780858)
    - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
    - bridge: check iface upper dev when setting master via ioctl
    - dccp: fix tasklet usage
    - ipv4: fix fnhe usage by non-cached routes
    - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
    - llc: better deal with too small mtu
    - net: ethernet: sun: niu set correct packet size in skb
    - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
    - net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
    - net/mlx4_en: Verify coalescing parameters are in range
    - net/mlx5e: Err if asked to offload TC match on frag being first
    - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
    - net sched actions: fix refcnt leak in skbmod
    - net_sched: fq: take care of throttled flows before reuse
    - net: support compat 64-bit time in {s,g}etsockopt
    - net/tls: Don't recursively call push_record during tls_write_space callbacks
    - net/tls: Fix connection stall on partial tls record
    - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
    - qmi_wwan: do not steal interfaces from class drivers
    - r8169: fix powering up RTL8168h
    - rds: do not leak kernel memory to user land
    - sctp: delay the authentication for the duplicated cookie-echo chunk
    - sctp: fix the issue that the cookie-ack with auth can't get processed
    - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
    - sctp: remove sctp_chunk_put from fail_mark err path in
      sctp_ulpevent_make_rcvmsg
    - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
    - tcp_bbr: fix to zero idle_restart only upon S/ACKed data
    - tcp: ignore Fast Open on repair mode
    - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
    - bonding: do not allow rlb updates to invalid mac
    - bonding: send learning packets for vlans on slave
    - net: sched: fix error path in tcf_proto_create() when modules are not
      configured
    - net/mlx5e: TX, Use correct counter in dma_map error flow
    - net/mlx5: Avoid cleaning flow steering table twice during error flow
    - hv_netvsc: set master device
    - ipv6: fix uninit-value in ip6_multipath_l3_keys()
    - net/mlx5e: Allow offloading ipv4 header re-write for icmp
    - nsh: fix infinite loop
    - udp: fix SO_BINDTODEVICE
    - l2tp: revert "l2tp: fix missing print session offset info"
    - proc: do not access cmdline nor environ from file-backed areas
    - net/smc: restrict non-blocking connect finish
    - mlxsw: spectrum_switchdev: Do not remove mrouter port from MDB's ports list
    - net/mlx5e: DCBNL fix min inline header size for dscp
    - net: systemport: Correclty disambiguate driver instances
    - sctp: clear the new asoc's stream outcnt in sctp_stream_update
    - tcp: restore autocorking
    - tipc: fix one byte leak in tipc_sk_set_orig_addr()
    - hv_netvsc: Fix net device attach on older Windows hosts
  * Bionic update: upstream stable patchset 2018-07-06 (LP: #1780499)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ipvs: fix rtnl_lock lockups caused by start_sync_thread
    - netfilter: ebtables: don't attempt to allocate 0-sized compat array
    - kcm: Call strp_stop before strp_done in kcm_attach
    - crypto: af_alg - fix possible uninit-value in alg_bind()
    - netlink: fix uninit-value in netlink_sendmsg
    - net: fix rtnh_ok()
    - net: initialize skb->peeked when cloning
    - net: fix uninit-value in __hw_addr_add_ex()
    - dccp: initialize ireq->ir_mark
    - ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
    - soreuseport: initialise timewait reuseport field
    - inetpeer: fix uninit-value in inet_getpeer
    - memcg: fix per_node_info cleanup
    - perf: Remove superfluous allocation error check
    - tcp: fix TCP_REPAIR_QUEUE bound checking
    - bdi: wake up concurrent wb_shutdown() callers.
    - bdi: Fix oops in wb_workfn()
    - gpioib: do not free unrequested descriptors
    - gpio: fix aspeed_gpio unmask irq
    - gpio: fix error path in lineevent_create
    - rfkill: gpio: fix memory leak in probe error path
    - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
    - dm integrity: use kvfree for kvmalloc'd memory
    - tracing: Fix regex_match_front() to not over compare the test string
    - z3fold: fix reclaim lock-ups
    - mm: sections are not offlined during memory hotremove
    - mm, oom: fix concurrent munlock and oom reaper unmap, v3
    - ceph: fix rsize/wsize capping in ceph_direct_read_write()
    - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
    - can: hi311x: Acquire SPI lock on ->do_get_berr_counter
    - can: hi311x: Work around TX complete interrupt erratum
    - drm/vc4: Fix scaling of uni-planar formats
    - drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log
    - drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear()
    - drm/atomic: Clean private obj old_state/new_state in
      drm_atomic_state_default_clear()
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - cpufreq: schedutil: Avoid using invalid next_freq
    - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
    - Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome
      chipsets
    - thermal: exynos: Reading temperature makes sense only when TMU is turned on
    - thermal: exynos: Propagate error value from tmu_read()
    - nvme: add quirk to force medium priority for SQ creation
    - smb3: directory sync should not return an error
    - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
    - tracing/uprobe_event: Fix strncpy corner case
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
    - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr()
    - bdi: Fix use after free bug in debugfs_remove()
    - drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages
    - drm/i915: Adjust eDP's logical vco in a reliable place.
    - drm/nouveau/ttm: don't dereference nvbo::cli, it can outlive client
    - sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
  * Bionic update: upstream stable patchset 2018-06-26 (LP: #1778759)
    - percpu: include linux/sched.h for cond_resched()
    - ACPI / button: make module loadable when booted in non-ACPI mode
    - USB: serial: option: Add support for Quectel EP06
    - ALSA: hda - Fix incorrect usage of IS_REACHABLE()
    - ALSA: pcm: Check PCM state at xfern compat ioctl
    - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
    - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation
      for array index
    - ALSA: aloop: Mark paused device as inactive
    - ALSA: aloop: Add missing cable lock to ctl API callbacks
    - tracepoint: Do not warn on ENOMEM
    - scsi: target: Fix fortify_panic kernel exception
    - Input: leds - fix out of bound access
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - rtlwifi: btcoex: Add power_on_setting routine
    - rtlwifi: cleanup 8723be ant_sel definition
    - xfs: prevent creating negative-sized file via INSERT_RANGE
    - RDMA/cxgb4: release hw resources on device removal
    - RDMA/ucma: Allow resolving address w/o specifying source address
    - RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow
    - RDMA/mlx5: Protect from shift operand overflow
    - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
    - IB/mlx5: Use unlimited rate when static rate is not supported
    - IB/hfi1: Fix handling of FECN marked multicast packet
    - IB/hfi1: Fix loss of BECN with AHG
    - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used
    - iw_cxgb4: Atomically flush per QP HW CQEs
    - drm/vmwgfx: Fix a buffer object leak
    - drm/bridge: vga-dac: Fix edid memory leak
    - test_firmware: fix setting old custom fw path back on exit, second try
    - errseq: Always report a writeback error once
    - USB: serial: visor: handle potential invalid device configuration
    - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue
    - USB: Accept bulk endpoints with 1024-byte maxpacket
    - USB: serial: option: reimplement interface masking
    - USB: serial: option: adding support for ublox R410M
    - usb: musb: host: fix potential NULL pointer dereference
    - usb: musb: trace: fix NULL pointer dereference in musb_g_tx()
    - platform/x86: asus-wireless: Fix NULL pointer dereference
    - irqchip/qcom: Fix check for spurious interrupts
    - tracing: Fix bad use of igrab in trace_uprobe.c
    - [Config] CONFIG_ARM64_ERRATUM_1024718=y
    - arm64: Add work around for Arm Cortex-A55 Erratum 1024718
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m
    - btrfs: Take trans lock before access running trans in check_delayed_ref
    - drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced
    - xhci: Fix use-after-free in xhci_free_virt_device
    - platform/x86: Kconfig: Fix dell-laptop dependency chain.
    - KVM: x86: remove APIC Timer periodic/oneshot spikes
    - clocksource: Allow clocksource_mark_unstable() on unregistered clocksources
    - clocksource: Initialize cs->wd_list
    - clocksource: Consistent de-rate when marking unstable
  * Bionic update: upstream stable patchset 2018-06-22 (LP: #1778265)
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - random: fix possible sleeping allocation from irq context
    - random: rate limit unseeded randomness warnings
    - usbip: usbip_event: fix to not print kernel pointer address
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - usbip: vhci_hcd: check rhport before using in vhci_hub_control()
    - Revert "xhci: plat: Register shutdown for xhci_plat"
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: don't tie bufs to a vq
    - virtio_console: free buffers after reset
    - virtio_console: drop custom control queue cleanup
    - virtio_console: move removal code
    - virtio_console: reset on out of memory
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Avoid possible error pointer dereference at tty_ldisc_restore().
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: dice: fix OUI for TC group
    - ALSA: dice: fix error path to destroy initialized stream data
    - ALSA: hda - Skip jack and others for non-existing PCM streams
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - ALSA: hda/realtek - Add some fixes for ALC233
    - ALSA: hda/realtek - Update ALC255 depop optimize
    - ALSA: hda/realtek - change the location for one of two front mics
    - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - mtd: rawnand: tango: Fix struct clk memory leak
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
    - vfio: ccw: process ssch with interrupts disabled
    - ANDROID: binder: prevent transactions into own process.
    - PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
    - PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
    - PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
    - PCI: aardvark: Fix PCIe Max Read Request Size setting
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
    - KVM: arm/arm64: Close VMID generation race
    - crypto: drbg - set freed buffers to NULL
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: un-backoff on tick when we have a authenticated session
    - libceph: reschedule a tick in finish_hunting()
    - libceph: validate con->state at the top of try_write()
    - fpga-manager: altera-ps-spi: preserve nCONFIG state
    - earlycon: Use a pointer table to fix __earlycon_table stride
    - drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
    - drm/i915: Enable display WA#1183 from its correct spot
    - objtool, perf: Fix GCC 8 -Wrestrict error
    - tools/lib/subcmd/pager.c: do not alias select() params
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - x86/microcode/intel: Save microcode patch unconditionally
    - x86/microcode: Do not exit early from __reload_late()
    - tick/sched: Do not mess with an enqueued hrtimer
    - arm/arm64: KVM: Add PSCI version selection API
    - powerpc/eeh: Fix race with driver un/bind
    - serial: mvebu-uart: Fix local flags handling on termios update
    - block: do not use interruptible wait anywhere
    - ASoC: dmic: Fix clock parenting
    - PCI / PM: Do not clear state_saved in pci_pm_freeze() when smart suspend is
      set
    - module: Fix display of wrong module .text address
    - drm/edid: Reset more of the display info
    - drm/i915/fbdev: Enable late fbdev initial configuration
    - drm/i915/audio: set minimum CD clock to twice the BCLK
    - drm/amd/display: Fix deadlock when flushing irq
    - drm/amd/display: Disallow enabling CRTC without primary plane with FB
  * Bionic update: upstream stable patchset 2018-06-22 (LP: #1778265) //
    CVE-2018-1108.
    - random: set up the NUMA crng instances after the CRNG is fully initialized
  * Ryzen/Raven Ridge USB ports do not work (LP: #1756700)
    - xhci: Fix USB ports for Dell Inspiron 5775
  * [Ubuntu 1804][boston][ixgbe] EEH causes kernel BUG at /build/linux-
    jWa1Fv/linux-4.15.0/drivers/pci/msi.c:352 (i2S) (LP: #1776389)
    - ixgbe/ixgbevf: Free IRQ when PCI error recovery removes the device
  * Need fix to aacraid driver to prevent panic (LP: #1770095)
    - scsi: aacraid: Correct hba_send to include iu_type
  * kernel: Fix arch random implementation (LP: #1775391)
    - s390/archrandom: Rework arch random implementation.
  * kernel: Fix memory leak on CCA and EP11 CPRB processing. (LP: #1775390)
    - s390/zcrypt: Fix CCA and EP11 CPRB processing failure memory leak.
  * Various fixes for CXL kernel module (LP: #1774471)
    - cxl: Remove function write_timebase_ctrl_psl9() for PSL9
    - cxl: Set the PBCQ Tunnel BAR register when enabling capi mode
    - cxl: Report the tunneled operations status
    - cxl: Configure PSL to not use APC virtual machines
    - cxl: Disable prefault_mode in Radix mode
  * Bluetooth not working (LP: #1764645)
    - Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
  * linux-snapdragon: wcn36xx: mac address generation on boot (LP: #1776491)
    - [Config] arm64: snapdragon: WCN36XX_SNAPDRAGON_HACKS=y
    - SAUCE: wcn36xx: read MAC from file or randomly generate one
  * fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
    - fscache: Fix hanging wait on page discarded by writeback

 -- Stefan Bader <email address hidden>  Thu, 02 Aug 2018 18:19:00 +0200
Deleted in xenial-proposed on 2018-08-17 (Reason: NBS)
linux-kvm (4.4.0-1030.36) xenial; urgency=medium

  * linux-kvm: 4.4.0-1030.36 -proposed tracker (LP: #1784310)

  * Xenial update to 4.4.136 stable release (LP: #1776177)
    - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y

  * DEBUG_WX is not set in Bionic KVM kernel (LP: #1782721)
    - kvm: [Config] enable CONFIG_DEBUG_WX


  [ Ubuntu: 4.4.0-132.158 ]

  * linux: 4.4.0-132.158 -proposed tracker (LP: #1784302)
  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
  * Backport namespaced fscaps to xenial 4.4 (LP: #1778286)
    - Introduce v3 namespaced file capabilities
    - commoncap: move assignment of fs_ns to avoid null pointer dereference
    - capabilities: fix buffer overread on very short xattr
    - commoncap: Handle memory allocation failure.
  * Xenial update to 4.4.140 stable release (LP: #1784409)
    - usb: cdc_acm: Add quirk for Uniden UBC125 scanner
    - USB: serial: cp210x: add CESINEL device ids
    - USB: serial: cp210x: add Silicon Labs IDs for Windows Update
    - n_tty: Fix stall at n_tty_receive_char_special().
    - staging: android: ion: Return an ERR_PTR in ion_map_kernel
    - n_tty: Access echo_* variables carefully.
    - x86/boot: Fix early command-line parsing when matching at end
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - i2c: rcar: fix resume by always initializing registers before transfer
    - ipv4: Fix error return value in fib_convert_metrics()
    - kprobes/x86: Do not modify singlestep buffer while resuming
    - nvme-pci: initialize queue memory before interrupts
    - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
    - ARM: dts: imx6q: Use correct SDMA script for SPI5 core
    - ubi: fastmap: Correctly handle interrupted erasures in EBA
    - mm: hugetlb: yield when prepping struct pages
    - tracing: Fix missing return symbol in function_graph output
    - scsi: sg: mitigate read/write abuse
    - s390: Correct register corruption in critical section cleanup
    - drbd: fix access after free
    - cifs: Fix infinite loop when using hard mount option
    - jbd2: don't mark block as modified if the handle is out of credits
    - ext4: make sure bitmaps and the inode table don't overlap with bg
      descriptors
    - ext4: always check block group bounds in ext4_init_block_bitmap()
    - ext4: only look at the bg_flags field if it is valid
    - ext4: verify the depth of extent tree in ext4_find_extent()
    - ext4: include the illegal physical block in the bad map ext4_error msg
    - ext4: clear i_data in ext4_inode_info when removing inline data
    - ext4: add more inode number paranoia checks
    - ext4: add more mount time checks of the superblock
    - ext4: check superblock mapped prior to committing
    - HID: i2c-hid: Fix "incomplete report" noise
    - HID: hiddev: fix potential Spectre v1
    - HID: debug: check length before copy_to_user()
    - x86/mce: Detect local MCEs properly
    - x86/mce: Fix incorrect "Machine check from unknown source" message
    - media: cx25840: Use subdev host data for PLL override
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - dm bufio: avoid sleeping while holding the dm_bufio lock
    - dm bufio: drop the lock when doing GFP_NOIO allocation
    - mtd: rawnand: mxc: set spare area size register explicitly
    - dm bufio: don't take the lock in dm_bufio_shrink_count
    - mtd: cfi_cmdset_0002: Change definition naming to retry write operation
    - mtd: cfi_cmdset_0002: Change erase functions to retry for error
    - mtd: cfi_cmdset_0002: Change erase functions to check chip good only
    - netfilter: nf_log: don't hold nf_log_mutex during user access
    - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
    - Linux 4.4.140
  * Xenial update to 4.4.139 stable release (LP: #1784382)
    - xfrm6: avoid potential infinite loop in _decode_session6()
    - netfilter: ebtables: handle string from userspace with care
    - ipvs: fix buffer overflow with sync daemon and service
    - atm: zatm: fix memcmp casting
    - net: qmi_wwan: Add Netgear Aircard 779S
    - net/sonic: Use dma_mapping_error()
    - Revert "Btrfs: fix scrub to repair raid6 corruption"
    - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
    - Btrfs: make raid6 rebuild retry more
    - usb: musb: fix remote wakeup racing with suspend
    - bonding: re-evaluate force_primary when the primary slave name changes
    - tcp: verify the checksum of the first data segment in a new connection
    - ext4: update mtime in ext4_punch_hole even if no blocks are released
    - ext4: fix fencepost error in check for inode count overflow during resize
    - driver core: Don't ignore class_dir_create_and_add() failure.
    - btrfs: scrub: Don't use inode pages for device replace
    - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
    - ALSA: hda: add dock and led support for HP EliteBook 830 G5
    - ALSA: hda: add dock and led support for HP ProBook 640 G4
    - cpufreq: Fix new policy initialization during limits updates via sysfs
    - libata: zpodd: make arrays cdb static, reduces object code size
    - libata: zpodd: small read overflow in eject_tray()
    - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
    - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
    - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
    - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
    - usb: do not reset if a low-speed or full-speed device timed out
    - 1wire: family module autoload fails because of upper/lower case mismatch.
    - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
    - ASoC: cirrus: i2s: Fix LRCLK configuration
    - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
    - lib/vsprintf: Remove atomic-unsafe support for %pCr
    - mips: ftrace: fix static function graph tracing
    - branch-check: fix long->int truncation when profiling branches
    - ipmi:bt: Set the timeout before doing a capabilities check
    - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
    - fuse: atomic_o_trunc should truncate pagecache
    - fuse: don't keep dead fuse_conn at fuse_fill_super().
    - fuse: fix control dir setup and teardown
    - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
    - powerpc/ptrace: Fix setting 512B aligned breakpoints with
      PTRACE_SET_DEBUGREG
    - powerpc/ptrace: Fix enforcement of DAWR constraints
    - cpuidle: powernv: Fix promotion from snooze if next state disabled
    - powerpc/fadump: Unregister fadump on kexec down path.
    - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
    - of: unittest: for strings, account for trailing \0 in property length field
    - IB/qib: Fix DMA api warning with debug kernel
    - RDMA/mlx4: Discard unknown SQP work requests
    - mtd: cfi_cmdset_0002: Change write buffer to check correct value
    - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
    - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
    - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
    - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
    - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
    - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
      resume
    - MIPS: io: Add barrier after register read in inX()
    - time: Make sure jiffies_to_msecs() preserves non-zero time periods
    - Btrfs: fix clone vs chattr NODATASUM race
    - iio:buffer: make length types match kfifo types
    - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
    - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
    - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
    - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
    - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
    - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
      ERP_FAILED
    - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
    - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
    - linvdimm, pmem: Preserve read-only setting for pmem devices
    - md: fix two problems with setting the "re-add" device state.
    - ubi: fastmap: Cancel work upon detach
    - UBIFS: Fix potential integer overflow in allocation
    - xfrm: skip policies marked as dead while rehashing
    - backlight: as3711_bl: Fix Device Tree node lookup
    - backlight: max8925_bl: Fix Device Tree node lookup
    - backlight: tps65217_bl: Fix Device Tree node lookup
    - mfd: intel-lpss: Program REMAP register in PIO mode
    - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
    - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
    - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
    - perf intel-pt: Fix MTC timing after overflow
    - perf intel-pt: Fix "Unexpected indirect branch" error
    - perf intel-pt: Fix packet decoding of CYC packets
    - media: v4l2-compat-ioctl32: prevent go past max size
    - media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
    - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
    - NFSv4: Fix possible 1-byte stack overflow in
      nfs_idmap_read_and_verify_message
    - video: uvesafb: Fix integer overflow in allocation
    - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
    - xen: Remove unnecessary BUG_ON from __unbind_from_irq()
    - udf: Detect incorrect directory size
    - Input: elan_i2c_smbus - fix more potential stack buffer overflows
    - Input: elantech - enable middle button of touchpads on ThinkPad P52
    - Input: elantech - fix V4 report decoding for module with middle key
    - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
    - Btrfs: fix unexpected cow in run_delalloc_nocow
    - spi: Fix scatterlist elements size in spi_map_buf
    - block: Fix transfer when chunk sectors exceeds max
    - dm thin: handle running out of data space vs concurrent discard
    - cdc_ncm: avoid padding beyond end of skb
    - Bluetooth: Fix connection if directed advertising and privacy is used
    - Linux 4.4.139
  * Support AverMedia DVD EZMaker 7 USB video capture dongle (LP: #1620762) //
    Xenial update to 4.4.139 stable release (LP: #1784382)
    - media: cx231xx: Add support for AverMedia DVD EZMaker 7
  * vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
    (LP: #1779830)
    - vfio/pci: Hide broken INTx support from user
  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu25
  * Allow multiple mounts of zfs datasets (LP: #1759848)
    - SAUCE: Allow mounting datasets more than once (LP: #1759848)
  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size
  * Redpine: Observed kernel panic while running wireless tests in regression
    mode (LP: #1773410) // Redpine: Observed kernel panic while running soft-ap
    tests (LP: #1777850)
    - SAUCE: Redpine: improve cancel_hw_scan handling to fix kernel panic
  * [HMS] Upgrades to Support SocketCAN over USB on Dell IoT 300x Gateways
    (LP: #1783241)
    - SAUCE: (no-up) upgrade IXXAT USB SocketCAN driver
  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp
  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories
  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build
  * Enable basic support for Solarflare 8000 series NIC (LP: #1783152)
    - sfc: make TSO version a per-queue parameter
    - sfc: Add PCI ID for Solarflare 8000 series 10/40G NIC
  * Redpine: Observed kernel panic while running wireless regressions tests
    (LP: #1777858)
    - SAUCE: Redpine: improve kernel thread handling to fix kernel panic
  * Xenial update to 4.4.138 stable release (LP: #1777389)
    - x86: Remove unused function cpu_has_ht_siblings()
    - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros
    - x86/fpu: Disable AVX when eagerfpu is off
    - x86/fpu: Revert ("x86/fpu: Disable AVX when eagerfpu is off")
    - x86/fpu: Hard-disable lazy FPU mode
    - af_key: Always verify length of provided sadb_key
    - x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c
      code
    - gpio: No NULL owner
    - Clarify (and fix) MAX_LFS_FILESIZE macros
    - KVM: x86: introduce linear_{read,write}_system
    - KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and
      kvm_write_guest_virt_system
    - serial: samsung: fix maxburst parameter for DMA transactions
    - vmw_balloon: fixing double free when batching mode is off
    - kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access
    - Input: goodix - add new ACPI id for GPD Win 2 touch screen
    - crypto: vmx - Remove overly verbose printk from AES init routines
    - Linux 4.4.138
  * Redpine: wifi-ap stopped working after restart (LP: #1773400)
    - SAUCE: Redpine: fix soft-ap invisible issue
  * Xenial update to 4.4.137 stable release (LP: #1777063)
    - tpm: do not suspend/resume if power stays on
    - tpm: self test failure should not cause suspend to fail
    - mmap: introduce sane default mmap limits
    - mmap: relax file size limit for regular files
    - kconfig: Avoid format overflow warning from GCC 8.1
    - xfs: fix incorrect log_flushed on fsync
    - drm: set FMODE_UNSIGNED_OFFSET for drm files
    - brcmfmac: Fix check for ISO3166 code
    - bnx2x: use the right constant
    - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
    - enic: set DMA mask to 47 bit
    - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
    - ipv4: remove warning in ip_recv_error
    - isdn: eicon: fix a missing-check bug
    - netdev-FAQ: clarify DaveM's position for stable backports
    - net/packet: refine check for priv area size
    - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
    - packet: fix reserve calculation
    - qed: Fix mask for physical address in ILT entry
    - net/mlx4: Fix irq-unsafe spinlock usage
    - team: use netdev_features_t instead of u32
    - rtnetlink: validate attributes in do_setlink()
    - net: phy: broadcom: Fix bcm_write_exp()
    - net: metrics: add proper netlink validation
    - Linux 4.4.137
  * Xenial update to 4.4.136 stable release (LP: #1776177)
    - arm64: lse: Add early clobbers to some input/output asm operands
    - powerpc/64s: Clear PCR on boot
    - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
    - sh: New gcc support
    - xfs: detect agfl count corruption and reset agfl
    - Input: elan_i2c_smbus - fix corrupted stack
    - tracing: Fix crash when freeing instances with event triggers
    - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
    - cfg80211: further limit wiphy names to 64 bytes
    - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
    - ASoC: Intel: sst: remove redundant variable dma_dev_name
    - irda: fix overly long udelay()
    - tcp: avoid integer overflows in tcp_rcv_space_adjust()
    - i2c: rcar: make sure clocks are on when doing clock calculation
    - i2c: rcar: rework hw init
    - i2c: rcar: remove unused IOERROR state
    - i2c: rcar: remove spinlock
    - i2c: rcar: refactor setup of a msg
    - i2c: rcar: init new messages in irq
    - i2c: rcar: don't issue stop when HW does it automatically
    - i2c: rcar: check master irqs before slave irqs
    - i2c: rcar: revoke START request early
    - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
    - iio:kfifo_buf: check for uint overflow
    - MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
    - MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
    - scsi: scsi_transport_srp: Fix shost to rport translation
    - stm class: Use vmalloc for the master map
    - hwtracing: stm: fix build error on some arches
    - drm/i915: Disable LVDS on Radiant P845
    - Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
    - [Config] Add CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
    - fix io_destroy()/aio_complete() race
    - mm: fix the NULL mapping case in __isolate_lru_page()
    - sparc64: Fix build warnings with gcc 7.
    - Linux 4.4.136
  * Xenial update to 4.4.135 stable release (LP: #1776158)
    - Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
    - Linux 4.4.135

  [ Ubuntu: 4.4.0-131.157 ]

  * linux: 4.4.0-131.157 -proposed tracker (LP: #1779376)
  * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
    - xen-netfront: Fix mismatched rtnl_unlock
    - xen-netfront: Update features after registering netdev

 -- Khalid Elmously <email address hidden>  Tue, 31 Jul 2018 16:36:46 -0400
Deleted in cosmic-proposed (Reason: NBS)
Superseded in bionic-updates on 2018-08-14
Superseded in bionic-security on 2018-08-14
Deleted in bionic-proposed (Reason: NBS)
linux-kvm (4.15.0-1017.17) bionic; urgency=medium

  [ Ubuntu: 4.15.0-30.32 ]

  * CVE-2018-5390
    - tcp: free batches of packets in tcp_prune_ofo_queue()
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()
    - tcp: call tcp_drop() from tcp_data_queue_ofo()
    - tcp: add tcp_ooo_try_coalesce() helper

 -- Stefan Bader <email address hidden>  Thu, 26 Jul 2018 21:04:07 +0200
Superseded in bionic-security on 2018-08-06
Superseded in bionic-updates on 2018-08-06
Deleted in cosmic-proposed (Reason: NBS)
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1016.16) bionic; urgency=medium

  * linux-kvm: 4.15.0-1016.16 -proposed tracker (LP: #1782180)


  [ Ubuntu: 4.15.0-29.31 ]

  * linux: 4.15.0-29.31 -proposed tracker (LP: #1782173)
  * [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler
    (LP: #1777716)
    - ipmi_ssif: Fix kernel panic at msg_done_handler
  * Update to ocxl driver for 18.04.1 (LP: #1775786)
    - misc: ocxl: use put_device() instead of device_unregister()
    - powerpc: Add TIDR CPU feature for POWER9
    - powerpc: Use TIDR CPU feature to control TIDR allocation
    - powerpc: use task_pid_nr() for TID allocation
    - ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action
    - ocxl: Expose the thread_id needed for wait on POWER9
    - ocxl: Add an IOCTL so userspace knows what OCXL features are available
    - ocxl: Document new OCXL IOCTLs
    - ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait()
  * Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after
    suspend (LP: #1776887)
    - ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL
  * Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194)
    - powerpc: use NMI IPI for smp_send_stop
    - powerpc: Fix smp_send_stop NMI IPI handling
  * IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on
    CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964)
    - rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
  * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383:
    comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
    - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm
      stress-ng: Corrupt inode bitmap"
    - SAUCE: ext4: check for allocation block validity with block group locked

  [ Ubuntu: 4.15.0-28.30 ]

  * linux: 4.15.0-28.30 -proposed tracker (LP: #1781433)
  * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
    - xen-netfront: Fix mismatched rtnl_unlock
    - xen-netfront: Update features after registering netdev

Deleted in cosmic-proposed on 2018-07-19 (Reason: NBS)
Deleted in bionic-proposed on 2018-07-19 (Reason: NBS)
linux-kvm (4.15.0-1015.15) bionic; urgency=medium

  * linux-kvm: 4.15.0-1015.15 -proposed tracker (LP: #1781068)

  [ Ubuntu: 4.15.0-27.29 ]

  * linux: 4.15.0-27.29 -proposed tracker (LP: #1781062)
  * [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99:
    comm stress-ng: Corrupt inode bitmap (LP: #1780137)
    - SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode
      bitmap

Deleted in bionic-proposed on 2018-07-12 (Reason: NBS)
linux-kvm (4.15.0-1014.14) bionic; urgency=medium

  * linux-kvm: 4.15.0-1014.14 -proposed tracker (LP: #1780119)


  [ Ubuntu: 4.15.0-26.28 ]

  * linux: 4.15.0-26.28 -proposed tracker (LP: #1780112)
  * failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud-
    init causes potentially huge boot delays with 4.15 kernels (LP: #1780062)
    - random: Make getrandom() ready earlier

Available diffs

Deleted in cosmic-proposed on 2018-07-16 (Reason: NBS)
Deleted in bionic-proposed on 2018-07-16 (Reason: NBS)
linux-kvm (4.15.0-1013.13) bionic; urgency=medium

  * linux-kvm: 4.15.0-1013.13 -proposed tracker (LP: #1779363)

  * test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM
    kernel (LP: #1766774)
    - [Config]: enable CONFIG_FORTIFY_SOURCE

  * test_250_config_security_perf_events_restrict in kernel security test failed
    with 4.15 KVM kernel (LP: #1766780)
    - [Config]: enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT

  * kata-containers: enable memory hotplug (LP: #1777127)
    - kvm: [Config] Enable memory hotplug

  * kata-containers: Cannot open root device "pmem0p1" (LP: #1761854)
    - kvm: [Config] Enable ACPI NVDIMM

  *  kata-containers: netlink protocol not supported (LP: #1761856)
    - kvm: [Config] Enable IP set and netfilter

  [ Ubuntu: 4.15.0-25.27 ]

  * linux: 4.15.0-25.27 -proposed tracker (LP: #1779354)
  * hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #1777736)
    - scsi: hisi_sas: Update a couple of register settings for v3 hw
  * hisi_sas: Add missing PHY spinlock init (LP: #1777734)
    - scsi: hisi_sas: Add missing PHY spinlock init
  * hisi_sas: improve read performance by pre-allocating slot DMA buffers
    (LP: #1777727)
    - scsi: hisi_sas: use dma_zalloc_coherent()
    - scsi: hisi_sas: Use dmam_alloc_coherent()
    - scsi: hisi_sas: Pre-allocate slot DMA buffers
  * hisi_sas: Failures during host reset (LP: #1777696)
    - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw()
    - scsi: hisi_sas: Fix the conflict between dev gone and host reset
    - scsi: hisi_sas: Adjust task reject period during host reset
    - scsi: hisi_sas: Add a flag to filter PHY events during reset
    - scsi: hisi_sas: Release all remaining resources in clear nexus ha
  * Fake SAS addresses for SATA disks on HiSilicon D05 are non-unique
    (LP: #1776750)
    - scsi: hisi_sas: make SAS address of SATA disks unique
  * Vcs-Git header on bionic linux source package points to zesty git tree
    (LP: #1766055)
    - [Packaging]: Update Vcs-Git
  * large KVM instances run out of IRQ routes (LP: #1778261)
    - SAUCE: kvm -- increase KVM_MAX_IRQ_ROUTES to 2048 on x86

 -- Khalid Elmously <email address hidden>  Sun, 01 Jul 2018 22:29:25 -0400

Available diffs

Superseded in xenial-updates on 2018-08-14
Superseded in xenial-security on 2018-08-14
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1029.34) xenial; urgency=medium

  * linux-kvm: 4.4.0-1029.34 -proposed tracker (LP: #1776826)

  [ Ubuntu: 4.4.0-130.156 ]

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)
  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

Superseded in cosmic-release on 2018-09-10
Superseded in bionic-updates on 2018-07-20
Superseded in bionic-security on 2018-07-20
Deleted in cosmic-proposed (Reason: moved to release)
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1012.12) bionic; urgency=medium

  * linux-kvm: 4.15.0-1012.12 -proposed tracker (LP: #1776345)

  [ Ubuntu: 4.15.0-24.26 ]

  * linux: 4.15.0-24.26 -proposed tracker (LP: #1776338)
  * Bionic update: upstream stable patchset 2018-06-06 (LP: #1775483)
    - drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs
    - i40e: Fix attach VF to VM issue
    - tpm: cmd_ready command can be issued only after granting locality
    - tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
    - tpm: add retry logic
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: fix deadlock while clearing neighbor proxy table
    - team: avoid adding twice the same option to the event list
    - net/smc: fix shutdown in state SMC_LISTEN
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - amd-xgbe: Add pre/post auto-negotiation phy hooks
    - sctp: do not check port in sctp_inet6_cmp_addr
    - amd-xgbe: Improve KR auto-negotiation and training
    - strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
    - amd-xgbe: Only use the SFP supported transceiver signals
    - strparser: Fix incorrect strp->need_bytes value.
    - net: sched: ife: signal not finding metaid
    - tcp: clear tp->packets_out when purging write queue
    - net: sched: ife: handle malformed tlv length
    - net: sched: ife: check on metadata length
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - net: ethernet: ti: cpsw: fix tx vlan priority mapping
    - virtio_net: split out ctrl buffer
    - virtio_net: fix adding vids on big-endian
    - KVM: s390: force bp isolation for VSIE
    - s390: correct module section names for expoline code revert
    - microblaze: Setup dependencies for ASM optimized lib functions
    - commoncap: Handle memory allocation failure.
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - m68k/mac: Don't remap SWIM MMIO region
    - block/swim: Check drive type
    - block/swim: Don't log an error message for an invalid ioctl
    - block/swim: Remove extra put_disk() call from error path
    - block/swim: Rename macros to avoid inconsistent inverted logic
    - block/swim: Select appropriate drive on device open
    - block/swim: Fix array bounds check
    - block/swim: Fix IO error at end of medium
    - tracing: Fix missing tab for hwlat_detector print format
    - s390/cio: update chpid descriptor after resource accessibility event
    - s390/dasd: fix IO error for newly defined devices
    - s390/uprobes: implement arch_uretprobe_is_alive()
    - ACPI / video: Only default only_lcd to true on Win8-ready _desktops_
    - docs: ip-sysctl.txt: fix name of some ipv6 variables
    - net: mvpp2: Fix DMA address mask size
    - net: stmmac: Disable ACS Feature for GMAC >= 4
    - l2tp: hold reference on tunnels in netlink dumps
    - l2tp: hold reference on tunnels printed in pppol2tp proc file
    - l2tp: hold reference on tunnels printed in l2tp/tunnels debugfs file
    - l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file overflow
    - s390/qeth: fix error handling in adapter command callbacks
    - s390/qeth: avoid control IO completion stalls
    - s390/qeth: handle failure on workqueue creation
    - bnxt_en: Fix memory fault in bnxt_ethtool_init()
    - virtio-net: add missing virtqueue kick when flushing packets
    - VSOCK: make af_vsock.ko removable again
    - hwmon: (k10temp) Add temperature offset for Ryzen 2700X
    - hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics
    - s390/cpum_cf: rename IBM z13/z14 counter names
    - kprobes: Fix random address output of blacklist file
    - Revert "pinctrl: intel: Initialize GPIO properly when used through irqchip"
  * Lenovo V330 needs patch in ideapad_laptop module for rfkill (LP: #1774636)
    - SAUCE: Add Lenovo V330 to the ideapad_laptop rfkill blacklist
  * bluetooth controller fail after suspend with USB autosuspend on XPS 13 9360
    (LP: #1775217)
    - Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table
  * [Hyper-V] PCI: hv: Fix 2 hang issues in hv_compose_msi_msg (LP: #1758378)
    - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary
    - PCI: hv: Remove the bogus test in hv_eject_device_work()
    - PCI: hv: Fix a comment typo in _hv_pcifront_read_config()
  * register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow
  * CVE-2018-11508
    - compat: fix 4-byte infoleak via uninitialized struct field
  * Network installs fail on SocioNext board (LP: #1775884)
    - net: netsec: reduce DMA mask to 40 bits
    - net: socionext: reset hardware in ndo_stop
    - net: netsec: enable tx-irq during open callback
  * r8169 ethernet card don't work after returning from suspension
    (LP: #1752772)
    - PCI: Add pcim_set_mwi(), a device-managed pci_set_mwi()
    - r8169: switch to device-managed functions in probe
    - r8169: remove netif_napi_del in probe error path
    - r8169: remove some WOL-related dead code
    - r8169: disable WOL per default
    - r8169: improve interrupt handling
    - r8169: fix interrupt number after adding support for MSI-X interrupts
  * ISST-LTE:KVM:Ubuntu18.04:BostonLC:boslcp3:boslcp3g3:Guest conosle hangs
    after hotplug CPU add operation. (LP: #1759723)
    - genirq/affinity: assign vectors to all possible CPUs
    - genirq/affinity: Don't return with empty affinity masks on error
    - genirq/affinity: Rename *node_to_possible_cpumask as *node_to_cpumask
    - genirq/affinity: Move actual irq vector spreading into a helper function
    - genirq/affinity: Allow irq spreading from a given starting point
    - genirq/affinity: Spread irq vectors among present CPUs as far as possible
    - blk-mq: simplify queue mapping & schedule with each possisble CPU
    - blk-mq: make sure hctx->next_cpu is set correctly
    - blk-mq: Avoid that blk_mq_delay_run_hw_queue() introduces unintended delays
    - blk-mq: make sure that correct hctx->next_cpu is set
    - blk-mq: avoid to write intermediate result to hctx->next_cpu
    - blk-mq: introduce blk_mq_hw_queue_first_cpu() to figure out first cpu
    - blk-mq: don't check queue mapped in __blk_mq_delay_run_hw_queue()
    - nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
    - scsi: hpsa: fix selection of reply queue
    - scsi: megaraid_sas: fix selection of reply queue
    - scsi: core: introduce force_blk_mq
    - scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity
    - scsi: virtio_scsi: unify scsi_host_template
  * Fix several bugs in RDMA/hns driver (LP: #1770974)
    - RDMA/hns: Use structs to describe the uABI instead of opencoding
    - RDMA/hns: Remove unnecessary platform_get_resource() error check
    - RDMA/hns: Remove unnecessary operator
    - RDMA/hns: Add names to function arguments in function pointers
    - RDMA/hns: Fix misplaced call to hns_roce_cleanup_hem_table
    - RDMA/hns: Fix a bug with modifying mac address
    - RDMA/hns: Use free_pages function instead of free_page
    - RDMA/hns: Replace __raw_write*(cpu_to_le*()) with LE write*()
    - RDMA/hns: Bugfix for init hem table
    - RDMA/hns: Intercept illegal RDMA operation when use inline data
    - RDMA/hns: Fix the qp context state diagram
    - RDMA/hns: Only assign mtu if IB_QP_PATH_MTU bit is set
    - RDMA/hns: Remove some unnecessary attr_mask judgement
    - RDMA/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is set
    - RDMA/hns: Adjust the order of cleanup hem table
    - RDMA/hns: Update assignment method for owner field of send wqe
    - RDMA/hns: Submit bad wr
    - RDMA/hns: Fix a couple misspellings
    - RDMA/hns: Add rq inline flags judgement
    - RDMA/hns: Bugfix for rq record db for kernel
    - RDMA/hns: Load the RoCE dirver automatically
    - RDMA/hns: Update convert function of endian format
    - RDMA/hns: Add return operation when configured global param fail
    - RDMA/hns: Not support qp transition from reset to reset for hip06
    - RDMA/hns: Fix the bug with rq sge
    - RDMA/hns: Set desc_dma_addr for zero when free cmq desc
    - RDMA/hns: Enable inner_pa_vld filed of mpt
    - RDMA/hns: Set NULL for __internal_mr
    - RDMA/hns: Fix the bug with NULL pointer
    - RDMA/hns: Bugfix for cq record db for kernel
    - RDMA/hns: Move the location for initializing tmp_len
    - RDMA/hns: Drop local zgid in favor of core defined variable
    - RDMA/hns: Add 64KB page size support for hip08
    - RDMA/hns: Rename the idx field of db
    - RDMA/hns: Modify uar allocation algorithm to avoid bitmap exhaust
    - RDMA/hns: Increase checking CMQ status timeout value
    - RDMA/hns: Add reset process for RoCE in hip08
    - RDMA/hns: Fix the illegal memory operation when cross page
    - RDMA/hns: Implement the disassociate_ucontext API
  * powerpc/livepatch: Implement reliable stack tracing for the consistency
    model (LP: #1771844)
    - powerpc/livepatch: Implement reliable stack tracing for the consistency
      model
  * vmxnet3: update to latest ToT (LP: #1768143)
    - vmxnet3: avoid xmit reset due to a race in vmxnet3
    - vmxnet3: use correct flag to indicate LRO feature
    - vmxnet3: fix incorrect dereference when rxvlan is disabled
  * 4.15.0-22-generic fails to boot on IBM S822LC (POWER8 (raw), altivec
    supported) (LP: #1773162)
    - Revert "powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit"
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
  * Decode ARM CPER records in kernel (LP: #1770244)
    - [Config] CONFIG_UEFI_CPER_ARM=y
    - efi: Move ARM CPER code to new file
    - efi: Parse ARM error information value
  * Adding back alx WoL feature (LP: #1772610)
    - SAUCE: Revert "alx: remove WoL support"
    - SAUCE: alx: add enable_wol paramenter
  * Lancer A0 Asic HBA's won't boot with 18.04 (LP: #1768103)
    - scsi: lpfc: Fix WQ/CQ creation for older asic's.
    - scsi: lpfc: Fix 16gb hbas failing cq create.
  * [LTCTest][OPAL][OP920] cpupower idle-info is not listing stop4 and stop5
    idle states when all CORES are guarded (LP: #1771780)
    - SAUCE: cpuidle/powernv : init all present cpus for deep states
  * Huawei 25G/100G Network Adapters Unsupported (LP: #1770970)
    - net-next/hinic: add pci device ids for 25ge and 100ge card
  * [Ubuntu 18.04.1] POWER9 - Nvidia Volta - Kernel changes to enable Nvidia
    driver on bare metal (LP: #1772991)
    - powerpc/powernv/npu: Fix deadlock in mmio_invalidate()
    - powerpc/powernv/mce: Don't silently restart the machine
    - powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure
    - powerpc/mm: Flush cache on memory hot(un)plug
    - powerpc/powernv/memtrace: Let the arch hotunplug code flush cache
    - powerpc/powernv/npu: Add lock to prevent race in concurrent context
      init/destroy
    - powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback
      parameters
    - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large
      address range
    - powerpc/mce: Fix a bug where mce loops on memory UE.
  * cpum_sf: ensure sample freq is non-zero (LP: #1772593)
    - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
  * PCIe link speeds of 16 GT/s are shown as "Unknown speed" (LP: #1773243)
    - PCI: Add decoding for 16 GT/s link speed
  * False positive ACPI _PRS error messages (LP: #1773295)
    - ACPI / PCI: pci_link: Allow the absence of _PRS and change log level
  * Dell systems crash when disabling Nvidia dGPU (LP: #1773299)
    - ACPI / OSI: Add OEM _OSI strings to disable NVidia RTD3
  * wlp3s0: failed to remove key (1, ff:ff:ff:ff:ff:ff) from hardware (-22)
    (LP: #1720930)
    - iwlwifi: mvm: fix "failed to remove key" message
  * Expose arm64 CPU topology to userspace (LP: #1770231)
    - ACPICA: ACPI 6.2: Additional PPTT flags
    - drivers: base: cacheinfo: move cache_setup_of_node()
    - drivers: base: cacheinfo: setup DT cache properties early
    - cacheinfo: rename of_node to fw_token
    - arm64/acpi: Create arch specific cpu to acpi id helper
    - ACPI/PPTT: Add Processor Properties Topology Table parsing
    - [Config] CONFIG_ACPI_PPTT=y
    - ACPI: Enable PPTT support on ARM64
    - drivers: base cacheinfo: Add support for ACPI based firmware tables
    - arm64: Add support for ACPI based firmware tables
    - arm64: topology: rename cluster_id
    - arm64: topology: enable ACPI/PPTT based CPU topology
    - ACPI: Add PPTT to injectable table list
    - arm64: topology: divorce MC scheduling domain from core_siblings
  * hisi_sas robustness fixes (LP: #1774466)
    - scsi: hisi_sas: delete timer when removing hisi_sas driver
    - scsi: hisi_sas: print device id for errors
    - scsi: hisi_sas: Add some checks to avoid free'ing a sas_task twice
    - scsi: hisi_sas: check host frozen before calling "done" function
    - scsi: hisi_sas: check sas_dev gone earlier in hisi_sas_abort_task()
    - scsi: hisi_sas: stop controller timer for reset
    - scsi: hisi_sas: update PHY linkrate after a controller reset
    - scsi: hisi_sas: change slot index allocation mode
    - scsi: hisi_sas: Change common allocation mode of device id
    - scsi: hisi_sas: Reset disks when discovered
    - scsi: hisi_sas: Create a scsi_host_template per HW module
    - scsi: hisi_sas: Init disks after controller reset
    - scsi: hisi_sas: Try wait commands before before controller reset
    - scsi: hisi_sas: Include TMF elements in struct hisi_sas_slot
    - scsi: hisi_sas: Add v2 hw force PHY function for internal ATA command
    - scsi: hisi_sas: Terminate STP reject quickly for v2 hw
    - scsi: hisi_sas: Fix return value when get_free_slot() failed
    - scsi: hisi_sas: Mark PHY as in reset for nexus reset
  * hisi_sas: Support newer v3 hardware (LP: #1774467)
    - scsi: hisi_sas: update RAS feature for later revision of v3 HW
    - scsi: hisi_sas: check IPTT is valid before using it for v3 hw
    - scsi: hisi_sas: fix PI memory size
    - scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
    - scsi: hisi_sas: remove redundant handling to event95 for v3
    - scsi: hisi_sas: add readl poll timeout helper wrappers
    - scsi: hisi_sas: workaround a v3 hw hilink bug
    - scsi: hisi_sas: Add LED feature for v3 hw
  * hisi_sas: improve performance by optimizing DQ locking (LP: #1774472)
    - scsi: hisi_sas: initialize dq spinlock before use
    - scsi: hisi_sas: optimise the usage of DQ locking
    - scsi: hisi_sas: relocate smp sg map
    - scsi: hisi_sas: make return type of prep functions void
    - scsi: hisi_sas: allocate slot buffer earlier
    - scsi: hisi_sas: Don't lock DQ for complete task sending
    - scsi: hisi_sas: Use device lock to protect slot alloc/free
    - scsi: hisi_sas: add check of device in hisi_sas_task_exec()
    - scsi: hisi_sas: fix a typo in hisi_sas_task_prep()
  * Request to revert SAUCE patches in the 18.04 SRU and update with upstream
    version (LP: #1768431)
    - scsi: cxlflash: Handle spurious interrupts
    - scsi: cxlflash: Remove commmands from pending list on timeout
    - scsi: cxlflash: Synchronize reset and remove ops
    - SAUCE: (no-up) cxlflash: OCXL diff between v2 and v3
  * After update to 4.13-43 Intel Graphics are Laggy (LP: #1773520)
    - SAUCE: Revert "drm/i915/edp: Allow alternate fixed mode for eDP if
      available."
  * ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
    - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table
  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race
  * hns3 driver updates (LP: #1768670)
    - net: hns3: VF should get the real rss_size instead of rss_size_max
    - net: hns3: set the cmdq out_vld bit to 0 after used
    - net: hns3: fix endian issue when PF get mbx message flag
    - net: hns3: fix the queue id for tqp enable&&reset
    - net: hns3: set the max ring num when alloc netdev
    - net: hns3: add support for VF driver inner interface
      hclgevf_ops.get_tqps_and_rss_info
    - net: hns3: refactor the hclge_get/set_rss function
    - net: hns3: refactor the hclge_get/set_rss_tuple function
    - net: hns3: fix for RSS configuration loss problem during reset
    - net: hns3: fix for pause configuration lost during reset
    - net: hns3: fix for use-after-free when setting ring parameter
    - net: hns3: refactor the get/put_vector function
    - net: hns3: fix for coalesce configuration lost during reset
    - net: hns3: refactor the coalesce related struct
    - net: hns3: fix for coal configuation lost when setting the channel
    - net: hns3: add existence check when remove old uc mac address
    - net: hns3: fix for netdev not running problem after calling net_stop and
      net_open
    - net: hns3: fix for ipv6 address loss problem after setting channels
    - net: hns3: unify the pause params setup function
    - net: hns3: fix rx path skb->truesize reporting bug
    - net: hns3: add support for querying pfc puase packets statistic
    - net: hns3: fix for loopback failure when vlan filter is enable
    - net: hns3: fix for buffer overflow smatch warning
    - net: hns3: fix error type definition of return value
    - net: hns3: fix return value error of hclge_get_mac_vlan_cmd_status()
    - net: hns3: add existence checking before adding unicast mac address
    - net: hns3: add result checking for VF when modify unicast mac address
    - net: hns3: reallocate tx/rx buffer after changing mtu
    - net: hns3: fix the VF queue reset flow error
    - net: hns3: fix for vlan table lost problem when resetting
    - net: hns3: increase the max time for IMP handle command
    - net: hns3: change GL update rate
    - net: hns3: change the time interval of int_gl calculating
    - net: hns3: fix for getting wrong link mode problem
    - net: hns3: add get_link support to VF
    - net: hns3: add querying speed and duplex support to VF
    - net: hns3: fix for not returning problem in get_link_ksettings when phy
      exists
    - net: hns3: Changes to make enet watchdog timeout func common for PF/VF
    - net: hns3: Add VF Reset Service Task to support event handling
    - net: hns3: Add VF Reset device state and its handling
    - net: hns3: Add support to request VF Reset to PF
    - net: hns3: Add support to reset the enet/ring mgmt layer
    - net: hns3: Add support to re-initialize the hclge device
    - net: hns3: Changes to support ARQ(Asynchronous Receive Queue)
    - net: hns3: Add *Asserting Reset* mailbox message & handling in VF
    - net: hns3: Changes required in PF mailbox to support VF reset
    - net: hns3: hclge_inform_reset_assert_to_vf() can be static
    - net: hns3: fix for returning wrong value problem in hns3_get_rss_key_size
    - net: hns3: fix for returning wrong value problem in hns3_get_rss_indir_size
    - net: hns3: fix for the wrong shift problem in hns3_set_txbd_baseinfo
    - net: hns3: fix for not initializing VF rss_hash_key problem
    - net: hns3: never send command queue message to IMP when reset
    - net: hns3: remove unnecessary pci_set_drvdata() and devm_kfree()
    - net: hns3: fix length overflow when CONFIG_ARM64_64K_PAGES
    - net: hns3: Remove error log when getting pfc stats fails
    - net: hns3: fix to correctly fetch l4 protocol outer header
    - net: hns3: Fixes the out of bounds access in hclge_map_tqp
    - net: hns3: Fixes the error legs in hclge_init_ae_dev function
    - net: hns3: fix for phy_addr error in hclge_mac_mdio_config
    - net: hns3: Fix to support autoneg only for port attached with phy
    - net: hns3: fix a dead loop in hclge_cmd_csq_clean
    - net: hns3: Fix for packet loss due wrong filter config in VLAN tbls
    - net: hns3: Remove packet statistics in the range of 8192~12287
    - net: hns3: Add support of hardware rx-vlan-offload to HNS3 VF driver
    - net: hns3: Fix for setting mac address when resetting
    - net: hns3: remove add/del_tunnel_udp in hns3_enet module
    - net: hns3: fix for cleaning ring problem
    - net: hns3: refactor the loopback related function
    - net: hns3: Fix for deadlock problem occurring when unregistering ae_algo
    - net: hns3: Fix for the null pointer problem occurring when initializing
      ae_dev failed
    - net: hns3: Add a check for client instance init state
    - net: hns3: Change return type of hnae3_register_ae_dev
    - net: hns3: Change return type of hnae3_register_ae_algo
    - net: hns3: Change return value in hnae3_register_client
    - net: hns3: Fixes the back pressure setting when sriov is enabled
    - net: hns3: Fix for fiber link up problem
    - net: hns3: Add support of .sriov_configure in HNS3 driver
    - net: hns3: Fixes the missing PCI iounmap for various legs
    - net: hns3: Fixes error reported by Kbuild and internal review
    - net: hns3: Fixes API to fetch ethernet header length with kernel default
    - net: hns3: cleanup of return values in hclge_init_client_instance()
    - net: hns3: Fix the missing client list node initialization
    - net: hns3: Fix for hns3 module is loaded multiple times problem
    - net: hns3: Use enums instead of magic number in hclge_is_special_opcode
    - net: hns3: Fix for netdev not running problem after calling net_stop and
      net_open
    - net: hns3: Fixes kernel panic issue during rmmod hns3 driver
    - net: hns3: Fix for CMDQ and Misc. interrupt init order problem
    - net: hns3: Updates RX packet info fetch in case of multi BD
    - net: hns3: Add support for tx_accept_tag2 and tx_accept_untag2 config
    - net: hns3: Add STRP_TAGP field support for hardware revision 0x21
    - net: hns3: Add support to enable TX/RX promisc mode for H/W rev(0x21)
    - net: hns3: Fix for PF mailbox receving unknown message
    - net: hns3: Fixes the state to indicate client-type initialization
    - net: hns3: Fixes the init of the VALID BD info in the descriptor
    - net: hns3: Removes unnecessary check when clearing TX/RX rings
    - net: hns3: Clear TX/RX rings when stopping port & un-initializing client
    - net: hns3: Remove unused led control code
    - net: hns3: Adds support for led locate command for copper port
    - net: hns3: Fixes initalization of RoCE handle and makes it conditional
    - net: hns3: Disable vf vlan filter when vf vlan table is full
    - net: hns3: Add support for IFF_ALLMULTI flag
    - net: hns3: Add repeat address checking for setting mac address
    - net: hns3: Fix setting mac address error
    - net: hns3: Fix for service_task not running problem after resetting
    - net: hns3: Fix for hclge_reset running repeatly problem
    - net: hns3: Fix for phy not link up problem after resetting
    - net: hns3: Add missing break in misc_irq_handle
    - net: hns3: Fix for vxlan tx checksum bug
    - net: hns3: Optimize the PF's process of updating multicast MAC
    - net: hns3: Optimize the VF's process of updating multicast MAC
    - SAUCE: {topost} net: hns3: add support for serdes loopback selftest
    - SAUCE: {topost} net: hns3: RX BD information valid only in last BD except
      VLD bit and buffer size
    - SAUCE: {topost} net: hns3: remove hclge_get_vector_index from
      hclge_bind_ring_with_vector
    - SAUCE: {topost} net: hns3: rename the interface for init_client_instance and
      uninit_client_instance
    - SAUCE: {topost} net: hns3: add vector status check before free vector
    - SAUCE: {topost} net: hns3: add l4_type check for both ipv4 and ipv6
    - SAUCE: {topost} net: hns3: remove unused head file in hnae3.c
    - SAUCE: {topost} net: hns3: extraction an interface for state state
      init|uninit
    - SAUCE: {topost} net: hns3: print the ret value in error information
    - SAUCE: {topost} net: hns3: remove the Redundant put_vector in
      hns3_client_uninit
    - SAUCE: {topost} net: hns3: add unlikely for error check
    - SAUCE: {topost} net: hns3: remove back in struct hclge_hw
    - SAUCE: {topost} net: hns3: use lower_32_bits and upper_32_bits
    - SAUCE: {topost} net: hns3: remove unused hclge_ring_to_dma_dir
    - SAUCE: {topost} net: hns3: remove useless code in hclge_cmd_send
    - SAUCE: {topost} net: hns3: remove some redundant assignments
    - SAUCE: {topost} net: hns3: simplify hclge_cmd_csq_clean
    - SAUCE: {topost} net: hns3: using modulo for cyclic counters in
      hclge_cmd_send
    - SAUCE: {topost} net: hns3: remove a redundant hclge_cmd_csq_done
    - SAUCE: {topost} net: hns3: remove some unused members of some structures
    - SAUCE: {topost} net: hns3: give default option while dependency HNS3 set
    - SAUCE: {topost} net: hns3: use dma_zalloc_coherent instead of
      kzalloc/dma_map_single
    - SAUCE: {topost} net: hns3: modify hnae_ to hnae3_
    - SAUCE: {topost} net: hns3: fix unused function warning in VF driver
    - SAUCE: {topost} net: hns3: remove some redundant assignments
    - SAUCE: {topost} net: hns3: standardize the handle of return value
    - SAUCE: {topost} net: hns3: remove extra space and brackets
    - SAUCE: {topost} net: hns3: fix unreasonable code comments
    - SAUCE: {topost} net: hns3: use decimal for bit offset macros
    - SAUCE: {topost} net: hns3: modify inconsistent bit mask macros
    - SAUCE: {topost} net: hns3: fix mislead parameter name
    - SAUCE: {topost} net: hns3: remove unused struct member and definition
    - SAUCE: {topost} net: hns3: Add SPDX tags to hns3 driver
    - SAUCE: {topost} net: hns3: Add pf reset for hip08 RoCE
    - SAUCE: {topost} net: hns3: optimize the process of notifying roce client
    - SAUCE: {topost} net: hns3: Add calling roce callback function when link
      status change
    - SAUCE: {topost} net: hns3: fix tc setup when netdev is first up
    - SAUCE: {topost} net: hns3: fix for mac pause not disable in pfc mode
    - SAUCE: {topost} net: hns3: fix for waterline not setting correctly
    - SAUCE: {topost} net: hns3: fix for l4 checksum offload bug
    - SAUCE: {topost} net: hns3: fix for mailbox message truncated problem
    - SAUCE: {topost} net: hns3: Add configure for mac minimal frame size
    - SAUCE: {topost} net: hns3: fix warning bug when doing lp selftest
    - SAUCE: {topost} net: hns3: fix get_vector ops in hclgevf_main module
    - SAUCE: {topost} net: hns3: remove the warning when clear reset cause
    - SAUCE: {topost} net: hns3: Use roce handle when calling roce callback
      function
    - SAUCE: {topost} net: hns3: prevent sending command during global or core
      reset
    - SAUCE: {topost} net: hns3: modify the order of initializeing command queue
      register
    - SAUCE: {topost} net: hns3: reset net device with rtnl_lock
    - SAUCE: {topost} net: hns3: prevent to request reset frequently
    - SAUCE: {topost} net: hns3: correct reset event status register
    - SAUCE: {topost} net: hns3: separate roce from nic when resetting
    - SAUCE: net: hns3: Fix for phy link issue when using marvell phy driver
    - SAUCE: {topost} net: hns3: fix return value error in
      hns3_reset_notify_down_enet
    - SAUCE: {topost} net: hns3: remove unnecessary ring configuration operation
      while resetting
    - SAUCE: {topost} net: hns3: fix for reset_level default assignment probelm
    - SAUCE: {topost} net: hns3: fix for using wrong mask and shift in
      hclge_get_ring_chain_from_mbx
    - SAUCE: {topost} net: hns3: fix comments for hclge_get_ring_chain_from_mbx
    - SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF response
    - SAUCE: net: hns3: Fix for VF mailbox receiving unknown message
    - SAUCE: net: hns3: Optimize PF CMDQ interrupt switching process
  * enable mic-mute hotkey and led on Lenovo M820z and M920z (LP: #1774306)
    - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs
  * Bionic update: upstream stable patchset 2018-05-29 (LP: #1774063)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - btrfs: fix unaligned access in readdir
    - x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
    - clocksource/imx-tpm: Correct -ETIME return condition check
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - drm/vc4: Fix memory leak during BO teardown
    - drm/i915/gvt: throw error on unhandled vfio ioctls
    - drm/i915/audio: Fix audio detection issue on GLK
    - drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
    - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
    - drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
    - usb: musb: fix enumeration after resume
    - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
    - usb: musb: Fix external abort in musb_remove on omap2430
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - x86/tsc: Allow TSC calibration without PIT
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - RDMA/core: Clarify rdma_ah_find_type
    - KVM: PPC: Book3S HV: Enable migration of decrementer register
    - netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - KVM: s390: use created_vcpus in more places
    - platform/x86: dell-laptop: Filter out spurious keyboard backlight change
      events
    - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
    - selftest: ftrace: Fix to pick text symbols for kprobes
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - Input: psmouse - fix Synaptics detection when protocol is disabled
    - libbpf: Makefile set specified permission mode
    - Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
    - i40iw: Free IEQ resources
    - i40iw: Zero-out consumer key on allocate stag for FMR
    - perf unwind: Do not look just at the global callchain_param.record_mode
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - perf record: Fix failed memory allocation for get_cpuid_str
    - iommu/exynos: Don't unconditionally steal bus ops
    - powerpc: System reset avoid interleaving oops using die synchronisation
    - iommu/vt-d: Use domain instead of cache fetching
    - dm thin: fix documentation relative to low water mark threshold
    - dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
    - ubifs: Fix uninitialized variable in search_dh_cookie()
    - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
    - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
    - spi: a3700: Clear DATA_OUT when performing a read
    - IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
    - PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
    - Btrfs: fix unexpected EEXIST from btrfs_get_extent
    - Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
    - RDMA/cma: Check existence of netdevice during port validation
    - f2fs: avoid hungtask when GC encrypted block if io_bits is set
    - scsi: devinfo: fix format of the device list
    - scsi: fas216: fix sense buffer initialization
    - Input: stmfts - set IRQ_NOAUTOEN to the irq flag
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - nfp: fix error return code in nfp_pci_probe()
    - block: Set BIO_TRACE_COMPLETION on new bio during split
    - bpf: test_maps: cleanup sockmaps when test ends
    - i40evf: Don't schedule reset_task when device is being removed
    - i40evf: ignore link up if not running
    - platform/x86: thinkpad_acpi: suppress warning about palm detection
    - KVM: s390: vsie: use READ_ONCE to access some SCB fields
    - blk-mq-debugfs: don't allow write on attributes with seq_operations set
    - ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
    - igb: Allow to remove administratively set MAC on VFs
    - igb: Clear TXSTMP when ptp_tx_work() is timeout
    - fm10k: fix "failed to kill vid" message for VF
    - x86/hyperv: Stop suppressing X86_FEATURE_PCID
    - tty: serial: exar: Relocate sleep wake-up handling
    - device property: Define type of PROPERTY_ENRTY_*() macros
    - crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
    - RDMA/uverbs: Use an unambiguous errno for method not supported
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - ixgbe: don't set RXDCTL.RLPML for 82599
    - i40e: program fragmented IPv4 filter input set
    - i40e: fix reported mask for ntuple filters
    - samples/bpf: Partially fixes the bpf.o build
    - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
    - powerpc/numa: Ensure nodes initialized for hotplug
    - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
    - ntb_transport: Fix bug with max_mw_size parameter
    - gianfar: prevent integer wrapping in the rx handler
    - x86/hyperv: Check for required priviliges in hyperv_init()
    - netfilter: x_tables: fix pointer leaks to userspace
    - tcp_nv: fix potential integer overflow in tcpnv_acked
    - kvm: Map PFN-type memory regions as writable (if possible)
    - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when
      running nested
    - fs/dax.c: release PMD lock even when there is no PMD support in DAX
    - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
    - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
    - ocfs2: return error when we attempt to access a dirty bh in jbd2
    - mm/mempolicy: fix the check of nodemask from user
    - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
    - asm-generic: provide generic_pmdp_establish()
    - sparc64: update pmdp_invalidate() to return old pmd value
    - mm: thp: use down_read_trylock() in khugepaged to avoid long block
    - mm: pin address_space before dereferencing it while isolating an LRU page
    - mm/fadvise: discard partial page if endbyte is also EOF
    - openvswitch: Remove padding from packet before L3+ conntrack processing
    - blk-mq: fix discard merge with scheduler attached
    - IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
    - IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
    - IB/ipoib: Fix for potential no-carrier state
    - IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
    - drm/nouveau/pmu/fuc: don't use movw directly anymore
    - s390/eadm: fix CONFIG_BLOCK include dependency
    - netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
    - x86/power: Fix swsusp_arch_resume prototype
    - x86/dumpstack: Avoid uninitlized variable
    - firmware: dmi_scan: Fix handling of empty DMI strings
    - ACPI: processor_perflib: Do not send _PPC change notification if not ready
    - ACPI / bus: Do not call _STA on battery devices with unmet dependencies
    - ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
    - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
    - perf record: Fix period option handling
    - MIPS: Generic: Support GIC in EIC mode
    - perf evsel: Fix period/freq terms setup
    - xen-netfront: Fix race between device setup and open
    - xen/grant-table: Use put_page instead of free_page
    - bpf: sockmap, fix leaking maps with attached but not detached progs
    - RDS: IB: Fix null pointer issue
    - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
    - proc: fix /proc/*/map_files lookup
    - PM / domains: Fix up domain-idle-states OF parsing
    - cifs: silence compiler warnings showing up with gcc-8.0.0
    - bcache: properly set task state in bch_writeback_thread()
    - bcache: fix for allocator and register thread race
    - bcache: fix for data collapse after re-attaching an attached device
    - bcache: return attach error when no cache set exist
    - cpufreq: intel_pstate: Enable HWP during system resume on CPU0
    - selftests/ftrace: Add some missing glob checks
    - rxrpc: Don't put crypto buffers on the stack
    - svcrdma: Fix Read chunk round-up
    - net: Extra '_get' in declaration of arch_get_platform_mac_address
    - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
    - SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
    - net: stmmac: discard disabled flags in interrupt status register
    - bpf: fix rlimit in reuseport net selftest
    - ACPI / EC: Restore polling during noirq suspend/resume phases
    - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
    - vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
    - powerpc/mm/hash64: Zero PGD pages on allocation
    - x86/platform/UV: Fix GAM Range Table entries less than 1GB
    - locking/qspinlock: Ensure node->count is updated before initialising node
    - powerpc/powernv: IMC fix out of bounds memory access at shutdown
    - perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
    - irqchip/gic-v3: Ignore disabled ITS nodes
    - cpumask: Make for_each_cpu_wrap() available on UP as well
    - irqchip/gic-v3: Change pr_debug message to pr_devel
    - RDMA/core: Reduce poll batch for direct cq polling
    - alarmtimer: Init nanosleep alarm timer on stack
    - netfilter: x_tables: cap allocations at 512 mbyte
    - netfilter: x_tables: add counters allocation wrapper
    - netfilter: compat: prepare xt_compat_init_offsets to return errors
    - netfilter: compat: reject huge allocation requests
    - netfilter: x_tables: limit allocation requests for blob rule heads
    - perf: Fix sample_max_stack maximum check
    - perf: Return proper values for user stack errors
    - RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
    - Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
    - mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
    - btrfs: Fix race condition between delayed refs and blockgroup removal
    - mm,vmscan: Allow preallocating memory for register_shrinker().
  * Bionic update: upstream stable patchset 2018-05-24 (LP: #1773233)
    - tty: make n_tty_read() always abort if hangup is in progress
    - cpufreq: CPPC: Use transition_delay_us depending transition_latency
    - ubifs: Check ubifs_wbuf_sync() return code
    - ubi: fastmap: Don't flush fastmap work on detach
    - ubi: Fix error for write access
    - ubi: Reject MLC NAND
    - mm/ksm.c: fix inconsistent accounting of zero pages
    - mm/hmm: hmm_pfns_bad() was accessing wrong struct
    - task_struct: only use anon struct under randstruct plugin
    - fs/reiserfs/journal.c: add missing resierfs_warning() arg
    - resource: fix integer overflow at reallocation
    - ipc/shm: fix use-after-free of shm file via remap_file_pages()
    - mm, slab: reschedule cache_reap() on the same CPU
    - usb: musb: gadget: misplaced out of bounds check
    - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS
    - usb: gadget: udc: core: update usb_ep_queue() documentation
    - ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate
    - KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list
    - ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210
    - arm: dts: mt7623: fix USB initialization fails on bananapi-r2
    - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
    - ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250
    - ARM: dts: at91: sama5d4: fix pinctrl compatible string
    - spi: atmel: init FIFOs before spi enable
    - spi: Fix scatterlist elements size in spi_map_buf
    - spi: Fix unregistration of controller with fixed SPI bus number
    - media: atomisp_fops.c: disable atomisp_compat_ioctl32
    - media: vivid: check if the cec_adapter is valid
    - media: vsp1: Fix BRx conditional path in WPF
    - x86/xen: Delay get_cpu_cap until stack canary is established
    - regmap: Fix reversed bounds check in regmap_raw_write()
    - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
    - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
    - USB: gadget: f_midi: fixing a possible double-free in f_midi
    - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
    - usb: dwc3: prevent setting PRTCAP to OTG from debugfs
    - usb: dwc3: pci: Properly cleanup resource
    - usb: dwc3: gadget: never call ->complete() from ->ep_queue()
    - cifs: fix memory leak in SMB2_open()
    - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
    - smb3: Fix root directory when server returns inode number of zero
    - HID: i2c-hid: fix size check and type usage
    - i2c: i801: Save register SMBSLVCMD value only once
    - i2c: i801: Restore configuration at shutdown
    - CIFS: refactor crypto shash/sdesc allocation&free
    - CIFS: add sha512 secmech
    - CIFS: fix sha512 check in cifs_crypto_secmech_release
    - powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
    - powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9
    - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
    - powerpc/kprobes: Fix call trace due to incorrect preempt count
    - powerpc/kexec_file: Fix error code when trying to load kdump kernel
    - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
    - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
    - HID: Fix hid_report_len usage
    - HID: core: Fix size as type u32
    - soc: mediatek: fix the mistaken pointer accessed when subdomains are added
    - ASoC: ssm2602: Replace reg_default_raw with reg_default
    - ASoC: topology: Fix kcontrol name string handling
    - irqchip/gic: Take lock when updating irq type
    - random: use a tighter cap in credit_entropy_bits_safe()
    - extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO
    - block: use 32-bit blk_status_t on Alpha
    - jbd2: if the journal is aborted then don't allow update of the log tail
    - ext4: shutdown should not prevent get_write_access
    - ext4: eliminate sleep from shutdown ioctl
    - ext4: pass -ESHUTDOWN code to jbd2 layer
    - ext4: don't update checksum of new initialized bitmaps
    - ext4: protect i_disksize update by i_data_sem in direct write path
    - ext4: limit xattr size to INT_MAX
    - ext4: always initialize the crc32c checksum driver
    - ext4: don't allow r/w mounts if metadata blocks overlap the superblock
    - ext4: move call to ext4_error() into ext4_xattr_check_block()
    - ext4: add bounds checking to ext4_xattr_find_entry()
    - ext4: add extra checks to ext4_xattr_block_get()
    - dm crypt: limit the number of allocated pages
    - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
    - RDMA/mlx5: Protect from NULL pointer derefence
    - RDMA/rxe: Fix an out-of-bounds read
    - ALSA: pcm: Fix UAF at PCM release via PCM timer access
    - IB/srp: Fix srp_abort()
    - IB/srp: Fix completion vector assignment algorithm
    - dmaengine: at_xdmac: fix rare residue corruption
    - cxl: Fix possible deadlock when processing page faults from cxllib
    - tpm: self test failure should not cause suspend to fail
    - libnvdimm, dimm: fix dpa reservation vs uninitialized label area
    - libnvdimm, namespace: use a safe lookup for dimm device name
    - nfit, address-range-scrub: fix scrub in-progress reporting
    - nfit: skip region registration for incomplete control regions
    - ring-buffer: Check if memory is available before allocation
    - um: Compile with modern headers
    - um: Use POSIX ucontext_t instead of struct ucontext
    - iommu/vt-d: Fix a potential memory leak
    - mmc: jz4740: Fix race condition in IRQ mask update
    - mmc: tmio: Fix error handling when issuing CMD23
    - PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken
    - clk: mvebu: armada-38x: add support for missing clocks
    - clk: fix false-positive Wmaybe-uninitialized warning
    - clk: mediatek: fix PWM clock source by adding a fixed-factor clock
    - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
    - pwm: rcar: Fix a condition to prevent mismatch value setting to duty
    - thermal: imx: Fix race condition in imx_thermal_probe()
    - dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4
    - watchdog: f71808e_wdt: Fix WD_EN register read
    - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
    - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
    - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
    - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
    - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
    - drm/amdgpu: Add an ATPX quirk for hybrid laptop
    - drm/amdgpu: Fix always_valid bos multiple LRU insertions.
    - drm/amdgpu/sdma: fix mask in emit_pipeline_sync
    - drm/amdgpu: Fix PCIe lane width calculation
    - drm/amdgpu/si: implement get/set pcie_lanes asic callback
    - drm/rockchip: Clear all interrupts before requesting the IRQ
    - drm/radeon: add PX quirk for Asus K73TK
    - drm/radeon: Fix PCIe lane width calculation
    - ALSA: line6: Use correct endpoint type for midi output
    - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
    - ALSA: hda - New VIA controller suppor no-snoop path
    - random: fix crng_ready() test
    - random: use a different mixing algorithm for add_device_randomness()
    - random: crng_reseed() should lock the crng instance that it is modifying
    - random: add new ioctl RNDRESEEDCRNG
    - HID: input: fix battery level reporting on BT mice
    - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
    - HID: wacom: bluetooth: send exit report for recent Bluetooth devices
    - MIPS: uaccess: Add micromips clobbers to bzero invocation
    - MIPS: memset.S: EVA & fault support for small_memset
    - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
    - MIPS: memset.S: Fix clobber of v1 in last_fixup
    - powerpc/eeh: Fix enabling bridge MMIO windows
    - powerpc/lib: Fix off-by-one in alternate feature patching
    - udf: Fix leak of UTF-16 surrogates into encoded strings
    - fanotify: fix logic of events on child
    - mmc: sdhci-pci: Only do AMD tuning for HS200
    - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV
    - jffs2_kill_sb(): deal with failed allocations
    - hypfs_kill_super(): deal with failed allocations
    - orangefs_kill_sb(): deal with allocation failures
    - rpc_pipefs: fix double-dput()
    - Don't leak MNT_INTERNAL away from internal mounts
    - autofs: mount point create should honour passed in mode
    - mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
    - Revert "media: lirc_zilog: driver only sends LIRCCODE"
    - media: staging: lirc_zilog: incorrect reference counting
    - writeback: safer lock nesting
    - Bluetooth: hci_bcm: Add irq_polarity module option
    - mm: hwpoison: disable memory error handling on 1GB hugepage
    - media: rc: oops in ir_timer_keyup after device unplug
    - acpi, nfit: rework NVDIMM leaf method detection
    - ceph: always update atime/mtime/ctime for new inode
    - ext4: fix offset overflow on 32-bit archs in ext4_iomap_begin()
    - ext4: force revalidation of directory pointer after seekdir(2)
    - RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
    - xprtrdma: Fix latency regression on NUMA NFS/RDMA clients
    - xprtrdma: Fix corner cases when handling device removal
    - IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
    - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
    - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
    - mmc: core: Prevent bus reference leak in mmc_blk_init()
    - drm/amd/display: HDMI has no sound after Panel power off/on
    - trace_uprobe: Use %lx to display offset
    - clk: tegra: Mark HCLK, SCLK and EMC as critical
    - pwm: mediatek: Fix up PWM4 and PWM5 malfunction on MT7623
    - pwm: mediatek: Improve precision in rate calculation
    - HID: i2c-hid: Fix resume issue on Raydium touchscreen device
    - s390: add support for IBM z14 Model ZR1
    - drm/i915: Fix hibernation with ACPI S0 target state
    - libnvdimm, dimm: handle EACCES failures from label reads
    - device-dax: allow MAP_SYNC to succeed
    - HID: i2c-hid: fix inverted return value from i2c_hid_command()
  * CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

 -- Kleber Sacilotto de Souza <email address hidden>  Wed, 13 Jun 2018 15:38:35 +0200

Available diffs

Deleted in xenial-proposed on 2018-06-16 (Reason: NBS)
linux-kvm (4.4.0-1028.33) xenial; urgency=medium

  * linux-kvm: 4.4.0-1028.33 -proposed tracker (LP: #1776358)

  [ Ubuntu: 4.4.0-129.155 ]

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)
  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
    - powerpc/numa: Ensure nodes initialized for hotplug
    - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
    - ntb_transport: Fix bug with max_mw_size parameter
    - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
    - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
    - ocfs2: return error when we attempt to access a dirty bh in jbd2
    - mm/mempolicy: fix the check of nodemask from user
    - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
    - asm-generic: provide generic_pmdp_establish()
    - mm: pin address_space before dereferencing it while isolating an LRU page
    - IB/ipoib: Fix for potential no-carrier state
    - x86/power: Fix swsusp_arch_resume prototype
    - firmware: dmi_scan: Fix handling of empty DMI strings
    - ACPI: processor_perflib: Do not send _PPC change notification if not ready
    - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
    - xen-netfront: Fix race between device setup and open
    - xen/grant-table: Use put_page instead of free_page
    - RDS: IB: Fix null pointer issue
    - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
    - proc: fix /proc/*/map_files lookup
    - cifs: silence compiler warnings showing up with gcc-8.0.0
    - bcache: properly set task state in bch_writeback_thread()
    - bcache: fix for allocator and register thread race
    - bcache: fix for data collapse after re-attaching an attached device
    - bcache: return attach error when no cache set exist
    - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
    - locking/qspinlock: Ensure node->count is updated before initialising node
    - irqchip/gic-v3: Change pr_debug message to pr_devel
    - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
    - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
    - scsi: sym53c8xx_2: iterator underflow in sym_getsync()
    - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
    - scsi: qla2xxx: Avoid triggering undefined behavior in
      qla2x00_mbx_completion()
    - ARC: Fix malformed ARC_EMUL_UNALIGNED default
    - usb: gadget: f_uac2: fix bFirstInterface in composite gadget
    - usb: gadget: fsl_udc_core: fix ep valid checks
    - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
    - selftests: memfd: add config fragment for fuse
    - scsi: storvsc: Increase cmd_per_lun for higher speed devices
    - scsi: aacraid: fix shutdown crash when init fails
    - scsi: qla4xxx: skip error recovery in case of register disconnect.
    - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
    - ARM: OMAP3: Fix prm wake interrupt for resume
    - ARM: OMAP1: clock: Fix debugfs_create_*() usage
    - NFC: llcp: Limit size of SDP URI
    - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
    - md raid10: fix NULL deference in handle_write_completed()
    - drm/exynos: fix comparison to bitshift when dealing with a mask
    - usb: musb: fix enumeration after resume
    - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
    - md: raid5: avoid string overflow warning
    - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
    - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
    - s390/cio: fix return code after missing interrupt
    - s390/cio: clear timer when terminating driver I/O
    - ARM: OMAP: Fix dmtimer init for omap1
    - smsc75xx: fix smsc75xx_set_features()
    - regulatory: add NUL to request alpha2
    - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
    - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across
      CPU hotplug operations
    - media: dmxdev: fix error code for invalid ioctls
    - md/raid1: fix NULL pointer dereference
    - batman-adv: fix packet checksum in receive path
    - batman-adv: invalidate checksum on fragment reassembly
    - netfilter: ebtables: convert BUG_ONs to WARN_ONs
    - nvme-pci: Fix nvme queue cleanup if IRQ setup fails
    - clocksource/drivers/fsl_ftm_timer: Fix error return checking
    - r8152: fix tx packets accounting
    - virtio-gpu: fix ioctl and expose the fixed status to userspace.
    - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
    - bcache: fix kcrashes with fio in RAID5 backend dev
    - sit: fix IFLA_MTU ignored on NEWLINK
    - gianfar: Fix Rx byte accounting for ndev stats
    - net/tcp/illinois: replace broken algorithm reference link
    - xen/pirq: fix error path cleanup when binding MSIs
    - Btrfs: send, fix issuing write op when processing hole in no data mode
    - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
    - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
    - watchdog: f71808e_wdt: Fix magic close handling
    - e1000e: Fix check_for_link return value with autoneg off
    - e1000e: allocate ring descriptors with dma_zalloc_coherent
    - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
    - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
    - scsi: sd: Keep disk read-only when re-reading partition
    - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
      sbusfb_ioctl_helper().
    - xen: xenbus: use put_device() instead of kfree()
    - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
    - netfilter: ebtables: fix erroneous reject of last rule
    - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
    - workqueue: use put_device() instead of kfree()
    - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
    - sunvnet: does not support GSO for sctp
    - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
    - batman-adv: fix header size check in batadv_dbg_arp()
    - vti4: Don't count header length twice on tunnel setup
    - vti4: Don't override MTU passed on link creation via IFLA_MTU
    - perf/cgroup: Fix child event counting bug
    - RDMA/ucma: Correct option size check using optlen
    - mm/mempolicy.c: avoid use uninitialized preferred_node
    - selftests: ftrace: Add probe event argument syntax testcase
    - selftests: ftrace: Add a testcase for string type with kprobe_event
    - selftests: ftrace: Add a testcase for probepoint
    - batman-adv: fix multicast-via-unicast transmission with AP isolation
    - batman-adv: fix packet loss for broadcasted DHCP packets to a server
    - ARM: 8748/1: mm: Define vdso_start, vdso_end as array
    - net: qmi_wwan: add BroadMobi BM806U 2020:2033
    - net/usb/qmi_wwan.c: Add USB id for lt4120 modem
    - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
    - llc: properly handle dev_queue_xmit() return value
    - mm/kmemleak.c: wait for scan completion before disabling free
    - net: Fix untag for vlan packets without ethernet header
    - net: mvneta: fix enable of all initialized RXQs
    - sh: fix debug trap failure to process signals before return to user
    - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
    - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl
      table
    - swap: divide-by-zero when zero length swap file on ssd
    - sr: get/drop reference to device in revalidate and check_events
    - Force log to disk before reading the AGF during a fstrim
    - cpufreq: CPPC: Initialize shared perf capabilities of CPUs
    - scsi: aacraid: Insure command thread is not recursively stopped
    - dp83640: Ensure against premature access to PHY registers after reset
    - mm/ksm: fix interaction with THP
    - mm: fix races between address_space dereference and free in page_evicatable
    - Btrfs: bail out on error during replay_dir_deletes
    - Btrfs: fix NULL pointer dereference in log_dir_items
    - btrfs: Fix possible softlock on single core machines
    - ocfs2/dlm: don't handle migrate lockres if already in shutdown
    - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
    - KVM: VMX: raise internal error for exception during invalid protected mode
      state
    - fscache: Fix hanging wait on page discarded by writeback
    - sparc64: Make atomic_xchg() an inline function rather than a macro.
    - rtc: snvs: Fix usage of snvs_rtc_enable
    - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
    - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
    - btrfs: tests/qgroup: Fix wrong tree backref level
    - Btrfs: fix copy_items() return value when logging an inode
    - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
    - xen/acpi: off by one in read_acpi_id()
    - ACPI: acpi_pad: Fix memory leak in power saving threads
    - powerpc/mpic: Check if cpu_possible() in mpic_physmask()
    - m68k: set dma and coherent masks for platform FEC ethernets
    - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
    - hwmon: (nct6775) Fix writing pwmX_mode
    - rtc: hctosys: Ensure system time doesn't overflow time_t
    - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
    - powerpc/perf: Fix kernel address leak via sampling registers
    - tools/thermal: tmon: fix for segfault
    - selftests: Print the test we're running to /dev/kmsg
    - net/mlx5: Protect from command bit overflow
    - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
    - ima: Fix Kconfig to select TPM 2.0 CRB interface
    - [Config] CONFIG_TCG_CRB=y
    - ima: Fallback to the builtin hash algorithm
    - arm: dts: socfpga: fix GIC PPI warning
    - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
    - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
    - clk: Don't show the incorrect clock phase
    - zorro: Set up z->dev.dma_mask for the DMA API
    - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
    - ACPICA: Events: add a return on failure from acpi_hw_register_read
    - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
    - i2c: mv64xxx: Apply errata delay only in standard mode
    - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
    - xhci: zero usb device slot_id member when disabling and freeing a xhci slot
    - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
    - PCI: Restore config space on runtime resume despite being unbound
    - ipmi_ssif: Fix kernel panic at msg_done_handler
    - usb: dwc2: Fix interval type issue
    - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
    - usb: gadget: ffs: Execute copy_to_user() with USER_DS set
    - powerpc: Add missing prototype for arch_irq_work_raise()
    - ASoC: topology: create TLV data for dapm widgets
    - perf/core: Fix perf_output_read_group()
    - hwmon: (pmbus/max8688) Accept negative page register values
    - hwmon: (pmbus/adm1275) Accept negative page register values
    - cdrom: do not call check_disk_change() inside cdrom_open()
    - gfs2: Fix fallocate chunk size
    - usb: gadget: udc: change comparison to bitshift when dealing with a mask
    - usb: gadget: composite: fix incorrect handling of OS desc requests
    - x86/devicetree: Initialize device tree before using it
    - x86/devicetree: Fix device IRQ settings in DT
    - ALSA: vmaster: Propagate slave error
    - media: cx23885: Override 888 ImpactVCBe crystal frequency
    - media: cx23885: Set subdev host data to clk_freq pointer
    - media: s3c-camif: fix out-of-bounds array access
    - dmaengine: pl330: fix a race condition in case of threaded irqs
    - media: em28xx: USB bulk packet size fix
    - clk: rockchip: Prevent calculating mmc phase if clock rate is zero
    - enic: enable rq before updating rq descriptors
    - hwrng: stm32 - add reset during probe
    - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
    - rtc: tx4939: avoid unintended sign extension on a 24 bit shift
    - serial: xuartps: Fix out-of-bounds access through DT alias
    - serial: samsung: Fix out-of-bounds access through serial port index
    - serial: mxs-auart: Fix out-of-bounds access through serial port index
    - serial: imx: Fix out-of-bounds access through serial port index
    - serial: fsl_lpuart: Fix out-of-bounds access through DT alias
    - serial: arc_uart: Fix out-of-bounds access through DT alias
    - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
    - udf: Provide saner default for invalid uid / gid
    - media: cx25821: prevent out-of-bounds read on array card
    - clk: samsung: s3c2410: Fix PLL rates
    - clk: samsung: exynos5260: Fix PLL rates
    - clk: samsung: exynos5433: Fix PLL rates
    - clk: samsung: exynos5250: Fix PLL rates
    - clk: samsung: exynos3250: Fix PLL rates
    - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
    - audit: return on memory error to avoid null pointer dereference
    - MIPS: Octeon: Fix logging messages with spurious periods after newlines
    - drm/rockchip: Respect page offset for PRIME mmap calls
    - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic'
      specified
    - perf tests: Use arch__compare_symbol_names to compare symbols
    - perf report: Fix memory corruption in --branch-history mode --branch-history
    - selftests/net: fixes psock_fanout eBPF test case
    - netlabel: If PF_INET6, check sk_buff ip header version
    - scsi: lpfc: Fix issue_lip if link is disabled
    - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
    - scsi: lpfc: Fix frequency of Release WQE CQEs
    - regulator: of: Add a missing 'of_node_put()' in an error handling path of
      'of_regulator_match()'
    - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
    - Bluetooth: btusb: Add device ID for RTL8822BE
    - kdb: make "mdr" command repeat
    - s390/ftrace: use expoline for indirect branches
    - Linux 4.4.134
  * Support SocketCAN over USB on Dell IoT 300x Gateways (LP: #1774563)
    - [Config] CONFIG_CAN_HMS_USB=m
    - SAUCE: (no-up) Support IXXAT USB SocketCAN device
    - i386/amd64 -- Add new module ixx_usb
  * Ubuntu 16.04 (4.4.0-127) hangs on boot with virtio-scsi MQ enabled
    (LP: #1775235)
    - SAUCE: (no-up) virtio-scsi: Increment reqs counter.
  * register on binfmt_misc may overflow and crash the system (LP: #1775856)
    - fs/binfmt_misc.c: do not allow offset overflow
  * The kernel NULL pointer dereference happens when accessing the task_struct
    by task_cpu() in function cpuacct_charge() (LP: #1775326)
    - sched/cpuacct: Simplify the cpuacct code
  * Xenial update to 4.4.133 stable release (LP: #1775477)
    - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
    - bridge: check iface upper dev when setting master via ioctl
    - dccp: fix tasklet usage
    - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
    - llc: better deal with too small mtu
    - net: ethernet: sun: niu set correct packet size in skb
    - net/mlx4_en: Verify coalescing parameters are in range
    - net_sched: fq: take care of throttled flows before reuse
    - net: support compat 64-bit time in {s,g}etsockopt
    - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
    - qmi_wwan: do not steal interfaces from class drivers
    - r8169: fix powering up RTL8168h
    - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
    - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
    - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
    - bonding: do not allow rlb updates to invalid mac
    - tcp: ignore Fast Open on repair mode
    - sctp: fix the issue that the cookie-ack with auth can't get processed
    - sctp: delay the authentication for the duplicated cookie-echo chunk
    - ALSA: timer: Call notifier in the same spinlock
    - audit: move calcs after alloc and check when logging set loginuid
    - arm64: introduce mov_q macro to move a constant into a 64-bit register
    - [Config] Add CONFIG_ARM64_ERRATUM_1024718=y
    - arm64: Add work around for Arm Cortex-A55 Erratum 1024718
    - futex: Remove unnecessary warning from get_futex_key
    - futex: Remove duplicated code and fix undefined behaviour
    - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
    - lockd: lost rollback of set_grace_period() in lockd_down_net()
    - Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
    - l2tp: revert "l2tp: fix missing print session offset info"
    - pipe: cap initial pipe capacity according to pipe-max-size limit
    - futex: futex_wake_op, fix sign_extend32 sign bits
    - kernel/exit.c: avoid undefined behaviour when calling wait4()
    - usbip: usbip_host: refine probe and disconnect debug msgs to be useful
    - usbip: usbip_host: delete device from busid_table after rebind
    - usbip: usbip_host: run rebind from exit when module is removed
    - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
    - usbip: usbip_host: fix bad unlock balance during stub_probe()
    - ALSA: usb: mixer: volume quirk for CM102-A+/102S+
    - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
    - ALSA: control: fix a redundant-copy issue
    - spi: pxa2xx: Allow 64-bit DMA
    - powerpc/powernv: panic() on OPAL < V3
    - powerpc/powernv: Remove OPALv2 firmware define and references
    - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
    - cpuidle: coupled: remove unused define cpuidle_coupled_lock
    - powerpc: Don't preempt_disable() in show_cpuinfo()
    - vmscan: do not force-scan file lru if its absolute size is small
    - mm: filemap: remove redundant code in do_read_cache_page
    - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to
      complete during a read
    - signals: avoid unnecessary taking of sighand->siglock
    - tracing/x86/xen: Remove zero data size trace events
      trace_xen_mmu_flush_tlb{_all}
    - proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
    - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
    - mm: don't allow deferred pages with NEED_PER_CPU_KM
    - s390/qdio: fix access to uninitialized qdio_q fields
    - s390/qdio: don't release memory in qdio_setup_irq()
    - s390: remove indirect branch from do_softirq_own_stack
    - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
      definition for mixed mode
    - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
    - tick/broadcast: Use for_each_cpu() specially on UP kernels
    - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
    - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
    - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
    - Btrfs: fix xattr loss after power failure
    - btrfs: fix crash when trying to resume balance without the resume flag
    - btrfs: fix reading stale metadata blocks after degraded raid1 mounts
    - net: test tailroom before appending to linear skb
    - packet: in packet_snd start writing at link layer allocation
    - sock_diag: fix use-after-free read in __sk_free
    - tcp: purge write queue in tcp_connect_init()
    - ext2: fix a block leak
    - s390: add assembler macros for CPU alternatives
    - s390: move expoline assembler macros to a header
    - s390/lib: use expoline for indirect branches
    - s390/kernel: use expoline for indirect branches
    - s390: move spectre sysfs attribute code
    - s390: extend expoline to BC instructions
    - s390: use expoline thunks in the BPF JIT
    - scsi: libsas: defer ata device eh commands to libata
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
    - scsi: zfcp: fix infinite iteration on ERP ready list
    - dmaengine: ensure dmaengine helpers check valid callback
    - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
    - gpio: rcar: Add Runtime PM handling for interrupts
    - cfg80211: limit wiphy names to 128 bytes
    - hfsplus: stop workqueue when fill_super() failed
    - x86/kexec: Avoid double free_page() upon do_kexec_load() failure
    - Linux 4.4.133
  * vmxnet3: update to latest ToT (LP: #1768143)
    - vmxnet3: avoid xmit reset due to a race in vmxnet3
    - vmxnet3: use correct flag to indicate LRO feature
    - vmxnet3: fix incorrect dereference when rxvlan is disabled
  * Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
  * Xenial update to 4.4.132 stable release (LP: #1774173)
    - perf/core: Fix the perf_cpu_time_max_percent check
    - bpf: map_get_next_key to return first key on NULL
    - percpu: include linux/sched.h for cond_resched()
    - mac80211: allow not sending MIC up from driver for HW crypto
    - mac80211: allow same PN for AMSDU sub-frames
    - mac80211: Add RX flag to indicate ICV stripped
    - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
    - ath10k: rebuild crypto header in rx data frames
    - gpmi-nand: Handle ECC Errors in erased pages
    - USB: serial: option: Add support for Quectel EP06
    - ALSA: pcm: Check PCM state at xfern compat ioctl
    - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
    - ALSA: aloop: Mark paused device as inactive
    - ALSA: aloop: Add missing cable lock to ctl API callbacks
    - tracepoint: Do not warn on ENOMEM
    - Input: leds - fix out of bound access
    - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
    - xfs: prevent creating negative-sized file via INSERT_RANGE
    - RDMA/ucma: Allow resolving address w/o specifying source address
    - RDMA/mlx5: Protect from shift operand overflow
    - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
    - IB/mlx5: Use unlimited rate when static rate is not supported
    - drm/vmwgfx: Fix a buffer object leak
    - test_firmware: fix setting old custom fw path back on exit, second try
    - USB: serial: visor: handle potential invalid device configuration
    - USB: Accept bulk endpoints with 1024-byte maxpacket
    - USB: serial: option: reimplement interface masking
    - USB: serial: option: adding support for ublox R410M
    - usb: musb: host: fix potential NULL pointer dereference
    - ipvs: fix rtnl_lock lockups caused by start_sync_thread
    - crypto: af_alg - fix possible uninit-value in alg_bind()
    - netlink: fix uninit-value in netlink_sendmsg
    - net: fix rtnh_ok()
    - net: initialize skb->peeked when cloning
    - net: fix uninit-value in __hw_addr_add_ex()
    - dccp: initialize ireq->ir_mark
    - soreuseport: initialise timewait reuseport field
    - perf: Remove superfluous allocation error check
    - tcp: fix TCP_REPAIR_QUEUE bound checking
    - bdi: Fix oops in wb_workfn()
    - f2fs: fix a dead loop in f2fs_fiemap()
    - xfrm_user: fix return value from xfrm_user_rcv_msg
    - rfkill: gpio: fix memory leak in probe error path
    - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
    - tracing: Fix regex_match_front() to not over compare the test string
    - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
    - tracing/uprobe_event: Fix strncpy corner case
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
    - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
    - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - Linux 4.4.132
  * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - x86/syscall: Sanitize syscall table de-references under speculation fix
    - mpls, nospec: Sanitize array index in mpls_label_ok()
    - nospec: Include <asm/barrier.h> dependency
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: bpf: Use barrier_nospec() instead of osb()
  * CVE-2018-3639 (x86)
    - KVM: x86: remove magic number with enum cpuid_leafs
    - SAUCE: x86/cpufeatures: Move CPUID_7_EDX CPUID bits to word 18
    - SAUCE: x86: Remove double include
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
  * cpum_sf: ensure sample freq is non-zero (LP: #1772593)
    - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
  * ELANPAD ELAN0612 does not work, patch available (LP: #1773509)
    - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table
  * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336)
    - SAUCE: CacheFiles: fix a read_waiter/read_copier race
  * Kernel 4.4 NBD size overflow with image size exceeding 1TB (LP: #1772575)
    - nbd: use loff_t for blocksize and nbd_set_size args
    - nbd: fix 64-bit division
  * 4.4.0-127.153 generates many "sit: non-ECT" messages (LP: #1772775)
    - Revert "sit: reload iphdr in ipip6_rcv"
  * Creation of IMA file hashes fails when appraisal is enabled (LP: #1771826)
    - Revert "ima: limit file hash setting by user to fix and log modes"
  * Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN
    tunnels (LP: #1771301)
    - vxlan: correctly handle ipv6.disable module parameter
  * CVE-2018-7755
    - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
  * Support UVC1.5 Camera for Xenial (LP: #1773905)
    - uvcvideo: Enable UVC 1.5 device detection
  * Kernel produces empty lines in /proc/PID/status (LP: #1772671)
    - SAUCE: seccomp: Remove double newline sequence in /proc/PID/status
  * rfi-flush: Switch to new linear fallback flush (LP: #1744173)
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again

 -- Khalid Elmously <email address hidden>  Wed, 13 Jun 2018 00:20:06 -0400

Available diffs

Superseded in xenial-security on 2018-07-02
Superseded in xenial-updates on 2018-07-02
Deleted in xenial-proposed (Reason: NBS)
linux-kvm (4.4.0-1027.32) xenial; urgency=medium

  * linux-kvm: 4.4.0-1027.32 -proposed tracker (LP: #1772964)

  * Xenial update to 4.4.129 stable release (LP: #1768429)
    - [Config] Remove ARCH_HWEIGHT_CFLAGS

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

  * test_072_config_debug_set_module_ronx  in kernel security test failed with
    4.4 X-kvm (LP: #1760646)
    - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX

  * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

  * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

  * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
    kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760649)
    - kvm: [config] enable DEVMEM

  * test_076_config_security_acl_ext4  in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

  * test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

  * test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm
    (LP: #1760643)
    - [Config] enable CONFIG_DEBUG_RODATA

  [ Ubuntu: 4.4.0-128.154 ]

  * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)
  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.
  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines
  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking
  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation
  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces
  * [LTC Test] Ubuntu 18.04:  tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames
  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377
  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC
  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: free buffers after reset
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: hda/realtek - Add some fixes for ALC233
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: validate con->state at the top of try_write()
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
    - serial: mctrl_gpio: Add missing module license
    - Linux 4.4.131
  * Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 //
    CVE-2017-5753
    - SAUCE: s390: print messages for gmb and nobp
  * Xenial update to 4.4.130 stable release (LP: #1768474)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - perf: Return proper values for user stack errors
    - staging: ion : Donnot wakeup kswapd in ion system alloc
    - r8152: add Linksys USB3GIGV1 id
    - Input: drv260x - fix initializing overdrive voltage
    - ath9k_hw: check if the chip failed to wake up
    - jbd2: fix use after free in kjournald2()
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp"
    - Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and
      nobp"
    - Revert "s390: add ppa to kernel entry / exit"
    - Revert "s390: introduce CPU alternatives"
    - s390: introduce CPU alternatives
    - s390: enable CPU alternatives unconditionally
    - s390/alternative: use a copy of the facility bit mask
    - s390: add options to change branch prediction behaviour for the kernel
    - s390: scrub registers on kernel entry and KVM exit
    - s390: add optimized array_index_mask_nospec
    - s390: run user space and KVM guests with modified branch prediction
    - s390: introduce execute-trampolines for branches
    - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
    - s390: do not bypass BPENTER for interrupt system calls
    - s390/entry.S: fix spurious zeroing of r0
    - s390: move nobp parameter functions to nospec-branch.c
    - s390: add automatic detection of the spectre defense
    - [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y
    - s390: report spectre mitigation via syslog
    - s390: add sysfs attributes for spectre
    - s390: correct nospec auto detection init order
    - s390: correct module section names for expoline code revert
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - team: avoid adding twice the same option to the event list
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - sctp: do not check port in sctp_inet6_cmp_addr
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - net: fix deadlock while clearing neighbor proxy table
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - s390/cio: update chpid descriptor after resource accessibility event
    - s390/uprobes: implement arch_uretprobe_is_alive()
    - Linux 4.4.130
    - SAUCE: s390: Add 'nogmb' kernel parameter
  * Xenial update to 4.4.129 stable release (LP: #1768429)
    - media: v4l2-compat-ioctl32: don't oops on overlay
    - parisc: Fix out of array access in match_pci_device()
    - perf intel-pt: Fix overlap detection to identify consecutive buffers
      correctly
    - perf intel-pt: Fix sync_switch
    - perf intel-pt: Fix error recovery from missing TIP packet
    - perf intel-pt: Fix timestamp following overflow
    - radeon: hide pointless #warning when compile testing
    - block/loop: fix deadlock after loop_set_status
    - s390/qdio: don't retry EQBS after CCQ 96
    - s390/qdio: don't merge ERROR output buffers
    - s390/ipl: ensure loadparm valid flag is set
    - getname_kernel() needs to make sure that ->name != ->iname in long case
    - rtl8187: Fix NULL pointer dereference in priv->conf_mutex
    - hwmon: (ina2xx) Fix access to uninitialized mutex
    - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
    - slip: Check if rstate is initialized before uncompressing
    - lan78xx: Correctly indicate invalid OTP
    - x86/hweight: Get rid of the special calling convention
    - [Config] Remove ARCH_HWEIGHT_CFLAGS
    - x86/hweight: Don't clobber %rdi
    - tty: make n_tty_read() always abort if hangup is in progress
    - ubifs: Check ubifs_wbuf_sync() return code
    - ubi: fastmap: Don't flush fastmap work on detach
    - ubi: Fix error for write access
    - ubi: Reject MLC NAND
    - fs/reiserfs/journal.c: add missing resierfs_warning() arg
    - resource: fix integer overflow at reallocation
    - ipc/shm: fix use-after-free of shm file via remap_file_pages()
    - mm, slab: reschedule cache_reap() on the same CPU
    - usb: musb: gadget: misplaced out of bounds check
    - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
    - ARM: dts: at91: sama5d4: fix pinctrl compatible string
    - xen-netfront: Fix hang on device removal
    - regmap: Fix reversed bounds check in regmap_raw_write()
    - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
    - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
    - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
    - usb: dwc3: pci: Properly cleanup resource
    - HID: i2c-hid: fix size check and type usage
    - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
    - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
    - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
    - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
    - HID: Fix hid_report_len usage
    - HID: core: Fix size as type u32
    - ASoC: ssm2602: Replace reg_default_raw with reg_default
    - thunderbolt: Resume control channel after hibernation image is created
    - random: use a tighter cap in credit_entropy_bits_safe()
    - jbd2: if the journal is aborted then don't allow update of the log tail
    - ext4: don't update checksum of new initialized bitmaps
    - ext4: fail ext4_iget for root directory if unallocated
    - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
    - ALSA: pcm: Fix UAF at PCM release via PCM timer access
    - IB/srp: Fix srp_abort()
    - IB/srp: Fix completion vector assignment algorithm
    - dmaengine: at_xdmac: fix rare residue corruption
    - um: Use POSIX ucontext_t instead of struct ucontext
    - iommu/vt-d: Fix a potential memory leak
    - mmc: jz4740: Fix race condition in IRQ mask update
    - clk: mvebu: armada-38x: add support for 1866MHz variants
    - clk: mvebu: armada-38x: add support for missing clocks
    - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
    - thermal: imx: Fix race condition in imx_thermal_probe()
    - watchdog: f71808e_wdt: Fix WD_EN register read
    - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc
    - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
    - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
    - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
    - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
    - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
    - vfio-pci: Virtualize PCIe & AF FLR
    - vfio/pci: Virtualize Maximum Payload Size
    - vfio/pci: Virtualize Maximum Read Request Size
    - ext4: don't allow r/w mounts if metadata blocks overlap the superblock
    - drm/radeon: Fix PCIe lane width calculation
    - ext4: fix crashes in dioread_nolock mode
    - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
    - ALSA: line6: Use correct endpoint type for midi output
    - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
    - ALSA: hda - New VIA controller suppor no-snoop path
    - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
    - MIPS: uaccess: Add micromips clobbers to bzero invocation
    - MIPS: memset.S: EVA & fault support for small_memset
    - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
    - MIPS: memset.S: Fix clobber of v1 in last_fixup
    - powerpc/eeh: Fix enabling bridge MMIO windows
    - powerpc/lib: Fix off-by-one in alternate feature patching
    - jffs2_kill_sb(): deal with failed allocations
    - hypfs_kill_super(): deal with failed allocations
    - rpc_pipefs: fix double-dput()
    - Don't leak MNT_INTERNAL away from internal mounts
    - autofs: mount point create should honour passed in mode
    - mm: allow GFP_{FS,IO} for page_cache_read page cache allocation
    - mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
    - ext4: bugfix for mmaped pages in mpage_release_unused_pages()
    - fanotify: fix logic of events on child
    - writeback: safer lock nesting
    - Linux 4.4.129
  * CVE-2018-8087
    - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
    DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
    - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
  * [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671)
    - Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer"
    - Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer"
    - mwifiex: cfg80211: do not change virtual interface during scan processing
  * user space process hung in 'D' state waiting for disk io to complete
    (LP: #1750038)
    - NFS: Use GFP_NOIO for two allocations in writeback
  * Acer Swift sf314-52 power button not managed  (LP: #1766054)
    - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode

 -- Khalid Elmously <email address hidden>  Fri, 25 May 2018 16:30:58 -0400
Superseded in cosmic-release on 2018-07-03
Superseded in bionic-security on 2018-07-02
Superseded in bionic-updates on 2018-07-02
Deleted in cosmic-proposed (Reason: moved to release)
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1011.11) bionic; urgency=medium

  * linux-kvm: 4.15.0-1011.11 -proposed tracker (LP: #1772932)

  * Switch Build-Depends: transfig to fig2dev (LP: #1770770)
    - [Config] update Build-Depends: transfig to fig2dev

  [ Ubuntu: 4.15.0-23.25 ]

  * linux: 4.15.0-23.25 -proposed tracker (LP: #1772927)
  * arm64 SDEI support needs trampoline code for KPTI (LP: #1768630)
    - arm64: mmu: add the entry trampolines start/end section markers into
      sections.h
    - arm64: sdei: Add trampoline code for remapping the kernel
  * Some PCIe errors not surfaced through rasdaemon (LP: #1769730)
    - ACPI: APEI: handle PCIe AER errors in separate function
    - ACPI: APEI: call into AER handling regardless of severity
  * qla2xxx: Fix page fault at kmem_cache_alloc_node() (LP: #1770003)
    - scsi: qla2xxx: Fix session cleanup for N2N
    - scsi: qla2xxx: Remove unused argument from qlt_schedule_sess_for_deletion()
    - scsi: qla2xxx: Serialize session deletion by using work_lock
    - scsi: qla2xxx: Serialize session free in qlt_free_session_done
    - scsi: qla2xxx: Don't call dma_free_coherent with IRQ disabled.
    - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
    - scsi: qla2xxx: Prevent relogin trigger from sending too many commands
    - scsi: qla2xxx: Fix double free bug after firmware timeout
    - scsi: qla2xxx: Fixup locking for session deletion
  * Several hisi_sas bug fixes (LP: #1768974)
    - scsi: hisi_sas: dt-bindings: add an property of signal attenuation
    - scsi: hisi_sas: support the property of signal attenuation for v2 hw
    - scsi: hisi_sas: fix the issue of link rate inconsistency
    - scsi: hisi_sas: fix the issue of setting linkrate register
    - scsi: hisi_sas: increase timer expire of internal abort task
    - scsi: hisi_sas: remove unused variable hisi_sas_devices.running_req
    - scsi: hisi_sas: fix return value of hisi_sas_task_prep()
    - scsi: hisi_sas: Code cleanup and minor bug fixes
  * [bionic] machine stuck and bonding not working well when nvmet_rdma module
    is loaded (LP: #1764982)
    - nvmet-rdma: Don't flush system_wq by default during remove_one
    - nvme-rdma: Don't flush delete_wq by default during remove_one
  * Warnings/hang during error handling of SATA disks on SAS controller
    (LP: #1768971)
    - scsi: libsas: defer ata device eh commands to libata
  * Hotplugging a SATA disk into a SAS controller may cause crash (LP: #1768948)
    - ata: do not schedule hot plug if it is a sas host
  * ISST-LTE:pKVM:Ubuntu1804: rcu_sched self-detected stall on CPU follow by CPU
    ATTEMPT TO RE-ENTER FIRMWARE! (LP: #1767927)
    - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
    - powerpc/64s: return more carefully from sreset NMI
    - powerpc/64s: sreset panic if there is no debugger or crash dump handlers
  * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
    - fsnotify: Fix fsnotify_mark_connector race
  * Hang on network interface removal in Xen virtual machine (LP: #1771620)
    - xen-netfront: Fix hang on device removal
  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
    - net: hns: Avoid action name truncation
  * Ubuntu 18.04 kernel crashed while in degraded mode (LP: #1770849)
    - SAUCE: powerpc/perf: Fix memory allocation for core-imc based on
      num_possible_cpus()
  * Switch Build-Depends: transfig to fig2dev (LP: #1770770)
    - [Config] update Build-Depends: transfig to fig2dev
  * smp_call_function_single/many core hangs with stop4 alone (LP: #1768898)
    - cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer
      interrupt
  * Add d-i support for Huawei NICs (LP: #1767490)
    - d-i: add hinic to nic-modules udeb
  * unregister_netdevice: waiting for eth0 to become free. Usage count = 5
    (LP: #1746474)
    - xfrm: reuse uncached_list to track xdsts
  * Include nfp driver in linux-modules (LP: #1768526)
    - [Config] Add nfp.ko to generic inclusion list
  * Kernel panic on boot (m1.small in cn-north-1) (LP: #1771679)
    - x86/xen: Reset VCPU0 info pointer after shared_info remap
  * CVE-2018-3639 (x86)
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - bpf: Prevent memory disambiguation attack
    - KVM: VMX: Expose SSBD properly to guests.
  * Suspend to idle: Open lid didn't resume (LP: #1771542)
    - ACPI / PM: Do not reconfigure GPEs for suspend-to-idle
  * Fix initialization failure detection in SDEI for device-tree based systems
    (LP: #1768663)
    - firmware: arm_sdei: Fix return value check in sdei_present_dt()
  * No driver for Huawei network adapters on arm64 (LP: #1769899)
    - net-next/hinic: add arm64 support
  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated
  * kernel 4.15 breaks nouveau on Lenovo P50 (LP: #1763189)
    - drm/nouveau: Fix deadlock in nv50_mstm_register_connector()
  * update-initramfs not adding i915 GuC firmware for Kaby Lake, firmware fails
    to load (LP: #1728238)
    - Revert "UBUNTU: SAUCE: (no-up) i915: Remove MODULE_FIRMWARE statements for
      unreleased firmware"
  * Battery drains when laptop is off  (shutdown) (LP: #1745646)
    - PCI / PM: Check device_may_wakeup() in pci_enable_wake()
  * Dell Latitude 5490/5590 BIOS update 1.1.9 causes black screen at boot
    (LP: #1764194)
    - drm/i915/bios: filter out invalid DDC pins from VBT child devices
  * Intel 9462 A370:42A4 doesn't work (LP: #1748853)
    - iwlwifi: add shared clock PHY config flag for some devices
    - iwlwifi: add a bunch of new 9000 PCI IDs
  * Fix an issue that some PCI devices get incorrectly suspended (LP: #1764684)
    - PCI / PM: Always check PME wakeup capability for runtime wakeup support
  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking
  * Bionic update to v4.15.18 stable release (LP: #1769723)
    - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to
      ip_set_net_exit()
    - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
    - rds: MP-RDS may use an invalid c_path
    - slip: Check if rstate is initialized before uncompressing
    - vhost: fix vhost_vq_access_ok() log check
    - l2tp: fix races in tunnel creation
    - l2tp: fix race in duplicate tunnel detection
    - ip_gre: clear feature flags when incompatible o_flags are set
    - vhost: Fix vhost_copy_to_user()
    - lan78xx: Correctly indicate invalid OTP
    - media: v4l2-compat-ioctl32: don't oops on overlay
    - media: v4l: vsp1: Fix header display list status check in continuous mode
    - ipmi: Fix some error cleanup issues
    - parisc: Fix out of array access in match_pci_device()
    - parisc: Fix HPMC handler by increasing size to multiple of 16 bytes
    - Drivers: hv: vmbus: do not mark HV_PCIE as perf_device
    - PCI: hv: Serialize the present and eject work items
    - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg()
    - KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode
    - perf/core: Fix use-after-free in uprobe_perf_close()
    - x86/mce/AMD: Get address from already initialized block
    - hwmon: (ina2xx) Fix access to uninitialized mutex
    - ath9k: Protect queue draining by rcu_read_lock()
    - x86/apic: Fix signedness bug in APIC ID validity checks
    - f2fs: fix heap mode to reset it back
    - block: Change a rcu_read_{lock,unlock}_sched() pair into
      rcu_read_{lock,unlock}()
    - nvme: Skip checking heads without namespaces
    - lib: fix stall in __bitmap_parselist()
    - blk-mq: order getting budget and driver tag
    - blk-mq: don't keep offline CPUs mapped to hctx 0
    - ovl: fix lookup with middle layer opaque dir and absolute path redirects
    - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling
    - hugetlbfs: fix bug in pgoff overflow checking
    - nfsd: fix incorrect umasks
    - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure
    - block/loop: fix deadlock after loop_set_status
    - nfit: fix region registration vs block-data-window ranges
    - s390/qdio: don't retry EQBS after CCQ 96
    - s390/qdio: don't merge ERROR output buffers
    - s390/ipl: ensure loadparm valid flag is set
    - get_user_pages_fast(): return -EFAULT on access_ok failure
    - mm/gup_benchmark: handle gup failures
    - getname_kernel() needs to make sure that ->name != ->iname in long case
    - Bluetooth: Fix connection if directed advertising and privacy is used
    - Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-
      low
    - rtl8187: Fix NULL pointer dereference in priv->conf_mutex
    - ovl: set lower layer st_dev only if setting lower st_ino
    - Linux 4.15.18
  * Kernel bug when unplugging Thunderbolt 3 cable, leaves xHCI host controller
    dead (LP: #1768852)
    - xhci: Fix Kernel oops in xhci dbgtty
  * Incorrect blacklist of bcm2835_wdt (LP: #1766052)
    - [Packaging] Fix missing watchdog for Raspberry Pi
  * CVE-2018-8087
    - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
    DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
    - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
  * [ALSA] [PATCH] Clevo P950ER ALC1220 Fixup (LP: #1769721)
    - SAUCE: ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup
  * Bionic: Intermittently sent to Emergency Mode on boot with unhandled kernel
    NULL pointer dereference at  0000000000000980 (LP: #1768292)
    - thunderbolt: Prevent crash when ICM firmware is not running
  * linux-snapdragon: reduce EPROBEDEFER noise during boot (LP: #1768761)
    - [Config] snapdragon: DRM_I2C_ADV7511=y
  * regression Aquantia Corp. AQC107 4.15.0-13-generic -> 4.15.0-20-generic ?
    (LP: #1767088)
    - net: aquantia: Regression on reset with 1.x firmware
    - net: aquantia: oops when shutdown on already stopped device
  * e1000e msix interrupts broken in linux-image-4.15.0-15-generic
    (LP: #1764892)
    - e1000e: Remove Other from EIAC
  * Acer Swift sf314-52 power button not managed  (LP: #1766054)
    - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode
  * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398)
    - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags
  * Change the location for one of two front mics on a lenovo thinkcentre
    machine (LP: #1766477)
    - ALSA: hda/realtek - adjust the location of one mic
  * SRU: bionic: apply 50 ZFS upstream bugfixes (LP: #1764690)
    - SAUCE: (noup) Update zfs to 0.7.5-1ubuntu15 (LP: #1764690)
  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
    - drm/i915/edp: Do not do link training fallback or prune modes on EDP

 -- Khalid Elmously <email address hidden>  Thu, 24 May 2018 15:24:33 +0000
Superseded in xenial-security on 2018-06-11
Superseded in xenial-updates on 2018-06-11
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1026.31) xenial; urgency=medium

  * Xenial update to 4.4.118 stable release (LP: #1756866)
    - kvm: [config] Add CONFIG_DST_CACHE=y

  * getlogin will fail to open /proc/self/loginuid (LP: #1770245)
    - Config: Enable CONFIG_AUDITSYSCALL

  [ Ubuntu: 4.4.0-127.153 ]

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit
  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
    - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
    - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
    - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
    - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
      requested
    - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
    - SAUCE: prctl: Add speculation control prctls
    - x86/process: Optimize TIF checks in __switch_to_xtra()
    - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
    - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - SAUCE: nospec: Allow getting/setting on non-current task
    - SAUCE: proc: Provide details on speculation flaw mitigations
    - SAUCE: seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - SAUCE: x86/bugs: Make boot modes __ro_after_init
    - SAUCE: prctl: Add force disable speculation
    - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
    - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
    - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
    - SAUCE: seccomp: Move speculation migitation control to arch code
    - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
      Store Bypass
    - SAUCE: x86/bugs: Rename _RDS to _SSBD
    - SAUCE: proc: Use underscores for SSBD in 'status'
    - SAUCE: Documentation/spec_ctrl: Do some minor cleanups
    - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
    - SAUCE: x86/bugs: Make cpu_show_common() static
    - x86/entry: define _TIF_ALLWORK_MASK flags explicitly
    - Revert "x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
      microcodes"
    - SAUCE: kvm/cpuid: Fix CPUID_7_0.EDX handling

Superseded in cosmic-release on 2018-06-11
Deleted in cosmic-proposed (Reason: moved to release)
Superseded in bionic-security on 2018-06-11
Superseded in bionic-updates on 2018-06-11
Deleted in bionic-proposed (Reason: moved to -updates)
linux-kvm (4.15.0-1010.10) bionic; urgency=medium

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
    - x86/nospec: Simplify alternative_msr_write()
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

Deleted in xenial-proposed on 2018-05-29 (Reason: NBS)
linux-kvm (4.4.0-1024.29) xenial; urgency=medium

  * linux-kvm: 4.4.0-1024.29 -proposed tracker (LP: #1770019)

  [ Ubuntu: 4.4.0-125.150 ]

  * linux: 4.4.0-125.150 -proposed tracker (LP: #1770011)
  * Unable to insert test_bpf module on Xenial (LP: #1765698)
    - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
    - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
  * virtio_scsi race can corrupt memory, panic kernel (LP: #1765241)
    - SAUCE: (no-up) virtio-scsi: Fix race in target free
  * bpf_map_lookup_elem: BUG: unable to handle kernel paging request
    (LP: #1763454) // CVE-2017-17862
    - SAUCE: Add missing hunks from "bpf: fix branch pruning logic"
  * Xenial: rfkill: fix missing return on rfkill_init  (LP: #1764810)
    - rfkill: fix missing return on rfkill_init
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * Xenial update to 4.4.128 stable release (LP: #1765010)
    - cfg80211: make RATE_INFO_BW_20 the default
    - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
    - rtc: snvs: fix an incorrect check of return value
    - x86/asm: Don't use RBP as a temporary register in
      csum_partial_copy_generic()
    - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
    - IB/srpt: Fix abort handling
    - af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
    - mac80211: bail out from prep_connection() if a reconfig is ongoing
    - bna: Avoid reading past end of buffer
    - qlge: Avoid reading past end of buffer
    - ipmi_ssif: unlock on allocation failure
    - net: cdc_ncm: Fix TX zero padding
    - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
    - lockd: fix lockd shutdown race
    - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
    - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in
      alloc_pid()
    - s390: move _text symbol to address higher than zero
    - net/mlx4_en: Avoid adding steering rules with invalid ring
    - NFSv4.1: Work around a Linux server bug...
    - CIFS: silence lockdep splat in cifs_relock_file()
    - net: qca_spi: Fix alignment issues in rx path
    - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
    - Input: elan_i2c - check if device is there before really probing
    - Input: elantech - force relative mode on a certain module
    - KVM: PPC: Book3S PR: Check copy_to/from_user return values
    - vmxnet3: ensure that adapter is in proper state during force_close
    - SMB2: Fix share type handling
    - bus: brcmstb_gisb: Use register offsets with writes too
    - bus: brcmstb_gisb: correct support for 64-bit address output
    - PowerCap: Fix an error code in powercap_register_zone()
    - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
    - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before
      calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
    - x86/tsc: Provide 'tsc=unstable' boot parameter
    - ARM: dts: imx6qdl-wandboard: Fix audio channel swap
    - ipv6: avoid dad-failures for addresses with NODAD
    - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
    - usb: dwc3: keystone: check return value
    - btrfs: fix incorrect error return ret being passed to mapping_set_error
    - ata: libahci: properly propagate return value of platform_get_irq()
    - neighbour: update neigh timestamps iff update is effective
    - arp: honour gratuitous ARP _replies_
    - usb: chipidea: properly handle host or gadget initialization failure
    - USB: ene_usb6250: fix first command execution
    - net: x25: fix one potential use-after-free issue
    - USB: ene_usb6250: fix SCSI residue overwriting
    - serial: 8250: omap: Disable DMA for console UART
    - serial: sh-sci: Fix race condition causing garbage during shutdown
    - sh_eth: Use platform device for printing before register_netdev()
    - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
    - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
    - ath5k: fix memory leak on buf on failed eeprom read
    - selftests/powerpc: Fix TM resched DSCR test with some compilers
    - xfrm: fix state migration copy replay sequence numbers
    - iio: hi8435: avoid garbage event at first enable
    - iio: hi8435: cleanup reset gpio
    - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
    - md-cluster: fix potential lock issue in add_new_disk
    - ARM: davinci: da8xx: Create DSP device only when assigned memory
    - ray_cs: Avoid reading past end of buffer
    - leds: pca955x: Correct I2C Functionality
    - sched/numa: Use down_read_trylock() for the mmap_sem
    - net/mlx5: Tolerate irq_set_affinity_hint() failures
    - selinux: do not check open permission on sockets
    - block: fix an error code in add_partition()
    - mlx5: fix bug reading rss_hash_type from CQE
    - net: ieee802154: fix net_device reference release too early
    - libceph: NULL deref on crush_decode() error path
    - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
    - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
    - ASoC: rsnd: SSI PIO adjust to 24bit mode
    - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
    - fix race in drivers/char/random.c:get_reg()
    - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
    - tcp: better validation of received ack sequences
    - net: move somaxconn init from sysctl code
    - Input: elan_i2c - clear INT before resetting controller
    - bonding: Don't update slave->link until ready to commit
    - KVM: nVMX: Fix handling of lmsw instruction
    - net: llc: add lock_sock in llc_ui_bind to avoid a race condition
    - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
    - thermal: power_allocator: fix one race condition issue for thermal_instances
      list
    - perf probe: Add warning message if there is unexpected event name
    - l2tp: fix missing print session offset info
    - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
    - hwmon: (ina2xx) Make calibration register value fixed
    - media: videobuf2-core: don't go out of the buffer range
    - ASoC: Intel: cht_bsw_rt5645: Analog Mic support
    - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
    - vfb: fix video mode and line_length being set when loaded
    - gpio: label descriptors using the device name
    - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
    - wl1251: check return from call to wl1251_acx_arp_ip_filter
    - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
    - ovl: filter trusted xattr for non-admin
    - powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE]
    - dmaengine: imx-sdma: Handle return value of clk_prepare_enable
    - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage
    - net/mlx5: avoid build warning for uniprocessor
    - cxgb4: FW upgrade fixes
    - rtc: opal: Handle disabled TPO in opal_get_tpo_time()
    - rtc: interface: Validate alarm-time before handling rollover
    - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket()
    - net: freescale: fix potential null pointer dereference
    - KVM: SVM: do not zero out segment attributes if segment is unusable or not
      present
    - clk: scpi: fix return type of __scpi_dvfs_round_rate
    - clk: Fix __set_clk_rates error print-string
    - powerpc/spufs: Fix coredump of SPU contexts
    - perf trace: Add mmap alias for s390
    - qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and
      qlcnic_82xx_hw_read_wx_2M
    - mISDN: Fix a sleep-in-atomic bug
    - drm/omap: fix tiled buffer stride calculations
    - cxgb4: fix incorrect cim_la output for T6
    - Fix serial console on SNI RM400 machines
    - bio-integrity: Do not allocate integrity context for bio w/o data
    - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
    - sit: reload iphdr in ipip6_rcv
    - net/mlx4: Fix the check in attaching steering rules
    - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP
      qos_vport
    - perf header: Set proper module name when build-id event found
    - perf report: Ensure the perf DSO mapping matches what libdw sees
    - tags: honor COMPILED_SOURCE with apart output directory
    - e1000e: fix race condition around skb_tstamp_tx()
    - cx25840: fix unchecked return values
    - mceusb: sporadic RX truncation corruption fix
    - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support
    - ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull
    - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
    - perf/core: Correct event creation with PERF_FORMAT_GROUP
    - MIPS: mm: fixed mappings: correct initialisation
    - MIPS: mm: adjust PKMAP location
    - MIPS: kprobes: flush_insn_slot should flush only if probe initialised
    - Fix loop device flush before configure v3
    - net: emac: fix reset timeout with AR8035 phy
    - skbuff: only inherit relevant tx_flags
    - xen: avoid type warning in xchg_xen_ulong
    - bnx2x: Allow vfs to disable txvlan offload
    - sctp: fix recursive locking warning in sctp_do_peeloff
    - sparc64: ldc abort during vds iso boot
    - iio: magnetometer: st_magn_spi: fix spi_device_id table
    - Bluetooth: Send HCI Set Event Mask Page 2 command only when needed
    - cpuidle: dt: Add missing 'of_node_put()'
    - ACPICA: Events: Add runtime stub support for event APIs
    - ACPICA: Disassembler: Abort on an invalid/unknown AML opcode
    - s390/dasd: fix hanging safe offline
    - vxlan: dont migrate permanent fdb entries during learn
    - bcache: stop writeback thread after detaching
    - bcache: segregate flash only volume write streams
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()
    - scsi: libsas: fix error when getting phy events
    - scsi: libsas: initialize sas_phy status according to response of DISCOVER
    - blk-mq: fix kernel oops in blk_mq_tag_idle()
    - tty: n_gsm: Allow ADM response in addition to UA for control dlci
    - EDAC, mv64x60: Fix an error handling path
    - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
    - perf tools: Fix copyfile_offset update of output offset
    - ipsec: check return value of skb_to_sgvec always
    - rxrpc: check return value of skb_to_sgvec always
    - virtio_net: check return value of skb_to_sgvec always
    - virtio_net: check return value of skb_to_sgvec in one more location
    - random: use lockless method of accessing and updating f->reg_idx
    - futex: Remove requirement for lock_page() in get_futex_key()
    - Kbuild: provide a __UNIQUE_ID for clang
    - arp: fix arp_filter on l3slave devices
    - net: fix possible out-of-bound read in skb_network_protocol()
    - net/ipv6: Fix route leaking between VRFs
    - netlink: make sure nladdr has correct size in netlink_connect()
    - net/sched: fix NULL dereference in the error path of tcf_bpf_init()
    - pptp: remove a buggy dst release in pptp_connect()
    - sctp: do not leak kernel memory to user space
    - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
    - vhost: correctly remove wait queue during poll failure
    - vlan: also check phy_driver ts_info for vlan's real device
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
    - bonding: process the err returned by dev_set_allmulti properly in
      bond_enslave
    - net: fool proof dev_valid_name()
    - ip_tunnel: better validate user provided tunnel names
    - ipv6: sit: better validate user provided tunnel names
    - ip6_gre: better validate user provided tunnel names
    - ip6_tunnel: better validate user provided tunnel names
    - vti6: better validate user provided tunnel names
    - r8169: fix setting driver_data after register_netdev
    - net sched actions: fix dumping which requires several messages to user space
    - net/ipv6: Increment OUTxxx counters after netfilter hook
    - ipv6: the entire IPv6 header chain must fit the first fragment
    - vrf: Fix use after free and double free in vrf_finish_output
    - Revert "xhci: plat: Register shutdown for xhci_plat"
    - Linux 4.4.128
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507) // Xenial update to 4.4.128 stable
    release (LP: #1765010)
    - sky2: Increase D3 delay to sky2 stops working after suspend
  * Xenial update to 4.4.127 stable release (LP: #1765007)
    - mtd: jedec_probe: Fix crash in jedec_read_mfr()
    - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
    - ALSA: pcm: potential uninitialized return values
    - partitions/msdos: Unable to mount UFS 44bsd partitions
    - usb: gadget: define free_ep_req as universal function
    - usb: gadget: change len to size_t on alloc_ep_req()
    - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align
    - usb: gadget: align buffer size when allocating for OUT endpoint
    - usb: gadget: f_hid: fix: Prevent accessing released memory
    - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
    - ACPI, PCI, irq: remove redundant check for null string pointer
    - writeback: fix the wrong congested state variable definition
    - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant
    - dm ioctl: remove double parentheses
    - Input: mousedev - fix implicit conversion warning
    - netfilter: nf_nat_h323: fix logical-not-parentheses warning
    - genirq: Use cpumask_available() for check of cpumask variable
    - cpumask: Add helper cpumask_available()
    - selinux: Remove unnecessary check of array base in selinux_set_mapping()
    - fs: compat: Remove warning from COMPATIBLE_IOCTL
    - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp
    - frv: declare jiffies to be located in the .data section
    - audit: add tty field to LOGIN event
    - tty: provide tty_name() even without CONFIG_TTY
    - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch
    - selinux: Remove redundant check for unknown labeling behavior
    - arm64: avoid overflow in VA_START and PAGE_OFFSET
    - xfrm_user: uncoditionally validate esn replay attribute struct
    - RDMA/ucma: Check AF family prior resolving address
    - RDMA/ucma: Fix use-after-free access in ucma_close
    - RDMA/ucma: Ensure that CM_ID exists prior to access it
    - RDMA/ucma: Check that device is connected prior to access it
    - RDMA/ucma: Check that device exists prior to accessing it
    - RDMA/ucma: Don't allow join attempts for unsupported AF family
    - RDMA/ucma: Introduce safer rdma_addr_size() variants
    - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
    - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
    - netfilter: bridge: ebt_among: add more missing match size checks
    - netfilter: x_tables: add and use xt_check_proc_name
    - Bluetooth: Fix missing encryption refresh on Security Request
    - llist: clang: introduce member_address_is_nonnull()
    - scsi: virtio_scsi: always read VPD pages for multiqueue too
    - usb: dwc2: Improve gadget state disconnection handling
    - USB: serial: ftdi_sio: add RT Systems VX-8 cable
    - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
    - USB: serial: cp210x: add ELDAT Easywave RX09 id
    - mei: remove dev_err message on an unsupported ioctl
    - media: usbtv: prevent double free in error case
    - parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
    - crypto: ahash - Fix early termination in hash walk
    - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
    - fs/proc: Stop trying to report thread stacks
    - staging: comedi: ni_mio_common: ack ai fifo error interrupts.
    - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
    - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
    - vt: change SGR 21 to follow the standards
    - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property
      definition
    - ARM: dts: dra7: Add power hold and power controller properties to palmas
    - ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property
    - md/raid10: reset the 'first' at the end of loop
    - net: hns: Fix ethtool private flags
    - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()"
    - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
    - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
    - Revert "cpufreq: Fix governor module removal race"
    - Revert "mtip32xx: use runtime tag to initialize command header"
    - spi: davinci: fix up dma_mapping_error() incorrect patch
    - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized
      ndata"
    - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
    - Linux 4.4.127
  * Xenial update to 4.4.126 stable release (LP: #1764999)
    - scsi: sg: don't return bogus Sg_requests
    - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for
      shared IRQs"
    - net: Fix hlist corruptions in inet_evict_bucket()
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
    - l2tp: do not accept arbitrary sockets
    - net: ethernet: arc: Fix a potential memory leak if an optional regulator is
      deferred
    - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY
      interface
    - net/iucv: Free memory obtained by kzalloc
    - netlink: avoid a double skb free in genlmsg_mcast()
    - net: Only honor ifindex in IP_PKTINFO if non-0
    - skbuff: Fix not waking applications when errors are enqueued
    - team: Fix double free in error path
    - s390/qeth: free netdevice when removing a card
    - s390/qeth: when thread completes, wake up all waiters
    - s390/qeth: lock read device while queueing next buffer
    - s390/qeth: on channel error, reject further cmd requests
    - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
    - net: fec: Fix unbalanced PM runtime calls
    - net: systemport: Rewrite __bcm_sysport_tx_reclaim()
    - Linux 4.4.126
  * Xenial update to 4.4.125 stable release (LP: #1764973)
    - MIPS: ralink: Remove ralink_halt()
    - iio: st_pressure: st_accel: pass correct platform data to init
    - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
    - ALSA: aloop: Sync stale timer before release
    - ALSA: aloop: Fix access to not-yet-ready substream via cable
    - ALSA: hda/realtek - Always immediately update mute LED with pin VREF
    - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
    - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
    - ahci: Add PCI-id for the Highpoint Rocketraid 644L card
    - clk: bcm2835: Protect sections updating shared registers
    - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
    - libata: fix length validation of ATAPI-relayed SCSI commands
    - libata: remove WARN() for DMA or PIO command without data
    - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
    - libata: Enable queued TRIM for Samsung SSD 860
    - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
    - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
    - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
    - mm/vmalloc: add interfaces to free unmapped page table
    - x86/mm: implement free pmd/pte page interfaces
    - drm/vmwgfx: Fix a destoy-while-held mutex problem.
    - drm/radeon: Don't turn off DP sink when disconnected
    - drm: udl: Properly check framebuffer mmap offsets
    - acpi, numa: fix pxm to online numa node associations
    - brcmfmac: fix P2P_DEVICE ethernet address generation
    - rtlwifi: rtl8723be: Fix loss of signal
    - tracing: probeevent: Fix to support minus offset from symbol
    - mtd: nand: fsl_ifc: Fix nand waitfunc return value
    - staging: ncpfs: memory corruption in ncp_read_kernel()
    - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
    - can: cc770: Fix queue stall & dropped RTR reply
    - can: cc770: Fix use after free in cc770_tx_interrupt()
    - tty: vt: fix up tabstops properly
    - x86/build/64: Force the linker to use 2MB page size
    - x86/boot/64: Verify alignment of the LOAD segment
    - perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
    - staging: lustre: ptlrpc: kfree used instead of kvfree
    - kbuild: disable clang's default use of -fmerge-all-constants
    - bpf: skip unnecessary capability check
    - bpf, x64: increase number of passes
    - Linux 4.4.125
  * System fails to start (boot) on battery due to read-only root file-system
    (LP: #1726930) // Xenial update to 4.4.125 stable release (LP: #1764973)
    - libata: disable LPM for Crucial BX100 SSD 500GB drive
  * Xenial update to 4.4.124 stable release (LP: #1764762)
    - tpm: fix potential buffer overruns caused by bit glitches on the bus
    - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
    - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
    - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
    - regulator: anatop: set default voltage selector for pcie
    - x86: i8259: export legacy_pic symbol
    - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
    - Input: ar1021_i2c - fix too long name in driver's device table
    - time: Change posix clocks ops interfaces to use timespec64
    - ACPI/processor: Fix error handling in __acpi_processor_start()
    - ACPI/processor: Replace racy task affinity logic
    - cpufreq/sh: Replace racy task affinity logic
    - genirq: Use irqd_get_trigger_type to compare the trigger type for shared
      IRQs
    - i2c: i2c-scmi: add a MS HID
    - net: ipv6: send unsolicited NA on admin up
    - media/dvb-core: Race condition when writing to CAM
    - spi: dw: Disable clock after unregistering the host
    - ath: Fix updating radar flags for coutry code India
    - clk: ns2: Correct SDIO bits
    - scsi: virtio_scsi: Always try to read VPD pages
    - KVM: PPC: Book3S PR: Exit KVM on failed mapping
    - ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
    - iommu/omap: Register driver before setting IOMMU ops
    - md/raid10: wait up frozen array in handle_write_completed
    - NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
    - tcp: remove poll() flakes with FastOpen
    - e1000e: fix timing for 82579 Gigabit Ethernet controller
    - ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
    - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
    - IB/ipoib: Update broadcast object if PKey value was changed in index 0
    - HSI: ssi_protocol: double free in ssip_pn_xmit()
    - IB/mlx4: Take write semaphore when changing the vma struct
    - IB/mlx4: Change vma from shared to private
    - ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
    - Fix driver usage of 128B WQEs when WQ_CREATE is V1.
    - netfilter: xt_CT: fix refcnt leak on error path
    - openvswitch: Delete conntrack entry clashing with an expectation.
    - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
    - wan: pc300too: abort path on failure
    - qlcnic: fix unchecked return value
    - scsi: mac_esp: Replace bogus memory barrier with spinlock
    - infiniband/uverbs: Fix integer overflows
    - NFS: don't try to cross a mountpount when there isn't one there.
    - Revert "UBUNTU: SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor
      platform data properly"
    - iio: st_pressure: st_accel: Initialise sensor platform data properly
    - mt7601u: check return value of alloc_skb
    - rndis_wlan: add return value validation
    - Btrfs: send, fix file hole not being preserved due to inline extent
    - mac80211: don't parse encrypted management frames in ieee80211_frame_acked
    - mfd: palmas: Reset the POWERHOLD mux during power off
    - mtip32xx: use runtime tag to initialize command header
    - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK
      set to y
    - staging: wilc1000: fix unchecked return value
    - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
    - ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
    - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
    - ACPI / PMIC: xpower: Fix power_table addresses
    - drm/nouveau/kms: Increase max retries in scanout position queries.
    - bnx2x: Align RX buffers
    - power: supply: pda_power: move from timer to delayed_work
    - Input: twl4030-pwrbutton - use correct device for irq request
    - md/raid10: skip spare disk as 'first' disk
    - ia64: fix module loading for gcc-5.4
    - tcm_fileio: Prevent information leak for short reads
    - video: fbdev: udlfb: Fix buffer on stack
    - sm501fb: don't return zero on failure path in sm501fb_start()
    - net: hns: fix ethtool_get_strings overflow in hns driver
    - cifs: small underflow in cnvrtDosUnixTm()
    - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
    - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
    - perf tests kmod-path: Don't fail if compressed modules aren't supported
    - Bluetooth: hci_qca: Avoid setup failure on missing rampatch
    - media: c8sectpfe: fix potential NULL pointer dereference in
      c8sectpfe_timer_interrupt
    - drm/msm: fix leak in failed get_pages
    - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
    - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
    - media: bt8xx: Fix err 'bt878_probe()'
    - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
    - cros_ec: fix nul-termination for firmware build info
    - platform/chrome: Use proper protocol transfer function
    - mmc: avoid removing non-removable hosts during suspend
    - IB/ipoib: Avoid memory leak if the SA returns a different DGID
    - RDMA/cma: Use correct size when writing netlink stats
    - IB/umem: Fix use of npages/nmap fields
    - vgacon: Set VGA struct resource types
    - drm/omap: DMM: Check for DMM readiness after successful transaction commit
    - pty: cancel pty slave port buf's work in tty_release
    - coresight: Fix disabling of CoreSight TPIU
    - pinctrl: Really force states during suspend/resume
    - iommu/vt-d: clean up pr_irq if request_threaded_irq fails
    - ip6_vti: adjust vti mtu according to mtu of lower device
    - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
    - nfsd4: permit layoutget of executable-only files
    - clk: si5351: Rename internal plls to avoid name collisions
    - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
    - RDMA/ucma: Fix access to non-initialized CM_ID object
    - Linux 4.4.124
  * Xenial update to 4.4.123 stable release (LP: #1764666)
    - blkcg: fix double free of new_blkg in blkcg_init_queue
    - Input: tsc2007 - check for presence and power down tsc2007 during probe
    - staging: speakup: Replace BUG_ON() with WARN_ON().
    - staging: wilc1000: add check for kmalloc allocation failure.
    - HID: reject input outside logical range only if null state is set
    - drm: qxl: Don't alloc fbdev if emulation is not supported
    - ath10k: fix a warning during channel switch with multiple vaps
    - PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()
    - selinux: check for address length in selinux_socket_bind()
    - perf sort: Fix segfault with basic block 'cycles' sort dimension
    - i40e: Acquire NVM lock before reads on all devices
    - i40e: fix ethtool to get EEPROM data from X722 interface
    - perf tools: Make perf_event__synthesize_mmap_events() scale
    - drivers: net: xgene: Fix hardware checksum setting
    - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-
      off)
    - ath10k: disallow DFS simulation if DFS channel is not enabled
    - perf probe: Return errno when not hitting any event
    - HID: clamp input to logical range if no null state
    - net/8021q: create device with all possible features in wanted_features
    - ARM: dts: Adjust moxart IRQ controller and flags
    - batman-adv: handle race condition for claims between gateways
    - of: fix of_device_get_modalias returned length when truncating buffers
    - solo6x10: release vb2 buffers in solo_stop_streaming()
    - scsi: ipr: Fix missed EH wakeup
    - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
    - timers, sched_clock: Update timeout for clock wrap
    - sysrq: Reset the watchdog timers while displaying high-resolution timers
    - Input: qt1070 - add OF device ID table
    - sched: act_csum: don't mangle TCP and UDP GSO packets
    - ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT
    - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
    - tcp: sysctl: Fix a race to avoid unexpected 0 window from space
    - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
    - driver: (adm1275) set the m,b and R coefficients correctly for power
    - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
    - blk-throttle: make sure expire time isn't too big
    - f2fs: relax node version check for victim data in gc
    - bonding: refine bond_fold_stats() wrap detection
    - braille-console: Fix value returned by _braille_console_setup
    - drm/vmwgfx: Fixes to vmwgfx_fb
    - vxlan: vxlan dev should inherit lowerdev's gso_max_size
    - NFC: nfcmrvl: Include unaligned.h instead of access_ok.h
    - NFC: nfcmrvl: double free on error path
    - ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks
    - ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks
    - powerpc: Avoid taking a data miss on every userspace instruction miss
    - net/faraday: Add missing include of of.h
    - ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
    - reiserfs: Make cancel_old_flush() reliable
    - ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
    - fm10k: correctly check if interface is removed
    - apparmor: Make path_max parameter readonly
    - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
    - video: ARM CLCD: fix dma allocation size
    - drm/radeon: Fail fb creation from imported dma-bufs.
    - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2)
    - coresight: Fixes coresight DT parse to get correct output port ID.
    - MIPS: BPF: Quit clobbering callee saved registers in JIT code.
    - MIPS: BPF: Fix multiple problems in JIT skb access helpers.
    - MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
    - MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
    - regulator: isl9305: fix array size
    - md/raid6: Fix anomily when recovering a single device in RAID6.
    - usb: dwc2: Make sure we disconnect the gadget state
    - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in
      dummy_hub_control()
    - drivers/perf: arm_pmu: handle no platform_device
    - perf inject: Copy events when reordering events in pipe mode
    - perf session: Don't rely on evlist in pipe mode
    - scsi: sg: check for valid direction before starting the request
    - scsi: sg: close race condition in sg_remove_sfp_usercontext()
    - kprobes/x86: Fix kprobe-booster not to boost far call instructions
    - kprobes/x86: Set kprobes pages read-only
    - pwm: tegra: Increase precision in PWM rate calculation
    - wil6210: fix memory access violation in wil_memcpy_from/toio_32
    - drm/edid: set ELD connector type in drm_edid_to_eld()
    - video/hdmi: Allow "empty" HDMI infoframes
    - HID: elo: clear BTN_LEFT mapping
    - ARM: dts: exynos: Correct Trats2 panel reset line
    - sched: Stop switched_to_rt() from sending IPIs to offline CPUs
    - sched: Stop resched_cpu() from sending IPIs to offline CPUs
    - test_firmware: fix setting old custom fw path back on exit
    - net: xfrm: allow clearing socket xfrm policies.
    - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
    - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
    - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
    - ath10k: update tdls teardown state to target
    - cpufreq: Fix governor module removal race
    - clk: qcom: msm8916: fix mnd_width for codec_digcodec
    - ath10k: fix invalid STS_CAP_OFFSET_MASK
    - tools/usbip: fixes build with musl libc toolchain
    - spi: sun6i: disable/unprepare clocks on remove
    - scsi: core: scsi_get_device_flags_keyed(): Always return device flags
    - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
    - scsi: dh: add new rdac devices
    - media: cpia2: Fix a couple off by one bugs
    - veth: set peer GSO values
    - drm/amdkfd: Fix memory leaks in kfd topology
    - agp/intel: Flush all chipset writes after updating the GGTT
    - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
    - mac80211: remove BUG() when interface type is invalid
    - ASoC: nuc900: Fix a loop timeout test
    - ipvlan: add L2 check for packets arriving via virtual devices
    - rcutorture/configinit: Fix build directory error message
    - ima: relax requiring a file signature for new files with zero length
    - selftests/x86/entry_from_vm86: Exit with 1 if we fail
    - selftests/x86: Add tests for User-Mode Instruction Prevention
    - selftests/x86: Add tests for the STR and SLDT instructions
    - selftests/x86/entry_from_vm86: Add test cases for POPF
    - x86/vm86/32: Fix POPF emulation
    - x86/mm: Fix vmalloc_fault to use pXd_large
    - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
    - ALSA: hda - Revert power_save option default value
    - ALSA: seq: Fix possible UAF in snd_seq_check_queue()
    - ALSA: seq: Clear client entry before deleting else at closing
    - drm/amdgpu/dce: Don't turn off DP sink when disconnected
    - fs: Teach path_connected to handle nfs filesystems with multiple roots.
    - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
    - fs/aio: Add explicit RCU grace period when freeing kioctx
    - fs/aio: Use RCU accessors for kioctx_table->table[]
    - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
    - scsi: sg: fix SG_DXFER_FROM_DEV transfers
    - scsi: sg: fix static checker warning in sg_is_valid_dxfer
    - scsi: sg: only check for dxfer_len greater than 256M
    - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
    - btrfs: alloc_chunk: fix DUP stripe size handling
    - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale
      device
    - USB: gadget: udc: Add missing platform_device_put() on error in
      bdc_pci_probe()
    - usb: gadget: bdc: 64-bit pointer capability check
    - Linux 4.4.123
  * Xenial update to 4.4.123 stable release (LP: #1764666) // CVE-2017-16995
    - Revert "bpf: fix incorrect sign extension in check_alu_op()"
    - bpf: fix incorrect sign extension in check_alu_op()
  * Xenial update to 4.4.122 stable release (LP: #1764627)
    - RDMA/ucma: Limit possible option size
    - RDMA/ucma: Check that user doesn't overflow QP state
    - RDMA/mlx5: Fix integer overflow while resizing CQ
    - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
    - workqueue: Allow retrieval of current task's work struct
    - drm: Allow determining if current task is output poll worker
    - drm/nouveau: Fix deadlock on runtime suspend
    - drm/radeon: Fix deadlock on runtime suspend
    - drm/amdgpu: Fix deadlock on runtime suspend
    - drm/amdgpu: Notify sbios device ready before send request
    - drm/radeon: fix KV harvesting
    - drm/amdgpu: fix KV harvesting
    - MIPS: BMIPS: Do not mask IPIs during suspend
    - MIPS: ath25: Check for kzalloc allocation failure
    - MIPS: OCTEON: irq: Check for null return on kzalloc allocation
    - Input: matrix_keypad - fix race when disabling interrupts
    - loop: Fix lost writes caused by missing flag
    - kbuild: Handle builtin dtb file names containing hyphens
    - bcache: don't attach backing with duplicate UUID
    - x86/MCE: Serialize sysfs changes
    - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
    - ALSA: seq: More protection for concurrent write and ioctl races
    - ALSA: hda: add dock and led support for HP EliteBook 820 G3
    - ALSA: hda: add dock and led support for HP ProBook 640 G2
    - watchdog: hpwdt: SMBIOS check
    - watchdog: hpwdt: Check source of NMI
    - watchdog: hpwdt: fix unused variable warning
    - netfilter: nfnetlink_queue: fix timestamp attribute
    - Input: tca8418_keypad - remove double read of key event register
    - tc358743: fix register i2c_rd/wr function fix
    - netfilter: add back stackpointer size checks
    - netfilter: x_tables: fix missing timer initialization in xt_LED
    - netfilter: nat: cope with negative port range
    - netfilter: IDLETIMER: be syzkaller friendly
    - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
    - netfilter: bridge: ebt_among: add missing match size checks
    - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
    - netfilter: use skb_to_full_sk in ip_route_me_harder
    - ext4: inplace xattr block update fails to deduplicate blocks
    - ubi: Fix race condition between ubi volume creation and udev
    - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
    - NFS: Fix an incorrect type in struct nfs_direct_req
    - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
    - x86/module: Detect and skip invalid relocations
    - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
    - serial: sh-sci: prevent lockup on full TTY buffers
    - tty/serial: atmel: add new version check for usart
    - uas: fix comparison for error code
    - staging: comedi: fix comedi_nsamples_left.
    - staging: android: ashmem: Fix lockdep issue during llseek
    - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
    - usb: quirks: add control message delay for 1b1c:1b20
    - USB: usbmon: remove assignment from IS_ERR argument
    - usb: usbmon: Read text within supplied buffer size
    - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
    - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
    - fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
    - Linux 4.4.122
  * Xenial update to 4.4.122 stable release (LP: #1764627) // CVE-2018-1000004.
    - ALSA: seq: Don't allow resizing pool in use
  * Xenial update to 4.4.121 stable release (LP: #1764367)
    - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the
      bus
    - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on
      the bus
    - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the
      bus
    - ALSA: usb-audio: Add a quirck for B&W PX headphones
    - ALSA: hda: Add a power_save blacklist
    - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
    - media: m88ds3103: don't call a non-initalized function
    - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
    - KVM: mmu: Fix overlap between public and private memslots
    - btrfs: Don't clear SGID when inheriting ACLs
    - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
    - x86/apic/vector: Handle legacy irq data correctly
    - leds: do not overflow sysfs buffer in led_trigger_show
    - x86/spectre: Fix an error message
    - bridge: check brport attr show in brport_show
    - fib_semantics: Don't match route with mismatching tclassid
    - hdlc_ppp: carrier detect ok, don't turn off negotiation
    - ipv6 sit: work around bogus gcc-8 -Wrestrict warning
    - net: fix race on decreasing number of TX queues
    - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
    - netlink: ensure to loop over all netns in genlmsg_multicast_allns()
    - ppp: prevent unregistered channels from connecting to PPP units
    - udplite: fix partial checksum initialization
    - sctp: fix dst refcnt leak in sctp_v4_get_dst
    - sctp: fix dst refcnt leak in sctp_v6_get_dst()
    - s390/qeth: fix SETIP command handling
    - s390/qeth: fix IPA command submission race
    - sctp: verify size of a new chunk in _sctp_make_chunk()
    - net: mpls: Pull common label check into helper
    - dm io: fix duplicate bio completion due to missing ref count
    - bpf, x64: implement retpoline for tail call
    - btrfs: preserve i_mode if __btrfs_set_acl() fails
    - Linux 4.4.121
  * Xenial update to 4.4.120 stable release (LP: #1764316)
    - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
    - f2fs: fix a bug caused by NULL extent tree
    - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
    - ipv6: icmp6: Allow icmp messages to be looped back
    - ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
    - sget(): handle failures of register_shrinker()
    - drm/nouveau/pci: do a msi rearm on init
    - spi: atmel: fixed spin_lock usage inside atmel_spi_remove
    - net: arc_emac: fix arc_emac_rx() error paths
    - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
    - ARM: dts: ls1021a: fix incorrect clock references
    - lib/mpi: Fix umul_ppmm() for MIPS64r6
    - tg3: Add workaround to restrict 5762 MRRS to 2048
    - tg3: Enable PHY reset in MTU change path for 5720
    - bnx2x: Improve reliability in case of nested PCI errors
    - s390/dasd: fix wrongly assigned configuration data
    - IB/mlx4: Fix mlx4_ib_alloc_mr error flow
    - IB/ipoib: Fix race condition in neigh creation
    - xfs: quota: fix missed destroy of qi_tree_lock
    - xfs: quota: check result of register_shrinker()
    - e1000: fix disabling already-disabled warning
    - drm/ttm: check the return value of kzalloc
    - mac80211: mesh: drop frames appearing to be from us
    - can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
    - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
    - xen-netfront: enable device after manual module load
    - mdio-sun4i: Fix a memory leak
    - SolutionEngine771x: fix Ether platform data
    - xen/gntdev: Fix off-by-one error when unmapping with holes
    - xen/gntdev: Fix partial gntdev_mmap() cleanup
    - sctp: make use of pre-calculated len
    - net: gianfar_ptp: move set_fipers() to spinlock protecting area
    - MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
    - Linux 4.4.120
  * Xenial update to 4.4.119 stable release (LP: #1762453)
    - netfilter: drop outermost socket lock in getsockopt()
    - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
    - PCI: keystone: Fix interrupt-controller-node lookup
    - ip_tunnel: replace dst_cache with generic implementation
    - ip_tunnel: fix preempt warning in ip tunnel creation/updating
    - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
    - cfg80211: fix cfg80211_beacon_dup
    - iio: buffer: check if a buffer has been set up when poll is called
    - iio: adis_lib: Initialize trigger before requesting interrupt
    - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
    - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
    - usb: ohci: Proper handling of ed_rm_list to handle race condition between
      usb_kill_urb() and finish_unlinks()
    - arm64: Disable unhandled signal log messages by default
    - Add delay-init quirk for Corsair K70 RGB keyboards
    - usb: dwc3: gadget: Set maxpacket size for ep0 IN
    - usb: ldusb: add PIDs for new CASSY devices supported by this driver
    - usb: gadget: f_fs: Process all descriptors during bind
    - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
    - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
    - binder: add missing binder_unlock()
    - Linux 4.4.119
  * [regression] Colour banding and artefacts appear system-wide on an Asus
    Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) // Xenial update
    to 4.4.119 stable release (LP: #1762453)
    - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
  * Xenial update to 4.4.118 stable release (LP: #1756866)
    - net: add dst_cache support
    - [Config] Add CONFIG_DST_CACHE=y
    - net: replace dst_cache ip6_tunnel implementation with the generic one
    - cfg80211: check dev_set_name() return value
    - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
    - xfrm: Fix stack-out-of-bounds read on socket policy lookup.
    - xfrm: check id proto in validate_tmpl()
    - blktrace: fix unlocked registration of tracepoints
    - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
    - Provide a function to create a NUL-terminated string from unterminated data
    - selinux: ensure the context is NUL terminated in
      security_context_to_sid_core()
    - selinux: skip bounded transition processing if the policy isn't loaded
    - crypto: x86/twofish-3way - Fix %rbp usage
    - KVM: x86: fix escape of guest dr6 to the host
    - netfilter: x_tables: fix int overflow in xt_alloc_table_info()
    - netfilter: x_tables: avoid out-of-bounds reads in
      xt_request_find_{match|target}
    - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
    - netfilter: on sockopt() acquire sock lock only in the required scope
    - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
    - net: avoid skb_warn_bad_offload on IS_ERR
    - ASoC: ux500: add MODULE_LICENSE tag
    - video: fbdev/mmp: add MODULE_LICENSE
    - arm64: dts: add #cooling-cells to CPU nodes
    - Make DST_CACHE a silent config option
    - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
    - staging: android: ashmem: Fix a race condition in pin ioctls
    - binder: check for binder_thread allocation failure in binder_poll()
    - staging: iio: adc: ad7192: fix external frequency setting
    - usbip: keep usbip_device sockfd state in sync with tcp_socket
    - usb: build drivers/usb/common/ when USB_SUPPORT is set
    - ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
    - ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
    - ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
    - ARM: dts: am4372: Correct the interrupts_properties of McASP
    - perf top: Fix window dimensions change handling
    - perf bench numa: Fixup discontiguous/sparse numa nodes
    - media: s5k6aa: describe some function parameters
    - pinctrl: sunxi: Fix A80 interrupt pin bank
    - RDMA/cma: Make sure that PSN is not over max allowed
    - scripts/kernel-doc: Don't fail with status != 0 if error encountered with
      -none
    - ipvlan: Add the skb->mark as flow4's member to lookup route
    - powerpc/perf: Fix oops when grouping different pmu events
    - s390/dasd: prevent prefix I/O error
    - gianfar: fix a flooded alignment reports because of padding issue.
    - net_sched: red: Avoid devision by zero
    - net_sched: red: Avoid illegal values
    - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
    - 509: fix printing uninitialized stack memory when OID is empty
    - dmaengine: ioat: Fix error handling path
    - dmaengine: at_hdmac: fix potential NULL pointer dereference in
      atc_prep_dma_interleaved
    - clk: fix a panic error caused by accessing NULL pointer
    - ASoC: rockchip: disable clock on error
    - spi: sun4i: disable clocks in the remove function
    - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
    - drm/armada: fix leak of crtc structure
    - dmaengine: jz4740: disable/unprepare clk if probe fails
    - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
    - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
    - xen: XEN_ACPI_PROCESSOR is Dom0-only
    - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
    - virtio_balloon: prevent uninitialized variable use
    - isdn: icn: remove a #warning
    - vmxnet3: prevent building with 64K pages
    - [Config] ppc64el: Drop vmxnet3 module
    - gpio: intel-mid: Fix build warning when !CONFIG_PM
    - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
    - video: fbdev: via: remove possibly unused variables
    - scsi: advansys: fix build warning for PCI=n
    - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
    - arm64: define BUG() instruction without CONFIG_BUG
    - x86/fpu/math-emu: Fix possible uninitialized variable use
    - tools build: Add tools tree support for 'make -s'
    - x86/build: Silence the build with "make -s"
    - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
    - x86: add MULTIUSER dependency for KVM
    - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
    - scsi: advansys: fix uninitialized data access
    - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
    - ALSA: hda/ca0132 - fix possible NULL pointer use
    - reiserfs: avoid a -Wmaybe-uninitialized warning
    - ssb: mark ssb_bus_register as __maybe_unused
    - thermal: spear: use __maybe_unused for PM functions
    - x86/boot: Avoid warning for zero-filling .bss
    - scsi: sim710: fix build warning
    - drivers/net: fix eisa_driver probe section mismatch
    - dpt_i2o: fix build warning
    - profile: hide unused functions when !CONFIG_PROC_FS
    - md: avoid warning for 32-bit sector_t
    - mtd: ichxrom: maybe-uninitialized with gcc-4.9
    - mtd: maps: add __init attribute
    - mptfusion: hide unused seq_mpt_print_ioc_summary function
    - scsi: fdomain: drop fdomain_pci_tbl when built-in
    - video: fbdev: sis: remove unused variable
    - staging: ste_rmi4: avoid unused function warnings
    - fbdev: sis: enforce selection of at least one backend
    - video: Use bool instead int pointer for get_opt_bool() argument
    - scsi: mvumi: use __maybe_unused to hide pm functions
    - SCSI: initio: remove duplicate module device table
    - pwc: hide unused label
    - usb: musb/ux500: remove duplicate check for dma_is_compatible
    - tty: hvc_xen: hide xen_console_remove when unused
    - target/user: Fix cast from pointer to phys_addr_t
    - driver-core: use 'dev' argument in dev_dbg_ratelimited stub
    - fbdev: auo_k190x: avoid unused function warnings
    - amd-xgbe: Fix unused suspend handlers build warning
    - mtd: sh_flctl: pass FIFO as physical address
    - mtd: cfi: enforce valid geometry configuration
    - fbdev: s6e8ax0: avoid unused function warnings
    - modsign: hide openssl output in silent builds
    - fbdev: sm712fb: avoid unused function warnings
    - hwrng: exynos - use __maybe_unused to hide pm functions
    - USB: cdc_subset: only build when one driver is enabled
    - [Config] Add CONFIG_USB_NET_CDC_SUBSET_ENABLE=m
    - rtlwifi: fix gcc-6 indentation warning
    - staging: wilc1000: fix kbuild test robot error
    - x86/platform/olpc: Fix resume handler build warning
    - netfilter: ipvs: avoid unused variable warnings
    - ipv4: ipconfig: avoid unused ic_proto_used symbol
    - tc1100-wmi: fix build warning when CONFIG_PM not enabled
    - tlan: avoid unused label with PCI=n
    - drm/vmwgfx: use *_32_bits() macros
    - tty: cyclades: cyz_interrupt is only used for PCI
    - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
    - ASoC: mediatek: add i2c dependency
    - iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
    - infiniband: cxgb4: use %pR format string for printing resources
    - b2c2: flexcop: avoid unused function warnings
    - i2c: remove __init from i2c_register_board_info()
    - staging: unisys: visorinput depends on INPUT
    - tc358743: fix register i2c_rd/wr functions
    - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
    - Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
    - KVM: add X86_LOCAL_APIC dependency
    - go7007: add MEDIA_CAMERA_SUPPORT dependency
    - em28xx: only use mt9v011 if camera support is enabled
    - ISDN: eicon: reduce stack size of sig_ind function
    - ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
    - serial: 8250_mid: fix broken DMA dependency
    - drm/gma500: Sanity-check pipe index
    - hdpvr: hide unused variable
    - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
    - cw1200: fix bogus maybe-uninitialized warning
    - wireless: cw1200: use __maybe_unused to hide pm functions_
    - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
    - dmaengine: zx: fix build warning
    - net: hp100: remove unnecessary #ifdefs
    - gpio: xgene: mark PM functions as __maybe_unused
    - ncpfs: fix unused variable warning
    - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
    - power: bq27xxx_battery: mark some symbols __maybe_unused
    - isdn: sc: work around type mismatch warning
    - binfmt_elf: compat: avoid unused function warning
    - idle: i7300: add PCI dependency
    - usb: phy: msm add regulator dependency
    - ncr5380: shut up gcc indentation warning
    - ARM: tegra: select USB_ULPI from EHCI rather than platform
    - ASoC: Intel: Kconfig: fix build when ACPI is not enabled
    - netlink: fix nla_put_{u8,u16,u32} for KASAN
    - dell-wmi, dell-laptop: depends DMI
    - genksyms: Fix segfault with invalid declarations
    - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix
      preemptibility bug
    - drm/gma500: remove helper function
    - kasan: rework Kconfig settings
    - KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"
      exceptions simultaneously
    - x86/retpoline: Remove the esp/rsp thunk
    - module/retpoline: Warn about missing retpoline in module
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/cpu/bugs: Make retpoline module warning conditional
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
    - x86/paravirt: Remove 'noreplace-paravirt' cmdline option
    - x86/retpoline: Avoid retpolines for built-in __init functions
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
    - KVM: nVMX: kmap() can't fail
    - KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
    - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
    - KVM: VMX: clean up declaration of VPID/EPT invalidation types
    - KVM: nVMX: invvpid handling improvements
    - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
    - net: dst_cache_per_cpu_dst_set() can be static
    - ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
    - Linux 4.4.118
  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

 -- Stefan Bader <email address hidden>  Wed, 09 May 2018 16:28:10 +0200
Deleted in cosmic-proposed on 2018-05-29 (Reason: NBS)
Deleted in bionic-proposed on 2018-05-29 (Reason: NBS)
linux-kvm (4.15.0-1009.9) bionic; urgency=medium

  * linux-kvm: 4.15.0-1009.9 -proposed tracker (LP: #1767409)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools

  * Unable to start docker application with B-KVM kernel (LP: #1763630)
    - kvm: [config] enable NF_NAT, NF_CONNTRACK
    - kvm: [config] enable IP_NF_TABLES

  * test_078_SLAB_freelist_randomization failed on 4.15 KVM kernel
    (LP: #1764975)
    - kvm: [config] enable CONFIG_SLAB_FREELIST_{HARDENED,RANDOM}

  * linux-kvm 4.15 needs CONFIG_VMAP_STACK set (LP: #1764985)
    - kvm: [config] enable CONFIG_VMAP_STACK

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

  [ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
    16.04 to 18.04  (LP: #1766727)
    - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
    (LP: #1766629)
    - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

 -- Kamal Mostafa <email address hidden>  Tue, 08 May 2018 16:47:33 -0300
Superseded in xenial-security on 2018-05-22
Superseded in xenial-updates on 2018-05-22
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1023.28) xenial; urgency=medium

  [ Ubuntu: 4.4.0-124.148 ]

  * CVE-2018-8897
    - x86/entry/64: Don't use IST entry for #BP stack
  * CVE-2018-1087
    - kvm/x86: fix icebp instruction handling
  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

  [ Ubuntu: 4.4.0-122.146 ]

  * linux: 4.4.0-122.146 -proposed tracker (LP: #1766264)
  * Redpine: WiFi scan stopping issue observed with BLE (LP: #1757435)
    - SAUCE: Redpine: resolve wifi scan stop issue in stress tests

  [ Ubuntu: 4.4.0-121.145 ]

  * linux: 4.4.0-121.145 -proposed tracker (LP: #1763687)
  * Ubuntu-4.4.0-120.144 fails to boot on arm64* hardware (LP: #1763644)
    - [Config] arm64: disable BPF_JIT_ALWAYS_ON

 -- Stefan Bader <email address hidden>  Thu, 03 May 2018 16:01:08 +0200
Deleted in xenial-proposed on 2018-05-11 (Reason: NBS)
linux-kvm (4.4.0-1022.27) xenial; urgency=medium

  * linux-kvm: 4.4.0-1022.27 -proposed tracker (LP: #1766610)

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

  * test_072_config_debug_set_module_ronx  in kernel security test failed with
    4.4 X-kvm (LP: #1760646)
    - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX

  * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

  * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

  * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
    kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760649)
    - kvm: [config] enable DEVMEM

  * test_076_config_security_acl_ext4  in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

  * test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

  [ Ubuntu: 4.4.0-123.147 ]

  * linux: 4.4.0-123.147 -proposed tracker (LP: #1766604)
  * Unable to insert test_bpf module on Xenial (LP: #1765698)
    - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
    - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
  * virtio_scsi race can corrupt memory, panic kernel (LP: #1765241)
    - SAUCE: (no-up) virtio-scsi: Fix race in target free
  * bpf_map_lookup_elem: BUG: unable to handle kernel paging request
    (LP: #1763454) // CVE-2017-17862
    - SAUCE: Add missing hunks from "bpf: fix branch pruning logic"
  * Xenial: rfkill: fix missing return on rfkill_init  (LP: #1764810)
    - rfkill: fix missing return on rfkill_init
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * Xenial update to 4.4.128 stable release (LP: #1765010)
    - cfg80211: make RATE_INFO_BW_20 the default
    - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
    - rtc: snvs: fix an incorrect check of return value
    - x86/asm: Don't use RBP as a temporary register in
      csum_partial_copy_generic()
    - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
    - IB/srpt: Fix abort handling
    - af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
    - mac80211: bail out from prep_connection() if a reconfig is ongoing
    - bna: Avoid reading past end of buffer
    - qlge: Avoid reading past end of buffer
    - ipmi_ssif: unlock on allocation failure
    - net: cdc_ncm: Fix TX zero padding
    - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
    - lockd: fix lockd shutdown race
    - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
    - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in
      alloc_pid()
    - s390: move _text symbol to address higher than zero
    - net/mlx4_en: Avoid adding steering rules with invalid ring
    - NFSv4.1: Work around a Linux server bug...
    - CIFS: silence lockdep splat in cifs_relock_file()
    - net: qca_spi: Fix alignment issues in rx path
    - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
    - Input: elan_i2c - check if device is there before really probing
    - Input: elantech - force relative mode on a certain module
    - KVM: PPC: Book3S PR: Check copy_to/from_user return values
    - vmxnet3: ensure that adapter is in proper state during force_close
    - SMB2: Fix share type handling
    - bus: brcmstb_gisb: Use register offsets with writes too
    - bus: brcmstb_gisb: correct support for 64-bit address output
    - PowerCap: Fix an error code in powercap_register_zone()
    - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
    - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before
      calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
    - x86/tsc: Provide 'tsc=unstable' boot parameter
    - ARM: dts: imx6qdl-wandboard: Fix audio channel swap
    - ipv6: avoid dad-failures for addresses with NODAD
    - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
    - usb: dwc3: keystone: check return value
    - btrfs: fix incorrect error return ret being passed to mapping_set_error
    - ata: libahci: properly propagate return value of platform_get_irq()
    - neighbour: update neigh timestamps iff update is effective
    - arp: honour gratuitous ARP _replies_
    - usb: chipidea: properly handle host or gadget initialization failure
    - USB: ene_usb6250: fix first command execution
    - net: x25: fix one potential use-after-free issue
    - USB: ene_usb6250: fix SCSI residue overwriting
    - serial: 8250: omap: Disable DMA for console UART
    - serial: sh-sci: Fix race condition causing garbage during shutdown
    - sh_eth: Use platform device for printing before register_netdev()
    - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
    - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
    - ath5k: fix memory leak on buf on failed eeprom read
    - selftests/powerpc: Fix TM resched DSCR test with some compilers
    - xfrm: fix state migration copy replay sequence numbers
    - iio: hi8435: avoid garbage event at first enable
    - iio: hi8435: cleanup reset gpio
    - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
    - md-cluster: fix potential lock issue in add_new_disk
    - ARM: davinci: da8xx: Create DSP device only when assigned memory
    - ray_cs: Avoid reading past end of buffer
    - leds: pca955x: Correct I2C Functionality
    - sched/numa: Use down_read_trylock() for the mmap_sem
    - net/mlx5: Tolerate irq_set_affinity_hint() failures
    - selinux: do not check open permission on sockets
    - block: fix an error code in add_partition()
    - mlx5: fix bug reading rss_hash_type from CQE
    - net: ieee802154: fix net_device reference release too early
    - libceph: NULL deref on crush_decode() error path
    - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
    - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
    - ASoC: rsnd: SSI PIO adjust to 24bit mode
    - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
    - fix race in drivers/char/random.c:get_reg()
    - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
    - tcp: better validation of received ack sequences
    - net: move somaxconn init from sysctl code
    - Input: elan_i2c - clear INT before resetting controller
    - bonding: Don't update slave->link until ready to commit
    - KVM: nVMX: Fix handling of lmsw instruction
    - net: llc: add lock_sock in llc_ui_bind to avoid a race condition
    - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
    - thermal: power_allocator: fix one race condition issue for thermal_instances
      list
    - perf probe: Add warning message if there is unexpected event name
    - l2tp: fix missing print session offset info
    - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
    - hwmon: (ina2xx) Make calibration register value fixed
    - media: videobuf2-core: don't go out of the buffer range
    - ASoC: Intel: cht_bsw_rt5645: Analog Mic support
    - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
    - vfb: fix video mode and line_length being set when loaded
    - gpio: label descriptors using the device name
    - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
    - wl1251: check return from call to wl1251_acx_arp_ip_filter
    - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
    - ovl: filter trusted xattr for non-admin
    - powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE]
    - dmaengine: imx-sdma: Handle return value of clk_prepare_enable
    - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage
    - net/mlx5: avoid build warning for uniprocessor
    - cxgb4: FW upgrade fixes
    - rtc: opal: Handle disabled TPO in opal_get_tpo_time()
    - rtc: interface: Validate alarm-time before handling rollover
    - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket()
    - net: freescale: fix potential null pointer dereference
    - KVM: SVM: do not zero out segment attributes if segment is unusable or not
      present
    - clk: scpi: fix return type of __scpi_dvfs_round_rate
    - clk: Fix __set_clk_rates error print-string
    - powerpc/spufs: Fix coredump of SPU contexts
    - perf trace: Add mmap alias for s390
    - qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and
      qlcnic_82xx_hw_read_wx_2M
    - mISDN: Fix a sleep-in-atomic bug
    - drm/omap: fix tiled buffer stride calculations
    - cxgb4: fix incorrect cim_la output for T6
    - Fix serial console on SNI RM400 machines
    - bio-integrity: Do not allocate integrity context for bio w/o data
    - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
    - sit: reload iphdr in ipip6_rcv
    - net/mlx4: Fix the check in attaching steering rules
    - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP
      qos_vport
    - perf header: Set proper module name when build-id event found
    - perf report: Ensure the perf DSO mapping matches what libdw sees
    - tags: honor COMPILED_SOURCE with apart output directory
    - e1000e: fix race condition around skb_tstamp_tx()
    - cx25840: fix unchecked return values
    - mceusb: sporadic RX truncation corruption fix
    - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support
    - ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull
    - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
    - perf/core: Correct event creation with PERF_FORMAT_GROUP
    - MIPS: mm: fixed mappings: correct initialisation
    - MIPS: mm: adjust PKMAP location
    - MIPS: kprobes: flush_insn_slot should flush only if probe initialised
    - Fix loop device flush before configure v3
    - net: emac: fix reset timeout with AR8035 phy
    - skbuff: only inherit relevant tx_flags
    - xen: avoid type warning in xchg_xen_ulong
    - bnx2x: Allow vfs to disable txvlan offload
    - sctp: fix recursive locking warning in sctp_do_peeloff
    - sparc64: ldc abort during vds iso boot
    - iio: magnetometer: st_magn_spi: fix spi_device_id table
    - Bluetooth: Send HCI Set Event Mask Page 2 command only when needed
    - cpuidle: dt: Add missing 'of_node_put()'
    - ACPICA: Events: Add runtime stub support for event APIs
    - ACPICA: Disassembler: Abort on an invalid/unknown AML opcode
    - s390/dasd: fix hanging safe offline
    - vxlan: dont migrate permanent fdb entries during learn
    - bcache: stop writeback thread after detaching
    - bcache: segregate flash only volume write streams
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()
    - scsi: libsas: fix error when getting phy events
    - scsi: libsas: initialize sas_phy status according to response of DISCOVER
    - blk-mq: fix kernel oops in blk_mq_tag_idle()
    - tty: n_gsm: Allow ADM response in addition to UA for control dlci
    - EDAC, mv64x60: Fix an error handling path
    - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
    - perf tools: Fix copyfile_offset update of output offset
    - ipsec: check return value of skb_to_sgvec always
    - rxrpc: check return value of skb_to_sgvec always
    - virtio_net: check return value of skb_to_sgvec always
    - virtio_net: check return value of skb_to_sgvec in one more location
    - random: use lockless method of accessing and updating f->reg_idx
    - futex: Remove requirement for lock_page() in get_futex_key()
    - Kbuild: provide a __UNIQUE_ID for clang
    - arp: fix arp_filter on l3slave devices
    - net: fix possible out-of-bound read in skb_network_protocol()
    - net/ipv6: Fix route leaking between VRFs
    - netlink: make sure nladdr has correct size in netlink_connect()
    - net/sched: fix NULL dereference in the error path of tcf_bpf_init()
    - pptp: remove a buggy dst release in pptp_connect()
    - sctp: do not leak kernel memory to user space
    - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
    - vhost: correctly remove wait queue during poll failure
    - vlan: also check phy_driver ts_info for vlan's real device
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
    - bonding: process the err returned by dev_set_allmulti properly in
      bond_enslave
    - net: fool proof dev_valid_name()
    - ip_tunnel: better validate user provided tunnel names
    - ipv6: sit: better validate user provided tunnel names
    - ip6_gre: better validate user provided tunnel names
    - ip6_tunnel: better validate user provided tunnel names
    - vti6: better validate user provided tunnel names
    - r8169: fix setting driver_data after register_netdev
    - net sched actions: fix dumping which requires several messages to user space
    - net/ipv6: Increment OUTxxx counters after netfilter hook
    - ipv6: the entire IPv6 header chain must fit the first fragment
    - vrf: Fix use after free and double free in vrf_finish_output
    - Revert "xhci: plat: Register shutdown for xhci_plat"
    - Linux 4.4.128
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507) // Xenial update to 4.4.128 stable
    release (LP: #1765010)
    - sky2: Increase D3 delay to sky2 stops working after suspend
  * Xenial update to 4.4.127 stable release (LP: #1765007)
    - mtd: jedec_probe: Fix crash in jedec_read_mfr()
    - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
    - ALSA: pcm: potential uninitialized return values
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation
    - partitions/msdos: Unable to mount UFS 44bsd partitions
    - usb: gadget: define free_ep_req as universal function
    - usb: gadget: change len to size_t on alloc_ep_req()
    - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align
    - usb: gadget: align buffer size when allocating for OUT endpoint
    - usb: gadget: f_hid: fix: Prevent accessing released memory
    - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
    - ACPI, PCI, irq: remove redundant check for null string pointer
    - writeback: fix the wrong congested state variable definition
    - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant
    - dm ioctl: remove double parentheses
    - Input: mousedev - fix implicit conversion warning
    - netfilter: nf_nat_h323: fix logical-not-parentheses warning
    - genirq: Use cpumask_available() for check of cpumask variable
    - cpumask: Add helper cpumask_available()
    - selinux: Remove unnecessary check of array base in selinux_set_mapping()
    - fs: compat: Remove warning from COMPATIBLE_IOCTL
    - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp
    - frv: declare jiffies to be located in the .data section
    - audit: add tty field to LOGIN event
    - tty: provide tty_name() even without CONFIG_TTY
    - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch
    - selinux: Remove redundant check for unknown labeling behavior
    - arm64: avoid overflow in VA_START and PAGE_OFFSET
    - xfrm_user: uncoditionally validate esn replay attribute struct
    - RDMA/ucma: Check AF family prior resolving address
    - RDMA/ucma: Fix use-after-free access in ucma_close
    - RDMA/ucma: Ensure that CM_ID exists prior to access it
    - RDMA/ucma: Check that device is connected prior to access it
    - RDMA/ucma: Check that device exists prior to accessing it
    - RDMA/ucma: Don't allow join attempts for unsupported AF family
    - RDMA/ucma: Introduce safer rdma_addr_size() variants
    - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
    - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
    - netfilter: bridge: ebt_among: add more missing match size checks
    - netfilter: x_tables: add and use xt_check_proc_name
    - Bluetooth: Fix missing encryption refresh on Security Request
    - llist: clang: introduce member_address_is_nonnull()
    - scsi: virtio_scsi: always read VPD pages for multiqueue too
    - usb: dwc2: Improve gadget state disconnection handling
    - USB: serial: ftdi_sio: add RT Systems VX-8 cable
    - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
    - USB: serial: cp210x: add ELDAT Easywave RX09 id
    - mei: remove dev_err message on an unsupported ioctl
    - media: usbtv: prevent double free in error case
    - parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
    - crypto: ahash - Fix early termination in hash walk
    - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
    - fs/proc: Stop trying to report thread stacks
    - staging: comedi: ni_mio_common: ack ai fifo error interrupts.
    - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
    - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
    - vt: change SGR 21 to follow the standards
    - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property
      definition
    - ARM: dts: dra7: Add power hold and power controller properties to palmas
    - ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property
    - md/raid10: reset the 'first' at the end of loop
    - net: hns: Fix ethtool private flags
    - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()"
    - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
    - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
    - Revert "cpufreq: Fix governor module removal race"
    - Revert "mtip32xx: use runtime tag to initialize command header"
    - spi: davinci: fix up dma_mapping_error() incorrect patch
    - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized
      ndata"
    - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
    - Linux 4.4.127
  * Xenial update to 4.4.126 stable release (LP: #1764999)
    - scsi: sg: don't return bogus Sg_requests
    - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for
      shared IRQs"
    - net: Fix hlist corruptions in inet_evict_bucket()
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
    - l2tp: do not accept arbitrary sockets
    - net: ethernet: arc: Fix a potential memory leak if an optional regulator is
      deferred
    - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY
      interface
    - net/iucv: Free memory obtained by kzalloc
    - netlink: avoid a double skb free in genlmsg_mcast()
    - net: Only honor ifindex in IP_PKTINFO if non-0
    - skbuff: Fix not waking applications when errors are enqueued
    - team: Fix double free in error path
    - s390/qeth: free netdevice when removing a card
    - s390/qeth: when thread completes, wake up all waiters
    - s390/qeth: lock read device while queueing next buffer
    - s390/qeth: on channel error, reject further cmd requests
    - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
    - net: fec: Fix unbalanced PM runtime calls
    - net: systemport: Rewrite __bcm_sysport_tx_reclaim()
    - Linux 4.4.126
  * Xenial update to 4.4.125 stable release (LP: #1764973)
    - MIPS: ralink: Remove ralink_halt()
    - iio: st_pressure: st_accel: pass correct platform data to init
    - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
    - ALSA: aloop: Sync stale timer before release
    - ALSA: aloop: Fix access to not-yet-ready substream via cable
    - ALSA: hda/realtek - Always immediately update mute LED with pin VREF
    - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
    - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
    - ahci: Add PCI-id for the Highpoint Rocketraid 644L card
    - clk: bcm2835: Protect sections updating shared registers
    - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
    - libata: fix length validation of ATAPI-relayed SCSI commands
    - libata: remove WARN() for DMA or PIO command without data
    - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
    - libata: Enable queued TRIM for Samsung SSD 860
    - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
    - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
    - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
    - mm/vmalloc: add interfaces to free unmapped page table
    - x86/mm: implement free pmd/pte page interfaces
    - drm/vmwgfx: Fix a destoy-while-held mutex problem.
    - drm/radeon: Don't turn off DP sink when disconnected
    - drm: udl: Properly check framebuffer mmap offsets
    - acpi, numa: fix pxm to online numa node associations
    - brcmfmac: fix P2P_DEVICE ethernet address generation
    - rtlwifi: rtl8723be: Fix loss of signal
    - tracing: probeevent: Fix to support minus offset from symbol
    - mtd: nand: fsl_ifc: Fix nand waitfunc return value
    - staging: ncpfs: memory corruption in ncp_read_kernel()
    - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
    - can: cc770: Fix queue stall & dropped RTR reply
    - can: cc770: Fix use after free in cc770_tx_interrupt()
    - tty: vt: fix up tabstops properly
    - kvm/x86: fix icebp instruction handling
    - x86/build/64: Force the linker to use 2MB page size
    - x86/boot/64: Verify alignment of the LOAD segment
    - x86/entry/64: Don't use IST entry for #BP stack
    - perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
    - staging: lustre: ptlrpc: kfree used instead of kvfree
    - kbuild: disable clang's default use of -fmerge-all-constants
    - bpf: skip unnecessary capability check
    - bpf, x64: increase number of passes
    - Linux 4.4.125
  * System fails to start (boot) on battery due to read-only root file-system
    (LP: #1726930) // Xenial update to 4.4.125 stable release (LP: #1764973)
    - libata: disable LPM for Crucial BX100 SSD 500GB drive
  * Xenial update to 4.4.124 stable release (LP: #1764762)
    - tpm: fix potential buffer overruns caused by bit glitches on the bus
    - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
    - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
    - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
    - regulator: anatop: set default voltage selector for pcie
    - x86: i8259: export legacy_pic symbol
    - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
    - Input: ar1021_i2c - fix too long name in driver's device table
    - time: Change posix clocks ops interfaces to use timespec64
    - ACPI/processor: Fix error handling in __acpi_processor_start()
    - ACPI/processor: Replace racy task affinity logic
    - cpufreq/sh: Replace racy task affinity logic
    - genirq: Use irqd_get_trigger_type to compare the trigger type for shared
      IRQs
    - i2c: i2c-scmi: add a MS HID
    - net: ipv6: send unsolicited NA on admin up
    - media/dvb-core: Race condition when writing to CAM
    - spi: dw: Disable clock after unregistering the host
    - ath: Fix updating radar flags for coutry code India
    - clk: ns2: Correct SDIO bits
    - scsi: virtio_scsi: Always try to read VPD pages
    - KVM: PPC: Book3S PR: Exit KVM on failed mapping
    - ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
    - iommu/omap: Register driver before setting IOMMU ops
    - md/raid10: wait up frozen array in handle_write_completed
    - NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
    - tcp: remove poll() flakes with FastOpen
    - e1000e: fix timing for 82579 Gigabit Ethernet controller
    - ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
    - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
    - IB/ipoib: Update broadcast object if PKey value was changed in index 0
    - HSI: ssi_protocol: double free in ssip_pn_xmit()
    - IB/mlx4: Take write semaphore when changing the vma struct
    - IB/mlx4: Change vma from shared to private
    - ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
    - Fix driver usage of 128B WQEs when WQ_CREATE is V1.
    - netfilter: xt_CT: fix refcnt leak on error path
    - openvswitch: Delete conntrack entry clashing with an expectation.
    - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
    - wan: pc300too: abort path on failure
    - qlcnic: fix unchecked return value
    - scsi: mac_esp: Replace bogus memory barrier with spinlock
    - infiniband/uverbs: Fix integer overflows
    - NFS: don't try to cross a mountpount when there isn't one there.
    - Revert "UBUNTU: SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor
      platform data properly"
    - iio: st_pressure: st_accel: Initialise sensor platform data properly
    - mt7601u: check return value of alloc_skb
    - rndis_wlan: add return value validation
    - Btrfs: send, fix file hole not being preserved due to inline extent
    - mac80211: don't parse encrypted management frames in ieee80211_frame_acked
    - mfd: palmas: Reset the POWERHOLD mux during power off
    - mtip32xx: use runtime tag to initialize command header
    - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK
      set to y
    - staging: wilc1000: fix unchecked return value
    - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
    - ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
    - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
    - ACPI / PMIC: xpower: Fix power_table addresses
    - drm/nouveau/kms: Increase max retries in scanout position queries.
    - bnx2x: Align RX buffers
    - power: supply: pda_power: move from timer to delayed_work
    - Input: twl4030-pwrbutton - use correct device for irq request
    - md/raid10: skip spare disk as 'first' disk
    - ia64: fix module loading for gcc-5.4
    - tcm_fileio: Prevent information leak for short reads
    - video: fbdev: udlfb: Fix buffer on stack
    - sm501fb: don't return zero on failure path in sm501fb_start()
    - net: hns: fix ethtool_get_strings overflow in hns driver
    - cifs: small underflow in cnvrtDosUnixTm()
    - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
    - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
    - perf tests kmod-path: Don't fail if compressed modules aren't supported
    - Bluetooth: hci_qca: Avoid setup failure on missing rampatch
    - media: c8sectpfe: fix potential NULL pointer dereference in
      c8sectpfe_timer_interrupt
    - drm/msm: fix leak in failed get_pages
    - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
    - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
    - media: bt8xx: Fix err 'bt878_probe()'
    - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
    - cros_ec: fix nul-termination for firmware build info
    - platform/chrome: Use proper protocol transfer function
    - mmc: avoid removing non-removable hosts during suspend
    - IB/ipoib: Avoid memory leak if the SA returns a different DGID
    - RDMA/cma: Use correct size when writing netlink stats
    - IB/umem: Fix use of npages/nmap fields
    - vgacon: Set VGA struct resource types
    - drm/omap: DMM: Check for DMM readiness after successful transaction commit
    - pty: cancel pty slave port buf's work in tty_release
    - coresight: Fix disabling of CoreSight TPIU
    - pinctrl: Really force states during suspend/resume
    - iommu/vt-d: clean up pr_irq if request_threaded_irq fails
    - ip6_vti: adjust vti mtu according to mtu of lower device
    - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
    - nfsd4: permit layoutget of executable-only files
    - clk: si5351: Rename internal plls to avoid name collisions
    - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
    - RDMA/ucma: Fix access to non-initialized CM_ID object
    - Linux 4.4.124
  * Xenial update to 4.4.123 stable release (LP: #1764666)
    - blkcg: fix double free of new_blkg in blkcg_init_queue
    - Input: tsc2007 - check for presence and power down tsc2007 during probe
    - staging: speakup: Replace BUG_ON() with WARN_ON().
    - staging: wilc1000: add check for kmalloc allocation failure.
    - HID: reject input outside logical range only if null state is set
    - drm: qxl: Don't alloc fbdev if emulation is not supported
    - ath10k: fix a warning during channel switch with multiple vaps
    - PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()
    - selinux: check for address length in selinux_socket_bind()
    - perf sort: Fix segfault with basic block 'cycles' sort dimension
    - i40e: Acquire NVM lock before reads on all devices
    - i40e: fix ethtool to get EEPROM data from X722 interface
    - perf tools: Make perf_event__synthesize_mmap_events() scale
    - drivers: net: xgene: Fix hardware checksum setting
    - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-
      off)
    - ath10k: disallow DFS simulation if DFS channel is not enabled
    - perf probe: Return errno when not hitting any event
    - HID: clamp input to logical range if no null state
    - net/8021q: create device with all possible features in wanted_features
    - ARM: dts: Adjust moxart IRQ controller and flags
    - batman-adv: handle race condition for claims between gateways
    - of: fix of_device_get_modalias returned length when truncating buffers
    - solo6x10: release vb2 buffers in solo_stop_streaming()
    - scsi: ipr: Fix missed EH wakeup
    - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
    - timers, sched_clock: Update timeout for clock wrap
    - sysrq: Reset the watchdog timers while displaying high-resolution timers
    - Input: qt1070 - add OF device ID table
    - sched: act_csum: don't mangle TCP and UDP GSO packets
    - ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT
    - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
    - tcp: sysctl: Fix a race to avoid unexpected 0 window from space
    - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
    - driver: (adm1275) set the m,b and R coefficients correctly for power
    - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
    - blk-throttle: make sure expire time isn't too big
    - f2fs: relax node version check for victim data in gc
    - bonding: refine bond_fold_stats() wrap detection
    - braille-console: Fix value returned by _braille_console_setup
    - drm/vmwgfx: Fixes to vmwgfx_fb
    - vxlan: vxlan dev should inherit lowerdev's gso_max_size
    - NFC: nfcmrvl: Include unaligned.h instead of access_ok.h
    - NFC: nfcmrvl: double free on error path
    - ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks
    - ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks
    - powerpc: Avoid taking a data miss on every userspace instruction miss
    - net/faraday: Add missing include of of.h
    - ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
    - reiserfs: Make cancel_old_flush() reliable
    - ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
    - fm10k: correctly check if interface is removed
    - apparmor: Make path_max parameter readonly
    - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
    - video: ARM CLCD: fix dma allocation size
    - drm/radeon: Fail fb creation from imported dma-bufs.
    - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2)
    - coresight: Fixes coresight DT parse to get correct output port ID.
    - MIPS: BPF: Quit clobbering callee saved registers in JIT code.
    - MIPS: BPF: Fix multiple problems in JIT skb access helpers.
    - MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
    - MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
    - regulator: isl9305: fix array size
    - md/raid6: Fix anomily when recovering a single device in RAID6.
    - usb: dwc2: Make sure we disconnect the gadget state
    - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in
      dummy_hub_control()
    - drivers/perf: arm_pmu: handle no platform_device
    - perf inject: Copy events when reordering events in pipe mode
    - perf session: Don't rely on evlist in pipe mode
    - scsi: sg: check for valid direction before starting the request
    - scsi: sg: close race condition in sg_remove_sfp_usercontext()
    - kprobes/x86: Fix kprobe-booster not to boost far call instructions
    - kprobes/x86: Set kprobes pages read-only
    - pwm: tegra: Increase precision in PWM rate calculation
    - wil6210: fix memory access violation in wil_memcpy_from/toio_32
    - drm/edid: set ELD connector type in drm_edid_to_eld()
    - video/hdmi: Allow "empty" HDMI infoframes
    - HID: elo: clear BTN_LEFT mapping
    - ARM: dts: exynos: Correct Trats2 panel reset line
    - sched: Stop switched_to_rt() from sending IPIs to offline CPUs
    - sched: Stop resched_cpu() from sending IPIs to offline CPUs
    - test_firmware: fix setting old custom fw path back on exit
    - net: xfrm: allow clearing socket xfrm policies.
    - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
    - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
    - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
    - ath10k: update tdls teardown state to target
    - cpufreq: Fix governor module removal race
    - clk: qcom: msm8916: fix mnd_width for codec_digcodec
    - ath10k: fix invalid STS_CAP_OFFSET_MASK
    - tools/usbip: fixes build with musl libc toolchain
    - spi: sun6i: disable/unprepare clocks on remove
    - scsi: core: scsi_get_device_flags_keyed(): Always return device flags
    - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
    - scsi: dh: add new rdac devices
    - media: cpia2: Fix a couple off by one bugs
    - veth: set peer GSO values
    - drm/amdkfd: Fix memory leaks in kfd topology
    - agp/intel: Flush all chipset writes after updating the GGTT
    - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
    - mac80211: remove BUG() when interface type is invalid
    - ASoC: nuc900: Fix a loop timeout test
    - ipvlan: add L2 check for packets arriving via virtual devices
    - rcutorture/configinit: Fix build directory error message
    - ima: relax requiring a file signature for new files with zero length
    - selftests/x86/entry_from_vm86: Exit with 1 if we fail
    - selftests/x86: Add tests for User-Mode Instruction Prevention
    - selftests/x86: Add tests for the STR and SLDT instructions
    - selftests/x86/entry_from_vm86: Add test cases for POPF
    - x86/vm86/32: Fix POPF emulation
    - x86/mm: Fix vmalloc_fault to use pXd_large
    - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
    - ALSA: hda - Revert power_save option default value
    - ALSA: seq: Fix possible UAF in snd_seq_check_queue()
    - ALSA: seq: Clear client entry before deleting else at closing
    - drm/amdgpu/dce: Don't turn off DP sink when disconnected
    - fs: Teach path_connected to handle nfs filesystems with multiple roots.
    - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
    - fs/aio: Add explicit RCU grace period when freeing kioctx
    - fs/aio: Use RCU accessors for kioctx_table->table[]
    - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
    - scsi: sg: fix SG_DXFER_FROM_DEV transfers
    - scsi: sg: fix static checker warning in sg_is_valid_dxfer
    - scsi: sg: only check for dxfer_len greater than 256M
    - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
    - btrfs: alloc_chunk: fix DUP stripe size handling
    - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale
      device
    - USB: gadget: udc: Add missing platform_device_put() on error in
      bdc_pci_probe()
    - usb: gadget: bdc: 64-bit pointer capability check
    - Linux 4.4.123
  * Xenial update to 4.4.123 stable release (LP: #1764666) // CVE-2017-16995
    - Revert "bpf: fix incorrect sign extension in check_alu_op()"
    - bpf: fix incorrect sign extension in check_alu_op()
  * Xenial update to 4.4.122 stable release (LP: #1764627)
    - RDMA/ucma: Limit possible option size
    - RDMA/ucma: Check that user doesn't overflow QP state
    - RDMA/mlx5: Fix integer overflow while resizing CQ
    - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
    - workqueue: Allow retrieval of current task's work struct
    - drm: Allow determining if current task is output poll worker
    - drm/nouveau: Fix deadlock on runtime suspend
    - drm/radeon: Fix deadlock on runtime suspend
    - drm/amdgpu: Fix deadlock on runtime suspend
    - drm/amdgpu: Notify sbios device ready before send request
    - drm/radeon: fix KV harvesting
    - drm/amdgpu: fix KV harvesting
    - MIPS: BMIPS: Do not mask IPIs during suspend
    - MIPS: ath25: Check for kzalloc allocation failure
    - MIPS: OCTEON: irq: Check for null return on kzalloc allocation
    - Input: matrix_keypad - fix race when disabling interrupts
    - loop: Fix lost writes caused by missing flag
    - kbuild: Handle builtin dtb file names containing hyphens
    - bcache: don't attach backing with duplicate UUID
    - x86/MCE: Serialize sysfs changes
    - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
    - ALSA: seq: More protection for concurrent write and ioctl races
    - ALSA: hda: add dock and led support for HP EliteBook 820 G3
    - ALSA: hda: add dock and led support for HP ProBook 640 G2
    - watchdog: hpwdt: SMBIOS check
    - watchdog: hpwdt: Check source of NMI
    - watchdog: hpwdt: fix unused variable warning
    - netfilter: nfnetlink_queue: fix timestamp attribute
    - Input: tca8418_keypad - remove double read of key event register
    - tc358743: fix register i2c_rd/wr function fix
    - netfilter: add back stackpointer size checks
    - netfilter: x_tables: fix missing timer initialization in xt_LED
    - netfilter: nat: cope with negative port range
    - netfilter: IDLETIMER: be syzkaller friendly
    - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
    - netfilter: bridge: ebt_among: add missing match size checks
    - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
    - netfilter: use skb_to_full_sk in ip_route_me_harder
    - ext4: inplace xattr block update fails to deduplicate blocks
    - ubi: Fix race condition between ubi volume creation and udev
    - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
    - NFS: Fix an incorrect type in struct nfs_direct_req
    - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
    - x86/module: Detect and skip invalid relocations
    - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
    - serial: sh-sci: prevent lockup on full TTY buffers
    - tty/serial: atmel: add new version check for usart
    - uas: fix comparison for error code
    - staging: comedi: fix comedi_nsamples_left.
    - staging: android: ashmem: Fix lockdep issue during llseek
    - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
    - usb: quirks: add control message delay for 1b1c:1b20
    - USB: usbmon: remove assignment from IS_ERR argument
    - usb: usbmon: Read text within supplied buffer size
    - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
    - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
    - fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
    - Linux 4.4.122
  * Xenial update to 4.4.122 stable release (LP: #1764627) // CVE-2018-1000004.
    - ALSA: seq: Don't allow resizing pool in use
  * Xenial update to 4.4.121 stable release (LP: #1764367)
    - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the
      bus
    - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on
      the bus
    - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the
      bus
    - ALSA: usb-audio: Add a quirck for B&W PX headphones
    - ALSA: hda: Add a power_save blacklist
    - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
    - media: m88ds3103: don't call a non-initalized function
    - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
    - KVM: mmu: Fix overlap between public and private memslots
    - btrfs: Don't clear SGID when inheriting ACLs
    - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
    - x86/apic/vector: Handle legacy irq data correctly
    - leds: do not overflow sysfs buffer in led_trigger_show
    - x86/spectre: Fix an error message
    - bridge: check brport attr show in brport_show
    - fib_semantics: Don't match route with mismatching tclassid
    - hdlc_ppp: carrier detect ok, don't turn off negotiation
    - ipv6 sit: work around bogus gcc-8 -Wrestrict warning
    - net: fix race on decreasing number of TX queues
    - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
    - netlink: ensure to loop over all netns in genlmsg_multicast_allns()
    - ppp: prevent unregistered channels from connecting to PPP units
    - udplite: fix partial checksum initialization
    - sctp: fix dst refcnt leak in sctp_v4_get_dst
    - sctp: fix dst refcnt leak in sctp_v6_get_dst()
    - s390/qeth: fix SETIP command handling
    - s390/qeth: fix IPA command submission race
    - sctp: verify size of a new chunk in _sctp_make_chunk()
    - net: mpls: Pull common label check into helper
    - dm io: fix duplicate bio completion due to missing ref count
    - bpf, x64: implement retpoline for tail call
    - btrfs: preserve i_mode if __btrfs_set_acl() fails
    - Linux 4.4.121
  * Xenial update to 4.4.120 stable release (LP: #1764316)
    - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
    - f2fs: fix a bug caused by NULL extent tree
    - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
    - ipv6: icmp6: Allow icmp messages to be looped back
    - ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
    - sget(): handle failures of register_shrinker()
    - drm/nouveau/pci: do a msi rearm on init
    - spi: atmel: fixed spin_lock usage inside atmel_spi_remove
    - net: arc_emac: fix arc_emac_rx() error paths
    - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
    - ARM: dts: ls1021a: fix incorrect clock references
    - lib/mpi: Fix umul_ppmm() for MIPS64r6
    - tg3: Add workaround to restrict 5762 MRRS to 2048
    - tg3: Enable PHY reset in MTU change path for 5720
    - bnx2x: Improve reliability in case of nested PCI errors
    - s390/dasd: fix wrongly assigned configuration data
    - IB/mlx4: Fix mlx4_ib_alloc_mr error flow
    - IB/ipoib: Fix race condition in neigh creation
    - xfs: quota: fix missed destroy of qi_tree_lock
    - xfs: quota: check result of register_shrinker()
    - e1000: fix disabling already-disabled warning
    - drm/ttm: check the return value of kzalloc
    - mac80211: mesh: drop frames appearing to be from us
    - can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
    - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
    - xen-netfront: enable device after manual module load
    - mdio-sun4i: Fix a memory leak
    - SolutionEngine771x: fix Ether platform data
    - xen/gntdev: Fix off-by-one error when unmapping with holes
    - xen/gntdev: Fix partial gntdev_mmap() cleanup
    - sctp: make use of pre-calculated len
    - net: gianfar_ptp: move set_fipers() to spinlock protecting area
    - MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
    - Linux 4.4.120
  * Xenial update to 4.4.119 stable release (LP: #1762453)
    - netfilter: drop outermost socket lock in getsockopt()
    - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
    - PCI: keystone: Fix interrupt-controller-node lookup
    - ip_tunnel: replace dst_cache with generic implementation
    - ip_tunnel: fix preempt warning in ip tunnel creation/updating
    - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
    - cfg80211: fix cfg80211_beacon_dup
    - iio: buffer: check if a buffer has been set up when poll is called
    - iio: adis_lib: Initialize trigger before requesting interrupt
    - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
    - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
    - usb: ohci: Proper handling of ed_rm_list to handle race condition between
      usb_kill_urb() and finish_unlinks()
    - arm64: Disable unhandled signal log messages by default
    - Add delay-init quirk for Corsair K70 RGB keyboards
    - usb: dwc3: gadget: Set maxpacket size for ep0 IN
    - usb: ldusb: add PIDs for new CASSY devices supported by this driver
    - usb: gadget: f_fs: Process all descriptors during bind
    - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
    - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
    - binder: add missing binder_unlock()
    - Linux 4.4.119
  * [regression] Colour banding and artefacts appear system-wide on an Asus
    Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) // Xenial update
    to 4.4.119 stable release (LP: #1762453)
    - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
  * Xenial update to 4.4.118 stable release (LP: #1756866)
    - net: add dst_cache support
    - [Config] Add CONFIG_DST_CACHE=y
    - net: replace dst_cache ip6_tunnel implementation with the generic one
    - cfg80211: check dev_set_name() return value
    - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
    - xfrm: Fix stack-out-of-bounds read on socket policy lookup.
    - xfrm: check id proto in validate_tmpl()
    - blktrace: fix unlocked registration of tracepoints
    - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
    - Provide a function to create a NUL-terminated string from unterminated data
    - selinux: ensure the context is NUL terminated in
      security_context_to_sid_core()
    - selinux: skip bounded transition processing if the policy isn't loaded
    - crypto: x86/twofish-3way - Fix %rbp usage
    - KVM: x86: fix escape of guest dr6 to the host
    - netfilter: x_tables: fix int overflow in xt_alloc_table_info()
    - netfilter: x_tables: avoid out-of-bounds reads in
      xt_request_find_{match|target}
    - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
    - netfilter: on sockopt() acquire sock lock only in the required scope
    - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
    - net: avoid skb_warn_bad_offload on IS_ERR
    - ASoC: ux500: add MODULE_LICENSE tag
    - video: fbdev/mmp: add MODULE_LICENSE
    - arm64: dts: add #cooling-cells to CPU nodes
    - Make DST_CACHE a silent config option
    - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
    - staging: android: ashmem: Fix a race condition in pin ioctls
    - binder: check for binder_thread allocation failure in binder_poll()
    - staging: iio: adc: ad7192: fix external frequency setting
    - usbip: keep usbip_device sockfd state in sync with tcp_socket
    - usb: build drivers/usb/common/ when USB_SUPPORT is set
    - ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
    - ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
    - ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
    - ARM: dts: am4372: Correct the interrupts_properties of McASP
    - perf top: Fix window dimensions change handling
    - perf bench numa: Fixup discontiguous/sparse numa nodes
    - media: s5k6aa: describe some function parameters
    - pinctrl: sunxi: Fix A80 interrupt pin bank
    - RDMA/cma: Make sure that PSN is not over max allowed
    - scripts/kernel-doc: Don't fail with status != 0 if error encountered with
      -none
    - ipvlan: Add the skb->mark as flow4's member to lookup route
    - powerpc/perf: Fix oops when grouping different pmu events
    - s390/dasd: prevent prefix I/O error
    - gianfar: fix a flooded alignment reports because of padding issue.
    - net_sched: red: Avoid devision by zero
    - net_sched: red: Avoid illegal values
    - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
    - 509: fix printing uninitialized stack memory when OID is empty
    - dmaengine: ioat: Fix error handling path
    - dmaengine: at_hdmac: fix potential NULL pointer dereference in
      atc_prep_dma_interleaved
    - clk: fix a panic error caused by accessing NULL pointer
    - ASoC: rockchip: disable clock on error
    - spi: sun4i: disable clocks in the remove function
    - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
    - drm/armada: fix leak of crtc structure
    - dmaengine: jz4740: disable/unprepare clk if probe fails
    - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
    - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
    - xen: XEN_ACPI_PROCESSOR is Dom0-only
    - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
    - virtio_balloon: prevent uninitialized variable use
    - isdn: icn: remove a #warning
    - vmxnet3: prevent building with 64K pages
    - [Config] ppc64el: Drop vmxnet3 module
    - gpio: intel-mid: Fix build warning when !CONFIG_PM
    - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
    - video: fbdev: via: remove possibly unused variables
    - scsi: advansys: fix build warning for PCI=n
    - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
    - arm64: define BUG() instruction without CONFIG_BUG
    - x86/fpu/math-emu: Fix possible uninitialized variable use
    - tools build: Add tools tree support for 'make -s'
    - x86/build: Silence the build with "make -s"
    - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
    - x86: add MULTIUSER dependency for KVM
    - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
    - scsi: advansys: fix uninitialized data access
    - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
    - ALSA: hda/ca0132 - fix possible NULL pointer use
    - reiserfs: avoid a -Wmaybe-uninitialized warning
    - ssb: mark ssb_bus_register as __maybe_unused
    - thermal: spear: use __maybe_unused for PM functions
    - x86/boot: Avoid warning for zero-filling .bss
    - scsi: sim710: fix build warning
    - drivers/net: fix eisa_driver probe section mismatch
    - dpt_i2o: fix build warning
    - profile: hide unused functions when !CONFIG_PROC_FS
    - md: avoid warning for 32-bit sector_t
    - mtd: ichxrom: maybe-uninitialized with gcc-4.9
    - mtd: maps: add __init attribute
    - mptfusion: hide unused seq_mpt_print_ioc_summary function
    - scsi: fdomain: drop fdomain_pci_tbl when built-in
    - video: fbdev: sis: remove unused variable
    - staging: ste_rmi4: avoid unused function warnings
    - fbdev: sis: enforce selection of at least one backend
    - video: Use bool instead int pointer for get_opt_bool() argument
    - scsi: mvumi: use __maybe_unused to hide pm functions
    - SCSI: initio: remove duplicate module device table
    - pwc: hide unused label
    - usb: musb/ux500: remove duplicate check for dma_is_compatible
    - tty: hvc_xen: hide xen_console_remove when unused
    - target/user: Fix cast from pointer to phys_addr_t
    - driver-core: use 'dev' argument in dev_dbg_ratelimited stub
    - fbdev: auo_k190x: avoid unused function warnings
    - amd-xgbe: Fix unused suspend handlers build warning
    - mtd: sh_flctl: pass FIFO as physical address
    - mtd: cfi: enforce valid geometry configuration
    - fbdev: s6e8ax0: avoid unused function warnings
    - modsign: hide openssl output in silent builds
    - fbdev: sm712fb: avoid unused function warnings
    - hwrng: exynos - use __maybe_unused to hide pm functions
    - USB: cdc_subset: only build when one driver is enabled
    - [Config] Add CONFIG_USB_NET_CDC_SUBSET_ENABLE=m
    - rtlwifi: fix gcc-6 indentation warning
    - staging: wilc1000: fix kbuild test robot error
    - x86/platform/olpc: Fix resume handler build warning
    - netfilter: ipvs: avoid unused variable warnings
    - ipv4: ipconfig: avoid unused ic_proto_used symbol
    - tc1100-wmi: fix build warning when CONFIG_PM not enabled
    - tlan: avoid unused label with PCI=n
    - drm/vmwgfx: use *_32_bits() macros
    - tty: cyclades: cyz_interrupt is only used for PCI
    - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
    - ASoC: mediatek: add i2c dependency
    - iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
    - infiniband: cxgb4: use %pR format string for printing resources
    - b2c2: flexcop: avoid unused function warnings
    - i2c: remove __init from i2c_register_board_info()
    - staging: unisys: visorinput depends on INPUT
    - tc358743: fix register i2c_rd/wr functions
    - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
    - Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
    - KVM: add X86_LOCAL_APIC dependency
    - go7007: add MEDIA_CAMERA_SUPPORT dependency
    - em28xx: only use mt9v011 if camera support is enabled
    - ISDN: eicon: reduce stack size of sig_ind function
    - ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
    - serial: 8250_mid: fix broken DMA dependency
    - drm/gma500: Sanity-check pipe index
    - hdpvr: hide unused variable
    - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
    - cw1200: fix bogus maybe-uninitialized warning
    - wireless: cw1200: use __maybe_unused to hide pm functions_
    - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
    - dmaengine: zx: fix build warning
    - net: hp100: remove unnecessary #ifdefs
    - gpio: xgene: mark PM functions as __maybe_unused
    - ncpfs: fix unused variable warning
    - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
    - power: bq27xxx_battery: mark some symbols __maybe_unused
    - isdn: sc: work around type mismatch warning
    - binfmt_elf: compat: avoid unused function warning
    - idle: i7300: add PCI dependency
    - usb: phy: msm add regulator dependency
    - ncr5380: shut up gcc indentation warning
    - ARM: tegra: select USB_ULPI from EHCI rather than platform
    - ASoC: Intel: Kconfig: fix build when ACPI is not enabled
    - netlink: fix nla_put_{u8,u16,u32} for KASAN
    - dell-wmi, dell-laptop: depends DMI
    - genksyms: Fix segfault with invalid declarations
    - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix
      preemptibility bug
    - drm/gma500: remove helper function
    - kasan: rework Kconfig settings
    - KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"
      exceptions simultaneously
    - x86/retpoline: Remove the esp/rsp thunk
    - module/retpoline: Warn about missing retpoline in module
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/cpu/bugs: Make retpoline module warning conditional
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
    - x86/paravirt: Remove 'noreplace-paravirt' cmdline option
    - x86/retpoline: Avoid retpolines for built-in __init functions
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
    - KVM: nVMX: kmap() can't fail
    - KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
    - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
    - KVM: VMX: clean up declaration of VPID/EPT invalidation types
    - KVM: nVMX: invvpid handling improvements
    - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
    - net: dst_cache_per_cpu_dst_set() can be static
    - ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
    - Linux 4.4.118
  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

  [ Ubuntu: 4.4.0-122.146 ]

  * linux: 4.4.0-122.146 -proposed tracker (LP: #1766264)
  * Redpine: WiFi scan stopping issue observed with BLE (LP: #1757435)
    - SAUCE: Redpine: resolve wifi scan stop issue in stress tests

  [ Ubuntu: 4.4.0-121.145 ]

  * linux: 4.4.0-121.145 -proposed tracker (LP: #1763687)
  * Ubuntu-4.4.0-120.144 fails to boot on arm64* hardware (LP: #1763644)
    - [Config] arm64: disable BPF_JIT_ALWAYS_ON

 -- Khalid Elmously <email address hidden>  Thu, 26 Apr 2018 04:49:56 +0000

Available diffs

Superseded in cosmic-release on 2018-05-24
Published in bionic-release on 2018-04-24
Deleted in bionic-proposed (Reason: moved to release)
linux-kvm (4.15.0-1008.8) bionic; urgency=medium

  * linux-kvm: 4.15.0-1008.8 -proposed tracker (LP: #1766472)

  [ Ubuntu: 4.15.0-20.21 ]

  * linux: 4.15.0-20.21 -proposed tracker (LP: #1766452)
  * package shim-signed (not installed) failed to install/upgrade: installed
    shim-signed package post-installation script subprocess returned error exit
    status 5 (LP: #1766391)
    - [Packaging] fix invocation of header postinst hooks

 -- Stefan Bader <email address hidden>  Tue, 24 Apr 2018 10:14:08 +0200
Deleted in bionic-proposed on 2018-04-25 (Reason: NBS)
linux-kvm (4.15.0-1007.7) bionic; urgency=medium

  * linux-kvm: 4.15.0-1007.7 -proposed tracker (LP: #1766027)

  [ Ubuntu: 4.15.0-19.20 ]

  * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021)
  * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232)
    - Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU"
    - Revert "genirq/affinity: assign vectors to all possible CPUs"

Available diffs

Superseded in bionic-release on 2018-04-24
Deleted in bionic-proposed on 2018-04-26 (Reason: moved to release)
linux-kvm (4.15.0-1006.6) bionic; urgency=medium

  * linux-kvm: 4.15.0-1006.6 -proposed tracker (LP: #1765498)

  [ Ubuntu: 4.15.0-18.19 ]

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)
  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
    meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
    (LP: #1765429)
    - powerpc/pseries: Fix clearing of security feature flags
  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Config] signing -- enable Opal signing for ppc64el
    - [Packaging] printenv -- add signing options
  * [18.04 FEAT] Sign POWER host/NV kernels (LP: #1696154)
    - [Packaging] signing -- add support for signing Opal kernel binaries
  * Please cherrypick s390 unwind fix (LP: #1765083)
    - s390/compat: fix setup_frame32
  * Ubuntu 18.04 installer does not detect any IPR based HDD/RAID array [S822L]
    [ipr] (LP: #1751813)
    - d-i: move ipr to storage-core-modules on ppc64el
  * drivers/gpu/drm/bridge/adv7511/adv7511.ko missing (LP: #1764816)
    - SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm
  * Miscellaneous Ubuntu changes
    - [Packaging] Add linux-oem to rebuild test blacklist.

  [ Ubuntu: 4.15.0-17.18 ]

  * linux: 4.15.0-17.18 -proposed tracker (LP: #1764498)
  * Eventual OOM with profile reloads (LP: #1750594)
    - SAUCE: apparmor: fix memory leak when duplicate profile load

Superseded in xenial-security on 2018-05-08
Superseded in xenial-updates on 2018-05-08
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1021.26) xenial; urgency=medium

  * linux-kvm: 4.4.0-1021.26 -proposed tracker (LP: #1761445)

  *  linux-kvm VFIO support for Kata containers (LP: #1759421)
    - kvm: [config] Enable VFIO

  [ Ubuntu: 4.4.0-120.144 ]

  * linux: 4.4.0-120.144 -proposed tracker (LP: #1761438)
  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers
  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] final-checks -- remove check for empty retpoline files
  * Xenial update to 4.4.117 stable release (LP: #1756860)
    - IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
    - PM / devfreq: Propagate error from devfreq_add_device()
    - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
    - ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
    - arm: spear600: Add missing interrupt-parent of rtc
    - arm: spear13xx: Fix dmas cells
    - arm: spear13xx: Fix spics gpio controller's warning
    - ALSA: seq: Fix regression by incorrect ioctl_mutex usages
    - KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(),
      by always inlining iterator helper methods
    - x86/cpu: Change type of x86_cache_size variable to unsigned int
    - drm/radeon: adjust tested variable
    - rtc-opal: Fix handling of firmware error codes, prevent busy loops
    - ext4: save error to disk in __ext4_grp_locked_error()
    - ext4: correct documentation for grpid mount option
    - mm: hide a #warning for COMPILE_TEST
    - video: fbdev: atmel_lcdfb: fix display-timings lookup
    - console/dummy: leave .con_font_get set to NULL
    - rtlwifi: rtl8821ae: Fix connection lost problem correctly
    - Btrfs: fix deadlock in run_delalloc_nocow
    - Btrfs: fix crash due to not cleaning up tree log block's dirty bits
    - Btrfs: fix unexpected -EEXIST when creating new inode
    - ALSA: hda - Fix headset mic detection problem for two Dell machines
    - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
    - ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
    - ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
    - ALSA: seq: Fix racy pool initializations
    - mvpp2: fix multicast address filter
    - dm: correctly handle chained bios in dec_pending()
    - x86: fix build warnign with 32-bit PAE
    - vfs: don't do RCU lookup of empty pathnames
    - ARM: pxa/tosa-bt: add MODULE_LICENSE tag
    - ARM: dts: s5pv210: add interrupt-parent for ohci
    - media: r820t: fix r820t_write_reg for KASAN
    - Linux 4.4.117
  * zfs system process hung on container stop/delete (LP: #1754584)
    - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu19
    - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)
  * apparmor: fix bad __initdata tagging on, apparmor_initialized (LP: #1758471)
    - SAUCE: apparmor: fix bad __initdata tagging on, apparmor_initialized
  * Xenial update to 4.4.116 stable release (LP: #1756121)
    - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
    - powerpc/64: Fix flush_(d|i)cache_range() called from modules
    - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
    - powerpc: Simplify module TOC handling
    - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
    - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
    - net: cdc_ncm: initialize drvflags before usage
    - ASoC: simple-card: Fix misleading error message
    - ASoC: rsnd: don't call free_irq() on Parent SSI
    - ASoC: rsnd: avoid duplicate free_irq()
    - drm: rcar-du: Use the VBK interrupt for vblank events
    - drm: rcar-du: Fix race condition when disabling planes at CRTC stop
    - x86/asm: Fix inline asm call constraints for GCC 4.4
    - ip6mr: fix stale iterator
    - net: igmp: add a missing rcu locking section
    - qlcnic: fix deadlock bug
    - r8169: fix RTL8168EP take too long to complete driver initialization.
    - tcp: release sk_frag.page in tcp_disconnect
    - vhost_net: stop device during reset owner
    - media: soc_camera: soc_scale_crop: add missing
      MODULE_DESCRIPTION/AUTHOR/LICENSE
    - KEYS: encrypted: fix buffer overread in valid_master_desc()
    - don't put symlink bodies in pagecache into highmem
    - crypto: tcrypt - fix S/G table for test_aead_speed()
    - x86/microcode: Do the family check first
    - powerpc/pseries: include linux/types.h in asm/hvcall.h
    - cifs: Fix missing put_xid in cifs_file_strict_mmap
    - cifs: Fix autonegotiate security settings mismatch
    - CIFS: zero sensitive data when freeing
    - dmaengine: dmatest: fix container_of member in dmatest_callback
    - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
    - kaiser: fix compile error without vsyscall
    - netfilter: nf_queue: Make the queue_handler pernet
    - posix-timer: Properly check sigevent->sigev_notify
    - usb: gadget: uvc: Missing files for configfs interface
    - sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
    - sched/rt: Up the root domain ref count when passing it around via IPIs
    - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
    - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
    - mtd: cfi: convert inline functions to macros
    - mtd: nand: brcmnand: Disable prefetch by default
    - mtd: nand: Fix nand_do_read_oob() return value
    - mtd: nand: sunxi: Fix ECC strength choice
    - ubi: block: Fix locking for idr_alloc/idr_remove
    - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
    - NFS: Add a cond_resched() to nfs_commit_release_pages()
    - NFS: commit direct writes even if they fail partially
    - NFS: reject request for id_legacy key without auxdata
    - kernfs: fix regression in kernfs_fop_write caused by wrong type
    - ahci: Annotate PCI ids for mobile Intel chipsets as such
    - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
    - ahci: Add Intel Cannon Lake PCH-H PCI ID
    - crypto: hash - introduce crypto_hash_alg_has_setkey()
    - crypto: cryptd - pass through absence of ->setkey()
    - crypto: poly1305 - remove ->setkey() method
    - nsfs: mark dentry with DCACHE_RCUACCESS
    - media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
    - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
    - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
    - media: v4l2-compat-ioctl32.c: fix the indentation
    - media: v4l2-compat-ioctl32.c: move 'helper' functions to
      __get/put_v4l2_format32
    - media: v4l2-compat-ioctl32.c: avoid sizeof(type)
    - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
    - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
    - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
    - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
    - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
    - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
    - media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
    - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
    - crypto: caam - fix endless loop when DECO acquire fails
    - arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
    - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
    - watchdog: imx2_wdt: restore previous timeout after suspend+resume
    - media: ts2020: avoid integer overflows on 32 bit machines
    - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
    - kernel/async.c: revert "async: simplify lowest_in_progress()"
    - HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
    - Bluetooth: btsdio: Do not bind to non-removable BCM43341
    - Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
      version
    - signal/openrisc: Fix do_unaligned_access to send the proper signal
    - signal/sh: Ensure si_signo is initialized in do_divide_error
    - alpha: fix crash if pthread_create races with signal delivery
    - alpha: fix reboot on Avanti platform
    - xtensa: fix futex_atomic_cmpxchg_inatomic
    - EDAC, octeon: Fix an uninitialized variable warning
    - pktcdvd: Fix pkt_setup_dev() error path
    - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
    - ACPI: sbshc: remove raw pointer from printk() message
    - ovl: fix failure to fsync lower dir
    - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
    - ftrace: Remove incorrect setting of glob search field
    - Linux 4.4.116
  * Xenial update to 4.4.116 stable release (LP: #1756121) // CVE-2017-5754
    - Revert "UBUNTU: SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix some RFI conversions in the KVM code"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix the 32-bit KVM build"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fallback flush add load dependency"
    - Revert "UBUNTU: SAUCE: rfi-flush: Use rfi-flush in printks"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline
      options"
    - Revert "UBUNTU: SAUCE: rfi-flush: Refactor the macros so the nops are
      defined once"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN"
    - Revert "UBUNTU: SAUCE: rfi-flush: Fix the fallback flush to actually
      activate"
    - Revert "UBUNTU: SAUCE: rfi-flush: Rework pseries logic to be more cautious"
    - Revert "UBUNTU: SAUCE: rfi-flush: Rework powernv logic to be more cautious"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add barriers to the fallback L1D flushing"
    - Revert "UBUNTU: SAUCE: Fix compilation errors for arch/powerpc/lib/feature-
      fixups.c"
    - Revert "UBUNTU: SAUCE: Remove setup.h include file otherwise compilation
      complains about missing header file."
    - Revert "UBUNTU: SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0
      flush"
    - Revert "UBUNTU: SAUCE: rfi-flush: Allow HV to advertise multiple flush
      types"
    - Revert "UBUNTU: SAUCE: rfi-flush: Support more than one flush type at once"
    - Revert "UBUNTU: SAUCE: rfi-flush: Expand the RFI section to two nop slots"
    - Revert "UBUNTU: SAUCE: rfi-flush: Push the instruction selection down to the
      patching routine"
    - Revert "UBUNTU: SAUCE: rfi-flush: Make l1d_flush_type bit flags"
    - Revert "UBUNTU: SAUCE: rfi-flush: Implement congruence-first fallback flush"
    - Revert "UBUNTU: SAUCE: KVM: Revert the implementation of
      H_GET_CPU_CHARACTERISTICS"
    - Revert "UBUNTU: SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host"
    - Revert "UBUNTU: SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid"
    - Revert "UBUNTU: SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm"
    - Revert "UBUNTU: SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option"
    - Revert "UBUNTU: SAUCE: powerpc: Secure memory rfi flush"
    - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
    - powerpc/64: Add macros for annotating the destination of rfid/hrfid
    - powerpc/64s: Simple RFI macro conversions
    - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
    - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
    - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
    - powerpc/64s: Add support for RFI flush of L1-D cache
    - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
    - powerpc/pseries: Query hypervisor for RFI flush settings
    - powerpc/powernv: Check device-tree for RFI flush settings
    - powerpc/64s: Wire up cpu_show_meltdown()
    - powerpc/64s: Allow control of RFI flush via debugfs
  * Intel i40e PF reset due to incorrect MDD detection (continues...)
    (LP: #1723127)
    - i40e/i40evf: Account for frags split over multiple descriptors in check
      linearize
    - i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K
  * Xenial update to 4.4.115 stable release (LP: #1755509)
    - x86: bpf_jit: small optimization in emit_bpf_tail_call()
    - bpf: fix bpf_tail_call() x64 JIT
    - [Config] CONFIG_BPF_JIT_ALWAYS_ON=y
    - bpf: introduce BPF_JIT_ALWAYS_ON config
    - bpf: arsh is not supported in 32 bit alu thus reject it
    - bpf: avoid false sharing of map refcount with max_entries
    - bpf: fix divides by zero
    - bpf: fix 32-bit divide by zero
    - bpf: reject stores into ctx via st and xadd
    - x86/pti: Make unpoison of pgd for trusted boot work for real
    - kaiser: fix intel_bts perf crashes
    - ALSA: seq: Make ioctls race-free
    - crypto: aesni - handle zero length dst buffer
    - crypto: af_alg - whitelist mask and type
    - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
    - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - igb: Free IRQs when device is hotplugged
    - KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
    - KVM: x86: Don't re-execute instruction when not passing CR2 value
    - KVM: X86: Fix operand/address-size during instruction decoding
    - KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
    - KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered
    - KVM: x86: ioapic: Preserve read-only values in the redirection table
    - ACPI / bus: Leave modalias empty for devices which are not present
    - cpufreq: Add Loongson machine dependencies
    - bcache: check return value of register_shrinker
    - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
    - drm/amdkfd: Fix SDMA ring buffer size calculation
    - drm/amdkfd: Fix SDMA oversubsription handling
    - openvswitch: fix the incorrect flow action alloc size
    - mac80211: fix the update of path metric for RANN frame
    - btrfs: fix deadlock when writing out space cache
    - KVM: VMX: Fix rflags cache during vCPU reset
    - xen-netfront: remove warning when unloading module
    - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
    - nfsd: Ensure we check stateid validity in the seqid operation checks
    - grace: replace BUG_ON by WARN_ONCE in exit_net hook
    - nfsd: check for use of the closed special stateid
    - lockd: fix "list_add double add" caused by legacy signal interface
    - hwmon: (pmbus) Use 64bit math for DIRECT format values
    - powerpc/ppc64el -- Remove ll_temac module from 64-bit builds
    - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
    - quota: Check for register_shrinker() failure.
    - SUNRPC: Allow connect to return EHOSTUNREACH
    - kmemleak: add scheduling point to kmemleak_scan()
    - drm/omap: Fix error handling path in 'omap_dmm_probe()'
    - xfs: ubsan fixes
    - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
    - scsi: ufs: ufshcd: fix potential NULL pointer dereference in
      ufshcd_config_vreg
    - media: usbtv: add a new usbid
    - usb: gadget: don't dereference g until after it has been null checked
    - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
    - usb: option: Add support for FS040U modem
    - USB: serial: pl2303: new device id for Chilitag
    - USB: cdc-acm: Do not log urb submission errors on disconnect
    - CDC-ACM: apply quirk for card reader
    - USB: serial: io_edgeport: fix possible sleep-in-atomic
    - usbip: prevent bind loops on devices attached to vhci_hcd
    - usbip: list: don't list devices attached to vhci_hcd
    - USB: serial: simple: add Motorola Tetra driver
    - usb: f_fs: Prevent gadget unbind if it is already unbound
    - usb: uas: unconditionally bring back host after reset
    - selinux: general protection fault in sock_has_perm
    - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
    - spi: imx: do not access registers while clocks disabled
    - Linux 4.4.115
  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386

  [ Ubuntu: 4.4.0-119.143 ]

  * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327)
  * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821)
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"

  [ Ubuntu: 4.4.0-118.142 ]

  * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607)
  * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869)
    - x86/microcode/AMD: Do not load when running on a hypervisor
  * CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
      unimac_mdio_probe()

 -- Kamal Mostafa <email address hidden>  Thu, 05 Apr 2018 09:14:44 -0700

Available diffs

Superseded in bionic-release on 2018-04-22
Deleted in bionic-proposed on 2018-04-24 (Reason: moved to release)
linux-kvm (4.15.0-1004.4) bionic; urgency=medium

  * linux-kvm: 4.15.0-1004.4 -proposed tracker (LP: #1761183)


  [ Ubuntu: 4.15.0-15.16 ]

  * linux: 4.15.0-15.16 -proposed tracker (LP: #1761177)
  * FFe: Enable configuring resume offset via sysfs (LP: #1760106)
    - PM / hibernate: Make passing hibernate offsets more friendly
  * /dev/bcache/by-uuid links not created after reboot (LP: #1729145)
    - SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent
  * Ubuntu18.04:POWER9:DD2.2 - Unable to start a KVM guest with default machine
    type(pseries-bionic) complaining "KVM implementation does not support
    Transactional Memory, try cap-htm=off" (kvm) (LP: #1752026)
    - powerpc: Use feature bit for RTC presence rather than timebase presence
    - powerpc: Book E: Remove unused CPU_FTR_L2CSR bit
    - powerpc: Free up CPU feature bits on 64-bit machines
    - powerpc: Add CPU feature bits for TM bug workarounds on POWER9 v2.2
    - powerpc/powernv: Provide a way to force a core into SMT4 mode
    - KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9
    - KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode
    - KVM: PPC: Book3S HV: Work around TEXASR bug in fake suspend state
  * Important Kernel fixes to be backported for Power9 (kvm) (LP: #1758910)
    - powerpc/mm: Fixup tlbie vs store ordering issue on POWER9
  * Ubuntu 18.04 - IO Hang on some namespaces when running HTX with 16
    namespaces  (Bolt / NVMe) (LP: #1757497)
    - powerpc/64s: Fix lost pending interrupt due to race causing lost update to
      irq_happened
  * fwts-efi-runtime-dkms 18.03.00-0ubuntu1: fwts-efi-runtime-dkms kernel module
    failed to build (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers

  [ Ubuntu: 4.15.0-14.15 ]

  * linux: 4.15.0-14.15 -proposed tracker (LP: #1760678)
  * [Bionic] mlx4 ETH - mlnx_qos failed when set some TC to vendor
    (LP: #1758662)
    - net/mlx4_en: Change default QoS settings
  * AT_BASE_PLATFORM in AUXV is absent on kernels available on Ubuntu 17.10
    (LP: #1759312)
    - powerpc/64s: Fix NULL AT_BASE_PLATFORM when using DT CPU features
  * Bionic update to 4.15.15 stable release (LP: #1760585)
    - net: dsa: Fix dsa_is_user_port() test inversion
    - openvswitch: meter: fix the incorrect calculation of max delta_t
    - qed: Fix MPA unalign flow in case header is split across two packets.
    - tcp: purge write queue upon aborting the connection
    - qed: Fix non TCP packets should be dropped on iWARP ll2 connection
    - sysfs: symlink: export sysfs_create_link_nowarn()
    - net: phy: relax error checking when creating sysfs link netdev->phydev
    - devlink: Remove redundant free on error path
    - macvlan: filter out unsupported feature flags
    - net: ipv6: keep sk status consistent after datagram connect failure
    - ipv6: old_dport should be a __be16 in __ip6_datagram_connect()
    - ipv6: sr: fix NULL pointer dereference when setting encap source address
    - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state
    - mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic
    - net: phy: Tell caller result of phy_change()
    - ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes
    - net sched actions: return explicit error when tunnel_key mode is not
      specified
    - ppp: avoid loop in xmit recursion detection code
    - rhashtable: Fix rhlist duplicates insertion
    - test_rhashtable: add test case for rhltable with duplicate objects
    - kcm: lock lower socket in kcm_attach
    - sch_netem: fix skb leak in netem_enqueue()
    - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
    - net: use skb_to_full_sk() in skb_update_prio()
    - net: Fix hlist corruptions in inet_evict_bucket()
    - s390/qeth: free netdevice when removing a card
    - s390/qeth: when thread completes, wake up all waiters
    - s390/qeth: lock read device while queueing next buffer
    - s390/qeth: on channel error, reject further cmd requests
    - soc/fsl/qbman: fix issue in qman_delete_cgr_safe()
    - dpaa_eth: fix error in dpaa_remove()
    - dpaa_eth: remove duplicate initialization
    - dpaa_eth: increment the RX dropped counter when needed
    - dpaa_eth: remove duplicate increment of the tx_errors counter
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
    - l2tp: do not accept arbitrary sockets
    - net: ethernet: arc: Fix a potential memory leak if an optional regulator is
      deferred
    - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY
      interface
    - net: fec: Fix unbalanced PM runtime calls
    - net/iucv: Free memory obtained by kzalloc
    - netlink: avoid a double skb free in genlmsg_mcast()
    - net: Only honor ifindex in IP_PKTINFO if non-0
    - net: systemport: Rewrite __bcm_sysport_tx_reclaim()
    - qede: Fix qedr link update
    - skbuff: Fix not waking applications when errors are enqueued
    - team: Fix double free in error path
    - Linux 4.15.15
  * Ubuntu 18.04 [ WSP DD2.2 with stop4 and stop5 enabled ]: kdump fails to
    capture dump when smt=2 or off. (LP: #1758206)
    - powerpc/crash: Remove the test for cpu_online in the IPI callback
    - powernv/kdump: Fix cases where the kdump kernel can get HMI's
    - powerpc/kdump: Fix powernv build break when KEXEC_CORE=n
  * [Intel Ubuntu 18.04 Bug] Null pointer dereference, when disconnecting RAID
    rebuild target (LP: #1759279)
    - md: document lifetime of internal rdev pointer.
  * [Feature]Crystal Ridge:add support for the platform capabilities NFIT sub-
    table in ACPI 6.2A (LP: #1730829)
    - ACPICA: ACPI 6.0A: Changes to the NFIT ACPI table
    - acpi: nfit: Add support for detect platform CPU cache flush on power loss
    - acpi: nfit: add persistent memory control flag for nd_region
    - libnvdimm: expose platform persistence attribute for nd_region
    - libnvdimm: re-enable deep flush for pmem devices via fsync()
    - libnvdimm, nfit: fix persistence domain reporting
  * Allow multiple mounts of zfs datasets (LP: #1759848)
    - SAUCE: Allow mounting datasets more than once (LP: #1759848)
  * Update Aquantia driver to fix various issues (LP: #1759303)
    - net: aquantia: Eliminate AQ_DIMOF, replace with ARRAY_SIZE
    - net: aquantia: Cleanup status flags accesses
    - net: aquantia: Cleanup hardware access modules
    - net: aquantia: Remove duplicate hardware descriptors declarations
    - net: aquantia: Add const qualifiers for hardware ops tables
    - net: aquantia: Simplify dependencies between pci modules
    - net: aquantia: Eliminate aq_nic structure abstraction
    - net: aquantia: Fix register definitions to linux style
    - net: aquantia: Prepend hw access functions declarations with prefix
    - net: aquantia: Fix internal stats calculation on rx
    - net: aquantia: Introduce new device ids and constants
    - net: aquantia: Introduce new AQC devices and capabilities
    - net: aquantia: Convert hw and caps structures to const static pointers
    - net: aquantia: Cleanup pci functions module
    - net: aquantia: Remove create/destroy from hw ops
    - net: aquantia: Change confusing no_ff_addr to more meaningful name
    - net: aquantia: Introduce firmware ops callbacks
    - net: aquantia: Introduce support for new firmware on AQC cards
    - net: aquantia: Introduce global AQC hardware reset sequence
    - net: aquantia: Report correct mediatype via ethtool
    - net: aquantia: bump driver version to match aquantia internal numbering
    - net: aquantia: Fix hardware reset when SPI may rarely hangup
    - net: aquantia: Fix a regression with reset on old firmware
    - net: aquantia: Change inefficient wait loop on fw data reads
    - net: aquantia: Add tx clean budget and valid budget handling logic
    - net: aquantia: Allow live mac address changes
    - net: aquantia: Implement pci shutdown callback
    - net: aquantia: driver version bump
  * ISST-LTE:KVM:Ubuntu1804:BostonLC:boslcp3: cpu hotplug on boslcp3g4 guest
    dumping call traces continuously. (LP: #1759722)
    - blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk
  * ISST-LTE:KVM:Ubuntu18.04:BostonLC:boslcp3:boslcp3g3:Guest conosle hangs
    after hotplug CPU add operation. (LP: #1759723)
    - genirq/affinity: assign vectors to all possible CPUs
    - blk-mq: simplify queue mapping & schedule with each possisble CPU
  * test_bpf fails (LP: #1756150)
    - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
  * Bionic update to v4.15.14 stable release (LP: #1759655)
    - MIPS: ralink: Remove ralink_halt()
    - MIPS: ralink: Fix booting on MT7621
    - MIPS: lantiq: Fix Danube USB clock
    - MIPS: lantiq: Enable AHB Bus for USB
    - MIPS: lantiq: ase: Enable MFD_SYSCON
    - iio: chemical: ccs811: Corrected firmware boot/application mode transition
    - iio: st_pressure: st_accel: pass correct platform data to init
    - iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock()
    - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
    - ALSA: aloop: Sync stale timer before release
    - ALSA: aloop: Fix access to not-yet-ready substream via cable
    - ALSA: hda - Force polling mode on CFL for fixing codec communication
    - ALSA: hda/realtek - Fix speaker no sound after system resume
    - ALSA: hda/realtek - Fix Dell headset Mic can't record
    - ALSA: hda/realtek - Always immediately update mute LED with pin VREF
    - mmc: core: Fix tracepoint print of blk_addr and blksz
    - mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards
    - mmc: block: fix updating ext_csd caches on ioctl call
    - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems
    - mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433
    - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
    - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
    - ahci: Add PCI-id for the Highpoint Rocketraid 644L card
    - lockdep: fix fs_reclaim warning
    - clk: bcm2835: Fix ana->maskX definitions
    - clk: bcm2835: Protect sections updating shared registers
    - clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops
    - RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory
    - Drivers: hv: vmbus: Fix ring buffer signaling
    - pinctrl: samsung: Validate alias coming from DT
    - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
    - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table
    - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
    - libata: fix length validation of ATAPI-relayed SCSI commands
    - libata: remove WARN() for DMA or PIO command without data
    - libata: don't try to pass through NCQ commands to non-NCQ devices
    - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
    - libata: Enable queued TRIM for Samsung SSD 860
    - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
    - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
    - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
    - sched, cgroup: Don't reject lower cpu.max on ancestors
    - cgroup: fix rule checking for threaded mode switching
    - nfsd: remove blocked locks on client teardown
    - media: tegra-cec: reset rx_buf_cnt when start bit detected
    - hugetlbfs: check for pgoff value overflow
    - h8300: remove extraneous __BIG_ENDIAN definition
    - mm/vmalloc: add interfaces to free unmapped page table
    - x86/mm: implement free pmd/pte page interfaces
    - mm/khugepaged.c: convert VM_BUG_ON() to collapse fail
    - mm/thp: do not wait for lock_page() in deferred_split_scan()
    - mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()
    - Revert "mm: page_alloc: skip over regions of invalid pfns where possible"
    - drm/vmwgfx: Fix black screen and device errors when running without fbdev
    - drm/vmwgfx: Fix a destoy-while-held mutex problem.
    - drm/radeon: Don't turn off DP sink when disconnected
    - drm/amd/display: We shouldn't set format_default on plane as atomic driver
    - drm/amd/display: Add one to EDID's audio channel count when passing to DC
    - drm: Reject getfb for multi-plane framebuffers
    - drm: udl: Properly check framebuffer mmap offsets
    - mm/vmscan: wake up flushers for legacy cgroups too
    - module: propagate error in modules_open()
    - acpi, numa: fix pxm to online numa node associations
    - ACPI / watchdog: Fix off-by-one error at resource assignment
    - libnvdimm, {btt, blk}: do integrity setup before add_disk()
    - brcmfmac: fix P2P_DEVICE ethernet address generation
    - rtlwifi: rtl8723be: Fix loss of signal
    - tracing: probeevent: Fix to support minus offset from symbol
    - mtdchar: fix usage of mtd_ooblayout_ecc()
    - mtd: nand: fsl_ifc: Fix nand waitfunc return value
    - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
    - mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0
    - staging: ncpfs: memory corruption in ncp_read_kernel()
    - can: peak/pcie_fd: fix echo_skb is occupied! bug
    - can: peak/pcie_fd: remove useless code when interface starts
    - can: ifi: Repair the error handling
    - can: ifi: Check core revision upon probe
    - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
    - can: cc770: Fix queue stall & dropped RTR reply
    - can: cc770: Fix use after free in cc770_tx_interrupt()
    - tty: vt: fix up tabstops properly
    - x86/entry/64: Don't use IST entry for #BP stack
    - selftests/x86/ptrace_syscall: Fix for yet more glibc interference
    - x86/vsyscall/64: Use proper accessor to update P4D entry
    - x86/efi: Free efi_pgd with free_pages()
    - posix-timers: Protect posix clock array access against speculation
    - kvm/x86: fix icebp instruction handling
    - x86/build/64: Force the linker to use 2MB page size
    - x86/boot/64: Verify alignment of the LOAD segment
    - hwmon: (k10temp) Only apply temperature offset if result is positive
    - hwmon: (k10temp) Add temperature offset for Ryzen 1900X
    - perf/x86/intel/uncore: Fix Skylake UPI event format
    - perf stat: Fix CVS output format for non-supported counters
    - perf/core: Fix ctx_event_type in ctx_resched()
    - trace/bpf: remove helper bpf_perf_prog_read_value from tracepoint type
      programs
    - perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
    - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake
      servers
    - iio: ABI: Fix name of timestamp sysfs file
    - iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot()
    - iio: imu: st_lsm6dsx: introduce conf_lock mutex
    - staging: android: ion: Zero CMA allocated memory
    - kbuild: disable clang's default use of -fmerge-all-constants
    - bpf: skip unnecessary capability check
    - bpf, x64: increase number of passes
    - Linux 4.15.14
  * System fails to start (boot) on battery due to read-only root file-system
    (LP: #1726930) // Bionic update to v4.15.14 stable release (LP: #1759655)
    - libata: disable LPM for Crucial BX100 SSD 500GB drive
  * [Feature][CFL][ICL] [CNL]Thunderbolt support (Titan Ridge) (LP: #1730775)
    - thunderbolt: Resume control channel after hibernation image is created
    - thunderbolt: Serialize PCIe tunnel creation with PCI rescan
    - thunderbolt: Handle connecting device in place of host properly
    - thunderbolt: Do not overwrite error code when domain adding fails
    - thunderbolt: Wait a bit longer for root switch config space
    - thunderbolt: Wait a bit longer for ICM to authenticate the active NVM
    - thunderbolt: Handle rejected Thunderbolt devices
    - thunderbolt: Factor common ICM add and update operations out
    - thunderbolt: Correct function name in kernel-doc comment
    - thunderbolt: Add tb_switch_get()
    - thunderbolt: Add tb_switch_find_by_route()
    - thunderbolt: Add tb_xdomain_find_by_route()
    - thunderbolt: Add constant for approval timeout
    - thunderbolt: Move driver ready handling to struct icm
    - thunderbolt: Add 'boot' attribute for devices
    - thunderbolt: Add support for preboot ACL
    - Documentation/admin-guide: fixes for thunderbolt.rst
    - thunderbolt: Introduce USB only (SL4) security level
    - thunderbolt: Add support for Intel Titan Ridge
  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377
  * nfp: fix disabling on hw-tc-offload in flower (LP: #1752828)
    - nfp: bpf: require ETH table
    - nfp: don't advertise hw-tc-offload on non-port netdevs
    - nfp: forbid disabling hw-tc-offload on representors while offload active
  * Fix an issue that when system in S3, USB keyboard can't wake up the system.
    (LP: #1759511)
    - ACPI / PM: Allow deeper wakeup power states with no _SxD nor _SxW
  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: apm -- annotate indirect calls within
      firmware_restrict_branch_speculation_{start,end}
    - SAUCE: EFI -- annotate indirect calls within
      firmware_restrict_branch_speculation_{start,end}
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoine -- switch to new format
  * zfs system process hung on container stop/delete (LP: #1754584)
    - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)
    - Revert "UBUNTU: SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)"
    - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)
  * Important KVM fixes for ppc64el (LP: #1759045)
    - KVM: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded
    - KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code
    - KVM: PPC: Book3S HV: Make HPT resizing work on POWER9
    - KVM: PPC: Book3S: Add MMIO emulation for VMX instructions
    - KVM: PPC: Book3S: Fix compile error that occurs with some gcc versions
    - KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry
    - KVM: PPC: Book3S HV: Fix duplication of host SLB entries
  * ubuntu_zram_smoke test will cause soft lockup on Artful ThunderX ARM64
    (LP: #1755073)
    - SAUCE: crypto: thunderx_zip: Fix fallout from CONFIG_VMAP_STACK
  * Update to ocxl driver (LP: #1755161)
    - ocxl: fix signed comparison with less than zero
    - ocxl: Fix potential bad errno on irq allocation
    - ocxl: Add get_metadata IOCTL to share OCXL information to userspace
  * CAPI Flash (cxlflash) update (LP: #1752672)
    - scsi: cxlflash: Update cxl-specific arguments to generic cookie
    - scsi: cxlflash: Explicitly cache number of interrupts per context
    - scsi: cxlflash: Remove embedded CXL work structures
    - scsi: cxlflash: Adapter context init can return error
    - scsi: cxlflash: Staging to support future accelerators
    - SAUCE: cxlflash: Preserve number of interrupts for master contexts
    - SAUCE: cxlflash: Avoid clobbering context control register value
    - SAUCE: cxlflash: Add argument identifier names
    - SAUCE: cxlflash: Introduce OCXL backend
    - SAUCE: cxlflash: Hardware AFU for OCXL
    - SAUCE: cxlflash: Read host function configuration
    - SAUCE: cxlflash: Setup function acTag range
    - SAUCE: cxlflash: Read host AFU configuration
    - SAUCE: cxlflash: Setup AFU acTag range
    - SAUCE: cxlflash: Setup AFU PASID
    - SAUCE: cxlflash: Adapter context support for OCXL
    - SAUCE: cxlflash: Use IDR to manage adapter contexts
    - SAUCE: cxlflash: Support adapter file descriptors for OCXL
    - SAUCE: cxlflash: Support adapter context discovery
    - SAUCE: cxlflash: Support image reload policy modification
    - SAUCE: cxlflash: MMIO map the AFU
    - SAUCE: cxlflash: Support starting an adapter context
    - SAUCE: cxlflash: Support process specific mappings
    - SAUCE: cxlflash: Support AFU state toggling
    - SAUCE: cxlflash: Support reading adapter VPD data
    - SAUCE: cxlflash: Setup function OCXL link
    - SAUCE: cxlflash: Setup OCXL transaction layer
    - SAUCE: cxlflash: Support process element lifecycle
    - SAUCE: cxlflash: Support AFU interrupt management
    - SAUCE: cxlflash: Support AFU interrupt mapping and registration
    - SAUCE: cxlflash: Support starting user contexts
    - SAUCE: cxlflash: Support adapter context polling
    - SAUCE: cxlflash: Support adapter context reading
    - SAUCE: cxlflash: Support adapter context mmap and release
    - SAUCE: cxlflash: Support file descriptor mapping
    - SAUCE: cxlflash: Introduce object handle fop
    - SAUCE: cxlflash: Setup LISNs for user contexts
    - SAUCE: cxlflash: Setup LISNs for master contexts
    - SAUCE: cxlflash: Update synchronous interrupt status bits
    - SAUCE: cxlflash: Introduce OCXL context state machine
    - SAUCE: cxlflash: Register for translation errors
    - SAUCE: cxlflash: Support AFU reset
    - SAUCE: cxlflash: Enable OCXL operations
  * [Feature][CFL] Enable pmc_core driver for H, S, and U SKUs (LP: #1730770)
    - platform/x86: intel_pmc_core: Remove unused EXPORTED API
    - platform/x86: intel_pmc_core: Change driver to a module
    - platform/x86: intel_pmc_core: Fix file permission warnings
    - platform/x86: intel_pmc_core: Refactor debugfs entries
    - platform/x86: intel_pmc_core: Substitute PCI with CPUID enumeration
    - platform/x86: intel_pmc_core: Convert to ICPU macro
    - platform/x86: intel_pmc_core: Remove unused header file
    - ACPI / LPIT: Export lpit_read_residency_count_address()
    - platform/x86: intel_pmc_core: Read base address from LPIT
    - x86/cpu: Add Cannonlake to Intel family
    - platform/x86: intel_pmc_core: Add CannonLake PCH support
    - platform/x86: intel_pmc_core: Special case for Coffeelake
  * Cpu utilization showing system time for kvm guests (performance) (sysstat)
    (LP: #1755979)
    - KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN
  * [Artful][Wyse 3040] System hang when trying to enable an offlined CPU core
    (LP: #1736393)
    - SAUCE: drm/i915:Don't set chip specific data
    - SAUCE: drm/i915: make previous commit affects Wyse 3040 only
  * [Bug] ISH support for CFL-H (LP: #1739522)
    - HID: intel-ish-hid: Enable Cannon Lake and Coffee Lake laptop/desktop
  * ath9k can't connect to wifi AP (LP: #1727228)
    - ath9k: add MSI support
    - ath9k: add a quirk to set use_msi automatically
  * [P9,Power NV][Witherspoon][Ubuntu 18.04][Perf] : PMU events by name it is
    not listed under perf list (LP: #1755470)
    - iperf vendor events: Use more flexible pattern matching for CPU
      identification for mapfile.csv
  * zed process consuming 100% cpu (LP: #1751796)
    - SAUCE: Fix ioctl loop-spin in zed (LP: #1751796)
  * Bionic update to 4.15.13 stable release (LP: #1758886)
    - scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura
      controllers
    - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
    - drm/amdgpu: use polling mem to set SDMA3 wptr for VF
    - Bluetooth: hci_qca: Avoid setup failure on missing rampatch
    - Bluetooth: btqcomsmd: Fix skb double free corruption
    - cpufreq: longhaul: Revert transition_delay_us to 200 ms
    - media: c8sectpfe: fix potential NULL pointer dereference in
      c8sectpfe_timer_interrupt
    - drm/msm: fix leak in failed get_pages
    - IB/ipoib: Warn when one port fails to initialize
    - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
    - hv_netvsc: Fix the receive buffer size limit
    - hv_netvsc: Fix the TX/RX buffer default sizes
    - tcp: allow TLP in ECN CWR
    - spi: sh-msiof: Avoid writing to registers from spi_master.setup()
    - libbpf: prefer global symbols as bpf program name source
    - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
    - rtlwifi: always initialize variables given to RT_TRACE()
    - media: bt8xx: Fix err 'bt878_probe()'
    - ath10k: handling qos at STA side based on AP WMM enable/disable
    - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
    - qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect
    - tty: goldfish: Enable 'earlycon' only if built-in
    - serial: 8250_dw: Disable clock on error
    - cros_ec: fix nul-termination for firmware build info
    - watchdog: Fix potential kref imbalance when opening watchdog
    - watchdog: Fix kref imbalance seen if handle_boot_enabled=0
    - platform/chrome: Use proper protocol transfer function
    - dmaengine: zynqmp_dma: Fix race condition in the probe
    - drm/tilcdc: ensure nonatomic iowrite64 is not used
    - mmc: avoid removing non-removable hosts during suspend
    - mmc: block: fix logical error to avoid memory leak
    - /dev/mem: Add bounce buffer for copy-out
    - net: phy: meson-gxl: check phy_write return value
    - sfp: fix EEPROM reading in the case of non-SFF8472 SFPs
    - sfp: fix non-detection of PHY
    - media: s5p-mfc: Fix lock contention - request_firmware() once
    - rtc: ac100: Fix multiple race conditions
    - IB/ipoib: Avoid memory leak if the SA returns a different DGID
    - RDMA/cma: Use correct size when writing netlink stats
    - IB/umem: Fix use of npages/nmap fields
    - iser-target: avoid reinitializing rdma contexts for isert commands
    - bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog
    - vgacon: Set VGA struct resource types
    - omapdrm: panel: fix compatible vendor string for td028ttec1
    - mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable
    - drm/omap: DMM: Check for DMM readiness after successful transaction commit
    - pty: cancel pty slave port buf's work in tty_release
    - coresight: Fix disabling of CoreSight TPIU
    - PCI: designware-ep: Fix ->get_msi() to check MSI_EN bit
    - PCI: endpoint: Fix find_first_zero_bit() usage
    - PCI: rcar: Handle rcar_pcie_parse_request_of_pci_ranges() failures
    - media: davinci: fix a debug printk
    - clk: check ops pointer on clock register
    - dt-bindings: display: panel: Fix compatible string for Toshiba LT089AC29000
    - clk: use round rate to bail out early in set_rate
    - pinctrl: Really force states during suspend/resume
    - pinctrl: rockchip: enable clock when reading pin direction register
    - iommu/vt-d: clean up pr_irq if request_threaded_irq fails
    - ip6_vti: adjust vti mtu according to mtu of lower device
    - ip_gre: fix error path when erspan_rcv failed
    - ip_gre: fix potential memory leak in erspan_rcv
    - soc: qcom: smsm: fix child-node lookup
    - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
    - ARM: dts: aspeed-evb: Add unit name to memory node
    - nfsd4: permit layoutget of executable-only files
    - clk: at91: pmc: Wait for clocks when resuming
    - clk: Don't touch hardware when reparenting during registration
    - clk: axi-clkgen: Correctly handle nocount bit in recalc_rate()
    - clk: si5351: Rename internal plls to avoid name collisions
    - crypto: artpec6 - set correct iv size for gcm(aes)
    - hwrng: core - Clean up RNG list when last hwrng is unregistered
    - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
    - IB/mlx5: Fix integer overflows in mlx5_ib_create_srq
    - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq
    - RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file
    - serial: 8250_pci: Don't fail on multiport card class
    - RDMA/core: Do not use invalid destination in determining port reuse
    - clk: migrate the count of orphaned clocks at init
    - RDMA/ucma: Fix access to non-initialized CM_ID object
    - RDMA/ucma: Don't allow join attempts for unsupported AF family
    - Linux 4.15.13
  * Ubuntu18.04:PowerPC - Set Transparent Huge Pages (THP) by default to
    "always" (LP: #1753708)
    - Config: Set TRANSPARENT_HUGEPAGE_ALWAYS=y on ppc64el
  * Bionic update to 4.15.12 stable release (LP: #1757465)
    - x86/cpufeatures: Add Intel Total Memory Encryption cpufeature
    - x86/cpufeatures: Add Intel PCONFIG cpufeature
    - selftests/x86/entry_from_vm86: Exit with 1 if we fail
    - selftests/x86/entry_from_vm86: Add test cases for POPF
    - x86/vm86/32: Fix POPF emulation
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on
      32-bit kernels
    - x86/speculation: Remove Skylake C2 from Speculation Control microcode
      blacklist
    - KVM: x86: Fix device passthrough when SME is active
    - x86/mm: Fix vmalloc_fault to use pXd_large
    - parisc: Handle case where flush_cache_range is called with no context
    - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
    - ALSA: hda - Revert power_save option default value
    - ALSA: seq: Fix possible UAF in snd_seq_check_queue()
    - ALSA: seq: Clear client entry before deleting else at closing
    - drm/nouveau/bl: Fix oops on driver unbind
    - drm/nouveau/mmu: ALIGN_DOWN correct variable
    - drm/amdgpu: fix prime teardown order
    - drm/radeon: fix prime teardown order
    - drm/amdgpu/dce: Don't turn off DP sink when disconnected
    - fs: Teach path_connected to handle nfs filesystems with multiple roots.
    - KVM: arm/arm64: Reduce verbosity of KVM init log
    - KVM: arm/arm64: Reset mapped IRQs on VM reset
    - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3
    - KVM: arm/arm64: vgic: Don't populate multiple LRs with the same vintid
    - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
    - fs/aio: Add explicit RCU grace period when freeing kioctx
    - fs/aio: Use RCU accessors for kioctx_table->table[]
    - RDMAVT: Fix synchronization around percpu_ref
    - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
    - nvme: fix subsystem multiple controllers support check
    - xfs: preserve i_rdev when recycling a reclaimable inode
    - btrfs: Fix NULL pointer exception in find_bio_stripe
    - btrfs: add missing initialization in btrfs_check_shared
    - btrfs: alloc_chunk: fix DUP stripe size handling
    - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale
      device
    - btrfs: remove spurious WARN_ON(ref->count < 0) in find_parent_nodes
    - btrfs: Fix memory barriers usage with device stats counters
    - scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que
    - scsi: qla2xxx: Fix NULL pointer access for fcport structure
    - scsi: qla2xxx: Fix logo flag for qlt_free_session_done()
    - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure
    - usb: dwc2: fix STM32F7 USB OTG HS compatible
    - dt-bindings: usb: fix the STM32F7 DWC2 OTG HS core binding
    - USB: gadget: udc: Add missing platform_device_put() on error in
      bdc_pci_probe()
    - usb: dwc3: Fix GDBGFIFOSPACE_TYPE values
    - usb: dwc3: core: Power-off core/PHYs on system_suspend in host mode
    - usb: dwc3: of-simple: fix oops by unbalanced clk disable call
    - usb: gadget: udc: renesas_usb3: fix oops in renesas_usb3_remove()
    - phy: phy-brcm-usb: Fix two DT properties to match bindings doc
    - phy: phy-brcm-usb-init: Some Low Speed keyboards fail on 7271
    - phy: phy-brcm-usb-init: DRD mode can cause crash on startup
    - phy: phy-brcm-usb-init: Power down USB 3.0 PHY when XHCI disabled
    - Linux 4.15.12
  * cxl: Fix timebase synchronization status on POWER9 missing (CAPI)
    (LP: #1757228)
    - cxl: Fix timebase synchronization status on P9
  * [Feature][GLK] Enable L2 CDP (Code and Data Prioritization) (LP: #1737873)
    - x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature
    - x86/intel_rdt: Add command line parameter to control L2_CDP
  * [Feature] Crystal Ridge-Restrict DAX to configurations with struct page
    (LP: #1751724)
    - mm, dax: introduce pfn_t_special()
    - ext2: auto disable dax instead of failing mount
    - ext4: auto disable dax instead of failing mount
    - dax: require 'struct page' by default for filesystem dax
    - Config: Enable CONFIG_FS_DAX_LIMITED
  * Bionic update to 4.15.11 stable release (LP: #1756978)
    - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
    - ASoC: sun4i-i2s: Fix RX slot number of SUN8I
    - ASoC: sgtl5000: Fix suspend/resume
    - ASoC: wm_adsp: For TLV controls only register TLV get/set
    - ASoC: rt5651: Fix regcache sync errors on resume
    - usb: host: xhci-rcar: add support for r8a77965
    - xhci: Fix front USB ports on ASUS PRIME B350M-A
    - xhci: fix endpoint context tracer output
    - serial: sh-sci: prevent lockup on full TTY buffers
    - tty/serial: atmel: add new version check for usart
    - uas: fix comparison for error code
    - staging: comedi: fix comedi_nsamples_left.
    - staging: android: ashmem: Fix lockdep issue during llseek
    - scsi: sd_zbc: Fix potential memory leak
    - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
    - usbip: vudc: fix null pointer dereference on udc->lock
    - usb: quirks: add control message delay for 1b1c:1b20
    - usb: usbmon: Read text within supplied buffer size
    - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
    - usb: dwc3: Fix lock-up on ID change during system suspend/resume
    - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
    - serial: core: mark port as initialized in autoconfig
    - earlycon: add reg-offset to physical address before mapping
    - dm mpath: fix passing integrity data
    - Revert "btrfs: use proper endianness accessors for super_copy"
    - gfs2: Clean up {lookup,fillup}_metapath
    - gfs2: Fixes to "Implement iomap for block_map" (2)
    - drm/panel: rpi-touchscreen: propagate errors in rpi_touchscreen_i2c_read()
    - spi: imx: Fix failure path leak on GPIO request error correctly
    - HID: multitouch: Only look at non touch fields in first packet of a frame
    - KVM: PPC: Book3S HV: Avoid shifts by negative amounts
    - drm/edid: set ELD connector type in drm_edid_to_eld()
    - dma-buf/fence: Fix lock inversion within dma-fence-array
    - video/hdmi: Allow "empty" HDMI infoframes
    - KVM: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix()
    - HID: elo: clear BTN_LEFT mapping
    - iwlwifi: mvm: rs: don't override the rate history in the search cycle
    - ARM: dts: koelsch: Move cec_clock to root node
    - clk: meson: gxbb: fix wrong clock for SARADC/SANA
    - ARM: dts: exynos: Correct Trats2 panel reset line
    - drm/amdgpu: fix get_max_engine_clock_in_mhz
    - staging: rtl8822be: fix missing null check on dev_alloc_skb return
    - typec: tcpm: fusb302: Resolve out of order messaging events
    - USB: ledtrig-usbport: fix of-node leak
    - dt-bindings: serial: Add common rs485 binding for RTS polarity
    - sched: Stop switched_to_rt() from sending IPIs to offline CPUs
    - sched: Stop resched_cpu() from sending IPIs to offline CPUs
    - crypto: chelsio - Fix an error code in chcr_hash_dma_map()
    - crypto: ecc - Fix NULL pointer deref. on no default_rng
    - crypto: keywrap - Add missing ULL suffixes for 64-bit constants
    - crypto: cavium - fix memory leak on info
    - test_firmware: fix setting old custom fw path back on exit
    - drm/vblank: Fix vblank timestamp debugs
    - net: ieee802154: adf7242: Fix bug if defined DEBUG
    - rtc: brcmstb-waketimer: fix error handling in brcmstb_waketmr_probe()
    - perf report: Fix -D output for user metadata events
    - net: xfrm: allow clearing socket xfrm policies.
    - gpiolib: don't allow OPEN_DRAIN & OPEN_SOURCE flags simultaneously
    - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
    - net: thunderx: Set max queue count taking XDP_TX into account
    - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
    - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
    - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0
    - userns: Don't fail follow_automount based on s_user_ns
    - xfrm: Fix xfrm_replay_overflow_offload_esn
    - leds: pm8058: Silence pointer to integer size warning
    - bpf: fix stack state printing in verifier log
    - power: supply: sbs-message: double left shift bug in sbsm_select()
    - power: supply: ab8500_charger: Fix an error handling path
    - power: supply: ab8500_charger: Bail out in case of error in
      'ab8500_charger_init_hw_registers()'
    - drm/etnaviv: make THERMAL selectable
    - iio: adc: ina2xx: Shift bus voltage register to mask flag bits
    - iio: health: max30102: Add power enable parameter to get_temp function
    - ath10k: update tdls teardown state to target
    - cpufreq: Fix governor module removal race
    - KVM: X86: Restart the guest when insn_len is zero and SEV is enabled
    - drm/amdgpu:fix random missing of FLR NOTIFY
    - scsi: ses: don't ask for diagnostic pages repeatedly during probe
    - pwm: stmpe: Fix wrong register offset for hwpwm=2 case
    - drm/sun4i: Fix format mask in DE2 driver
    - pinctrl: sh-pfc: r8a7791: Add can_clk function
    - pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using
      STP_ISEN_1_D
    - perf annotate: Fix unnecessary memory allocation for s390x
    - perf annotate: Fix objdump comment parsing for Intel mov dissassembly
    - iwlwifi: mvm: avoid dumping assert log when device is stopped
    - drm/amdgpu:fix virtual dce bug
    - drm/amdgpu: fix amdgpu_sync_resv v2
    - bnxt_en: Uninitialized variable in bnxt_tc_parse_actions()
    - clk: qcom: msm8916: fix mnd_width for codec_digcodec
    - mwifiex: cfg80211: do not change virtual interface during scan processing
    - ath10k: fix invalid STS_CAP_OFFSET_MASK
    - tools/usbip: fixes build with musl libc toolchain
    - spi: sun6i: disable/unprepare clocks on remove
    - bnxt_en: Don't print "Link speed -1 no longer supported" messages.
    - scsi: core: scsi_get_device_flags_keyed(): Always return device flags
    - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
    - scsi: dh: add new rdac devices
    - clk: renesas: r8a77970: Add LVDS clock
    - staging: fsl-dpaa2/eth: Fix access to FAS field
    - media: vsp1: Prevent suspending and resuming DRM pipelines
    - dm raid: fix raid set size revalidation
    - media: cpia2: Fix a couple off by one bugs
    - media: davinci: vpif_capture: add NULL check on devm_kzalloc return value
    - virtio_net: Disable interrupts if napi_complete_done rescheduled napi
    - net: sched: drop qdisc_reset from dev_graft_qdisc
    - veth: set peer GSO values
    - drm/amdkfd: Fix memory leaks in kfd topology
    - powerpc/64: Don't trace irqs-off at interrupt return to soft-disabled
      context
    - arm64: dts: renesas: salvator-common: Add EthernetAVB PHY reset
    - agp/intel: Flush all chipset writes after updating the GGTT
    - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
    - mac80211: remove BUG() when interface type is invalid
    - crypto: caam/qi - use correct print specifier for size_t
    - ASoC: nuc900: Fix a loop timeout test
    - mmc: mmc_test: Ensure command queue is disabled for testing
    - Fix misannotated out-of-line _copy_to_user()
    - ipvlan: add L2 check for packets arriving via virtual devices
    - rcutorture/configinit: Fix build directory error message
    - locking/locktorture: Fix num reader/writer corner cases
    - ima: relax requiring a file signature for new files with zero length
    - IB/mlx5: revisit -Wmaybe-uninitialized warning
    - dmaengine: qcom_hidma: check pending interrupts
    - drm/i915/glk: Disable Guc and HuC on GLK
    - Linux 4.15.11
    - Config: Enable CONFIG_DRM_ETNAVIV_THERMAL=y
  * [FFE][Feature] KVM CLX avx512_vnni (LP: #1739665)
    - KVM: x86: add support for UMIP
    - KVM: Expose new cpu features to guest
  * Ubuntu18.04[P9 DD2.2 Boston]:Unable to boot power8 compat mode
    guests(ubuntu14.04.5) (kvm) (LP: #1756254)
    - KVM: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2
  * Allow hugepage backing for "p8compat" mode kvm guests (LP: #1754206)
    - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
  * [Bug][KVM][Crystal Ridge] Terrible performance of vNVDIMM on QEMU with
    device DAX backend (LP: #1745899)
    - x86/mm: add a function to check if a pfn is UC/UC-/WC
    - KVM: MMU: consider host cache mode in MMIO page check
  * nfp: read ME frequency from vNIC ctrl memory (LP: #1752818)
    - nfp: add TLV capabilities to the BAR
    - nfp: read ME frequency from vNIC ctrl memory
    - nfp: fix TLV offset calculation
  * Miscellaneous Ubuntu changes
    - [Packaging] skip cloud tools packaging when not building package
    - [Packaging] final-checks -- remove check for empty retpoline files

 -- Kamal Mostafa <email address hidden>  Wed, 04 Apr 2018 11:26:09 -0700

Available diffs

Superseded in bionic-release on 2018-04-19
Deleted in bionic-proposed on 2018-04-21 (Reason: moved to release)
linux-kvm (4.15.0-1003.3) bionic; urgency=medium

  * linux-kvm: 4.15.0-1003.3 -proposed tracker (LP: #1757169)

  * linux-kvm configs for Kata containers (LP: #1752147)
    - kvm: [config] Enable PCI Hotplug
    - kvm: [config] Add support for DPDK
    - kvm: [config] Enable DAX
    - kvm: [config] Enable 9P fs

  * linux-kvm standard configs for Ubuntu Server workloads (LP: #1736561)
    - kvm: [config] enable NO_HZ_IDLE, HIGH_RES_TIMERS
    - kvm: [config] enable NUMA
    - kvm: [config] enable all CGROUPs
    - kvm: [config] enable all CONFIG_RD decompressors
    - kvm: [config] enable COREDUMP
    - kvm: [config] enable X86_X2APIC
    - kvm: [config] enable PREEMPT_VOLUNTARY
    - kvm: [config] enable HOTPLUG_CPU
    - kvm: [config] enable BLK_DEV_SD
    - kvm: [config] enable ATA, PATA, SATA
    - kvm: [config] enable BONDING, MACVLAN, TUN, VETH
    - kvm: [config] enable HW_RANDOM_{AMD,INTEL,TIMERIOMEM}
    - kvm: [config] enable EFI_VARS
    - kvm: [config] enable SQUASHFS

  [ Ubuntu: 4.15.0-13.14 ]

  * linux: 4.15.0-13.14 -proposed tracker (LP: #1756408)
  * devpts: handle bind-mounts (LP: #1755857)
    - SAUCE: devpts: hoist out check for DEVPTS_SUPER_MAGIC
    - SAUCE: devpts: resolve devpts bind-mounts
    - SAUCE: devpts: comment devpts_mntget()
    - SAUCE: selftests: add devpts selftests
  * [bionic][arm64] d-i: add hisi_sas_v3_hw to scsi-modules (LP: #1756103)
    - d-i: add hisi_sas_v3_hw to scsi-modules
  * [Bionic][ARM64] enable ROCE and HNS3 driver support for hip08 SoC
    (LP: #1756097)
    - RDMA/hns: Refactor eq code for hip06
    - RDMA/hns: Add eq support of hip08
    - RDMA/hns: Add detailed comments for mb() call
    - RDMA/hns: Add rq inline data support for hip08 RoCE
    - RDMA/hns: Update the usage of sr_max and rr_max field
    - RDMA/hns: Set access flags of hip08 RoCE
    - RDMA/hns: Filter for zero length of sge in hip08 kernel mode
    - RDMA/hns: Fix QP state judgement before sending work requests
    - RDMA/hns: Assign dest_qp when deregistering mr
    - RDMA/hns: Fix endian problems around imm_data and rkey
    - RDMA/hns: Assign the correct value for tx_cqn
    - RDMA/hns: Create gsi qp in hip08
    - RDMA/hns: Add gsi qp support for modifying qp in hip08
    - RDMA/hns: Fill sq wqe context of ud type in hip08
    - RDMA/hns: Assign zero for pkey_index of wc in hip08
    - RDMA/hns: Update the verbs of polling for completion
    - RDMA/hns: Set the guid for hip08 RoCE device
    - net: hns3: Refactor of the reset interrupt handling logic
    - net: hns3: Add reset service task for handling reset requests
    - net: hns3: Refactors the requested reset & pending reset handling code
    - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface
    - net: hns3: Add mailbox support to VF driver
    - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support
    - net: hns3: Add HNS3 VF driver to kernel build framework
    - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC
    - net: hns3: Add mailbox support to PF driver
    - net: hns3: Change PF to add ring-vect binding & resetQ to mailbox
    - net: hns3: Add mailbox interrupt handling to PF driver
    - net: hns3: add support to query tqps number
    - net: hns3: add support to modify tqps number
    - net: hns3: change the returned tqp number by ethtool -x
    - net: hns3: free the ring_data structrue when change tqps
    - net: hns3: get rss_size_max from configuration but not hardcode
    - net: hns3: add a mask initialization for mac_vlan table
    - net: hns3: add vlan offload config command
    - net: hns3: add ethtool related offload command
    - net: hns3: add handling vlan tag offload in bd
    - net: hns3: cleanup mac auto-negotiation state query
    - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg
    - net: hns3: add support for set_pauseparam
    - net: hns3: add support to update flow control settings after autoneg
    - net: hns3: add Asym Pause support to phy default features
    - net: hns3: add support for querying advertised pause frame by ethtool ethx
    - net: hns3: Increase the default depth of bucket for TM shaper
    - net: hns3: change TM sched mode to TC-based mode when SRIOV enabled
    - net: hns3: hns3_get_channels() can be static
    - net: hns3: Add ethtool interface for vlan filter
    - net: hns3: Disable VFs change rxvlan offload status
    - net: hns3: Unify the strings display of packet statistics
    - net: hns3: Fix spelling errors
    - net: hns3: Remove repeat statistic of rx_errors
    - net: hns3: Modify the update period of packet statistics
    - net: hns3: Mask the packet statistics query when NIC is down
    - net: hns3: Fix an error of total drop packet statistics
    - net: hns3: Fix a loop index error of tqp statistics query
    - net: hns3: Fix an error macro definition of HNS3_TQP_STAT
    - net: hns3: Remove a useless member of struct hns3_stats
    - net: hns3: Add packet statistics of netdev
    - net: hns3: Fix a response data read error of tqp statistics query
    - net: hns3: fix for updating fc_mode_last_time
    - net: hns3: fix for setting MTU
    - net: hns3: fix for changing MTU
    - net: hns3: add MTU initialization for hardware
    - net: hns3: fix for not setting pause parameters
    - net: hns3: remove redundant semicolon
    - net: hns3: Add more packet size statisctics
    - Revert "net: hns3: Add packet statistics of netdev"
    - net: hns3: report the function type the same line with hns3_nic_get_stats64
    - net: hns3: add ethtool_ops.get_channels support for VF
    - net: hns3: remove TSO config command from VF driver
    - net: hns3: add ethtool_ops.get_coalesce support to PF
    - net: hns3: add ethtool_ops.set_coalesce support to PF
    - net: hns3: refactor interrupt coalescing init function
    - net: hns3: refactor GL update function
    - net: hns3: remove unused GL setup function
    - net: hns3: change the unit of GL value macro
    - net: hns3: add int_gl_idx setup for TX and RX queues
    - net: hns3: add feature check when feature changed
    - net: hns3: check for NULL function pointer in hns3_nic_set_features
    - net: hns: Fix for variable may be used uninitialized warnings
    - net: hns3: add support for get_regs
    - net: hns3: add manager table initialization for hardware
    - net: hns3: add ethtool -p support for fiber port
    - net: hns3: add net status led support for fiber port
    - net: hns3: converting spaces into tabs to avoid checkpatch.pl warning
    - net: hns3: add get/set_coalesce support to VF
    - net: hns3: add int_gl_idx setup for VF
    - [Config]: enable CONFIG_HNS3_HCLGEVF as module.
  * [Bionic][ARM64] add RAS extension and SDEI features (LP: #1756096)
    - KVM: arm64: Store vcpu on the stack during __guest_enter()
    - KVM: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation
    - KVM: arm64: Change hyp_panic()s dependency on tpidr_el2
    - arm64: alternatives: use tpidr_el2 on VHE hosts
    - KVM: arm64: Stop save/restoring host tpidr_el1 on VHE
    - Docs: dt: add devicetree binding for describing arm64 SDEI firmware
    - firmware: arm_sdei: Add driver for Software Delegated Exceptions
    - arm64: Add vmap_stack header file
    - arm64: uaccess: Add PAN helper
    - arm64: kernel: Add arch-specific SDEI entry code and CPU masking
    - firmware: arm_sdei: Add support for CPU and system power states
    - firmware: arm_sdei: add support for CPU private events
    - arm64: acpi: Remove __init from acpi_psci_use_hvc() for use by SDEI
    - firmware: arm_sdei: Discover SDEI support via ACPI
    - arm64: sysreg: Move to use definitions for all the SCTLR bits
    - arm64: cpufeature: Detect CPU RAS Extentions
    - arm64: kernel: Survive corrected RAS errors notified by SError
    - arm64: Unconditionally enable IESB on exception entry/return for firmware-
      first
    - arm64: kernel: Prepare for a DISR user
    - KVM: arm/arm64: mask/unmask daif around VHE guests
    - KVM: arm64: Set an impdef ESR for Virtual-SError using VSESR_EL2.
    - KVM: arm64: Save/Restore guest DISR_EL1
    - KVM: arm64: Save ESR_EL2 on guest SError
    - KVM: arm64: Handle RAS SErrors from EL1 on guest exit
    - KVM: arm64: Handle RAS SErrors from EL2 on guest exit
    - KVM: arm64: Emulate RAS error registers and set HCR_EL2's TERR & TEA
    - [Config]: enable RAS_EXTN and ARM_SDE_INTERFACE
  * [Bionic][ARM64] PCI and SAS driver patches for hip08 SoCs (LP: #1756094)
    - scsi: hisi_sas: fix dma_unmap_sg() parameter
    - scsi: ata: enhance the definition of SET MAX feature field value
    - scsi: hisi_sas: relocate clearing ITCT and freeing device
    - scsi: hisi_sas: optimise port id refresh function
    - scsi: hisi_sas: some optimizations of host controller reset
    - scsi: hisi_sas: modify hisi_sas_dev_gone() for reset
    - scsi: hisi_sas: add an mechanism to do reset work synchronously
    - scsi: hisi_sas: change ncq process for v3 hw
    - scsi: hisi_sas: add RAS feature for v3 hw
    - scsi: hisi_sas: add some print to enhance debugging
    - scsi: hisi_sas: improve int_chnl_int_v2_hw() consistency with v3 hw
    - scsi: hisi_sas: add v2 hw port AXI error handling support
    - scsi: hisi_sas: use an general way to delay PHY work
    - scsi: hisi_sas: do link reset for some CHL_INT2 ints
    - scsi: hisi_sas: judge result of internal abort
    - scsi: hisi_sas: add internal abort dev in some places
    - scsi: hisi_sas: fix SAS_QUEUE_FULL problem while running IO
    - scsi: hisi_sas: re-add the lldd_port_deformed()
    - scsi: hisi_sas: add v3 hw suspend and resume
    - scsi: hisi_sas: Change frame type for SET MAX commands
    - scsi: hisi_sas: make local symbol host_attrs static
    - scsi: hisi_sas: fix a bug in hisi_sas_dev_gone()
    - SAUCE: scsi: hisi_sas: config for hip08 ES
    - SAUCE: scsi: hisi_sas: export device table of v3 hw to userspace
    - PM / core: Add LEAVE_SUSPENDED driver flag
    - PCI / PM: Support for LEAVE_SUSPENDED driver flag
    - PCI/AER: Skip recovery callbacks for correctable errors from ACPI APEI
    - PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics
    - PCI/ASPM: Enable Latency Tolerance Reporting when supported
    - PCI/ASPM: Unexport internal ASPM interfaces
    - PCI: Make PCI_SCAN_ALL_PCIE_DEVS work for Root as well as Downstream Ports
    - PCI/AER: Return error if AER is not supported
    - PCI/DPC: Enable DPC only if AER is available
  * [CVE] Spectre: System Z {kernel} UBUNTU18.04 (LP: #1754580)
    - s390: scrub registers on kernel entry and KVM exit
    - s390: add optimized array_index_mask_nospec
    - s390/alternative: use a copy of the facility bit mask
    - s390: add options to change branch prediction behaviour for the kernel
    - s390: run user space and KVM guests with modified branch prediction
    - s390: introduce execute-trampolines for branches
    - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
    - s390: do not bypass BPENTER for interrupt system calls
    - s390/entry.S: fix spurious zeroing of r0
  * s390/crypto: Fix kernel crash on aes_s390 module remove (LP: #1753424)
    - SAUCE: s390/crypto: Fix kernel crash on aes_s390 module remove.
  * [Feature]Update Ubuntu 18.04 lpfc FC driver with 32/64GB HBA support and bug
    fixes (LP: #1752182)
    - scsi: lpfc: FLOGI failures are reported when connected to a private loop.
    - scsi: lpfc: Expand WQE capability of every NVME hardware queue
    - scsi: lpfc: Handle XRI_ABORTED_CQE in soft IRQ
    - scsi: lpfc: Fix NVME LS abort_xri
    - scsi: lpfc: Raise maximum NVME sg list size for 256 elements
    - scsi: lpfc: Driver fails to detect direct attach storage array
    - scsi: lpfc: Fix display for debugfs queInfo
    - scsi: lpfc: Adjust default value of lpfc_nvmet_mrq
    - scsi: lpfc: Fix ndlp ref count for pt2pt mode issue RSCN
    - scsi: lpfc: Linux LPFC driver does not process all RSCNs
    - scsi: lpfc: correct port registrations with nvme_fc
    - scsi: lpfc: Correct driver deregistrations with host nvme transport
    - scsi: lpfc: Fix crash during driver unload with running nvme traffic
    - scsi: lpfc: Fix driver handling of nvme resources during unload
    - scsi: lpfc: small sg cnt cleanup
    - scsi: lpfc: Fix random heartbeat timeouts during heavy IO
    - scsi: lpfc: update driver version to 11.4.0.5
    - scsi: lpfc: Fix -EOVERFLOW behavior for NVMET and defer_rcv
    - scsi: lpfc: Fix receive PRLI handling
    - scsi: lpfc: Increase SCSI CQ and WQ sizes.
    - scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled
    - scsi: lpfc: Fix issues connecting with nvme initiator
    - scsi: lpfc: Fix infinite wait when driver unregisters a remote NVME port.
    - scsi: lpfc: Beef up stat counters for debug
    - scsi: lpfc: update driver version to 11.4.0.6
    - scsi: lpfc: correct sg_seg_cnt attribute min vs default
    - scsi: scsi_transport_fc: fix typos on 64/128 GBit define names
    - scsi: lpfc: don't dereference localport before it has been null checked
    - scsi: lpfc: fix a couple of minor indentation issues
    - treewide: Use DEVICE_ATTR_RW
    - treewide: Use DEVICE_ATTR_RO
    - treewide: Use DEVICE_ATTR_WO
    - scsi: lpfc: Fix frequency of Release WQE CQEs
    - scsi: lpfc: Increase CQ and WQ sizes for SCSI
    - scsi: lpfc: move placement of target destroy on driver detach
    - scsi: lpfc: correct debug counters for abort
    - scsi: lpfc: Add WQ Full Logic for NVME Target
    - scsi: lpfc: Fix PRLI handling when topology type changes
    - scsi: lpfc: Fix IO failure during hba reset testing with nvme io.
    - scsi: lpfc: Fix RQ empty firmware trap
    - scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target
    - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
    - scsi: lpfc: Fix issue_lip if link is disabled
    - scsi: lpfc: Indicate CONF support in NVMe PRLI
    - scsi: lpfc: Fix SCSI io host reset causing kernel crash
    - scsi: lpfc: Validate adapter support for SRIU option
    - scsi: lpfc: Fix header inclusion in lpfc_nvmet
    - scsi: lpfc: Treat SCSI Write operation Underruns as an error
    - scsi: lpfc: Fix nonrecovery of NVME controller after cable swap.
    - scsi: lpfc: update driver version to 11.4.0.7
    - scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright
    - scsi: lpfc: Rework lpfc to allow different sli4 cq and eq handlers
    - scsi: lpfc: Rework sli4 doorbell infrastructure
    - scsi: lpfc: Add SLI-4 if_type=6 support to the code base
    - scsi: lpfc: Add push-to-adapter support to sli4
    - scsi: lpfc: Add PCI Ids for if_type=6 hardware
    - scsi: lpfc: Add 64G link speed support
    - scsi: lpfc: Add if_type=6 support for cycling valid bits
    - scsi: lpfc: Enable fw download on if_type=6 devices
    - scsi: lpfc: Add embedded data pointers for enhanced performance
    - scsi: lpfc: Fix nvme embedded io length on new hardware
    - scsi: lpfc: Work around NVME cmd iu SGL type
    - scsi: lpfc: update driver version to 12.0.0.0
    - scsi: lpfc: Change Copyright of 12.0.0.0 modified files to 2018
    - scsi: lpfc: use __raw_writeX on DPP copies
    - scsi: lpfc: Add missing unlock in WQ full logic
  * CVE-2018-8043
    - net: phy: mdio-bcm-unimac: fix potential NULL dereference in
      unimac_mdio_probe()
  * Bionic update to 4.15.10 stable release (LP: #1756100)
    - Revert "UBUNTU: SAUCE: ALSA: hda/realtek - Add support headset mode for DELL
      WYSE"
    - RDMA/ucma: Limit possible option size
    - RDMA/ucma: Check that user doesn't overflow QP state
    - RDMA/mlx5: Fix integer overflow while resizing CQ
    - bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
    - IB/uverbs: Improve lockdep_check
    - mac80211_hwsim: don't use WQ_MEM_RECLAIM
    - net/smc: fix NULL pointer dereference on sock_create_kern() error path
    - regulator: stm32-vrefbuf: fix check on ready flag
    - drm/i915: Check for fused or unused pipes
    - drm/i915/audio: fix check for av_enc_map overflow
    - drm/i915: Fix rsvd2 mask when out-fence is returned
    - drm/i915: Clear the in-use marker on execbuf failure
    - drm/i915: Disable DC states around GMBUS on GLK
    - drm/i915: Update watermark state correctly in sanitize_watermarks
    - drm/i915: Try EDID bitbanging on HDMI after failed read
    - drm/i915/perf: fix perf stream opening lock
    - scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops
    - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
    - drm/i915: Always call to intel_display_set_init_power() in resume_early.
    - workqueue: Allow retrieval of current task's work struct
    - drm: Allow determining if current task is output poll worker
    - drm/nouveau: Fix deadlock on runtime suspend
    - drm/radeon: Fix deadlock on runtime suspend
    - drm/amdgpu: Fix deadlock on runtime suspend
    - drm/nouveau: prefer XBGR2101010 for addfb ioctl
    - drm/amd/powerplay/smu7: allow mclk switching with no displays
    - drm/amd/powerplay/vega10: allow mclk switching with no displays
    - Revert "drm/radeon/pm: autoswitch power state when in balanced mode"
    - drm/amd/display: check for ipp before calling cursor operations
    - drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE
    - drm/amd/powerplay: fix power over limit on Fiji
    - drm/amd/display: Default HDMI6G support to true. Log VBIOS table error.
    - drm/amdgpu: used cached pcie gen info for SI (v2)
    - drm/amdgpu: Notify sbios device ready before send request
    - drm/radeon: fix KV harvesting
    - drm/amdgpu: fix KV harvesting
    - drm/amdgpu:Correct max uvd handles
    - drm/amdgpu:Always save uvd vcpu_bo in VM Mode
    - ovl: redirect_dir=nofollow should not follow redirect for opaque lower
    - MIPS: BMIPS: Do not mask IPIs during suspend
    - MIPS: ath25: Check for kzalloc allocation failure
    - MIPS: OCTEON: irq: Check for null return on kzalloc allocation
    - PCI: dwc: Fix enumeration end when reaching root subordinate
    - Input: matrix_keypad - fix race when disabling interrupts
    - Revert "Input: synaptics - Lenovo Thinkpad T460p devices should use RMI"
    - bug: use %pB in BUG and stack protector failure
    - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()
    - mm/memblock.c: hardcode the end_pfn being -1
    - Documentation/sphinx: Fix Directive import error
    - loop: Fix lost writes caused by missing flag
    - virtio_ring: fix num_free handling in error case
    - KVM: s390: fix memory overwrites when not using SCA entries
    - arm64: mm: fix thinko in non-global page table attribute check
    - IB/core: Fix missing RDMA cgroups release in case of failure to register
      device
    - Revert "nvme: create 'slaves' and 'holders' entries for hidden controllers"
    - kbuild: Handle builtin dtb file names containing hyphens
    - dm bufio: avoid false-positive Wmaybe-uninitialized warning
    - IB/mlx5: Fix incorrect size of klms in the memory region
    - bcache: fix crashes in duplicate cache device register
    - bcache: don't attach backing with duplicate UUID
    - x86/MCE: Save microcode revision in machine check records
    - x86/MCE: Serialize sysfs changes
    - perf tools: Fix trigger class trigger_on()
    - x86/spectre_v2: Don't check microcode versions when running under
      hypervisors
    - ALSA: hda/realtek - Add support headset mode for DELL WYSE
    - ALSA: hda/realtek - Add headset mode support for Dell laptop
    - ALSA: hda/realtek: Limit mic boost on T480
    - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
    - ALSA: hda/realtek - Make dock sound work on ThinkPad L570
    - ALSA: seq: More protection for concurrent write and ioctl races
    - ALSA: hda: add dock and led support for HP EliteBook 820 G3
    - ALSA: hda: add dock and led support for HP ProBook 640 G2
    - scsi: qla2xxx: Fix NULL pointer crash due to probe failure
    - scsi: qla2xxx: Fix recursion while sending terminate exchange
    - dt-bindings: Document mti,mips-cpc binding
    - MIPS: CPC: Map registers using DT in mips_cpc_default_phys_base()
    - nospec: Kill array_index_nospec_mask_check()
    - nospec: Include <asm/barrier.h> dependency
    - x86/entry: Reduce the code footprint of the 'idtentry' macro
    - x86/entry/64: Use 'xorl' for faster register clearing
    - x86/mm: Remove stale comment about KMEMCHECK
    - x86/asm: Improve how GEN_*_SUFFIXED_RMWcc() specify clobbers
    - x86/IO-APIC: Avoid warning in 32-bit builds
    - x86/LDT: Avoid warning in 32-bit builds with older gcc
    - x86-64/realmode: Add instruction suffix
    - Revert "x86/retpoline: Simplify vmexit_fill_RSB()"
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/retpoline: Support retpoline builds with Clang
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute()
    - objtool: Use existing global variables for options
    - objtool: Add retpoline validation
    - objtool: Add module specific retpoline rules
    - objtool, retpolines: Integrate objtool with retpoline support more closely
    - objtool: Fix another switch table detection issue
    - objtool: Fix 32-bit build
    - x86/kprobes: Fix kernel crash when probing .entry_trampoline code
    - watchdog: hpwdt: SMBIOS check
    - watchdog: hpwdt: Check source of NMI
    - watchdog: hpwdt: fix unused variable warning
    - watchdog: hpwdt: Remove legacy NMI sourcing.
    - netfilter: add back stackpointer size checks
    - netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
    - netfilter: xt_hashlimit: fix lock imbalance
    - netfilter: x_tables: fix missing timer initialization in xt_LED
    - netfilter: nat: cope with negative port range
    - netfilter: IDLETIMER: be syzkaller friendly
    - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
    - netfilter: bridge: ebt_among: add missing match size checks
    - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
    - netfilter: use skb_to_full_sk in ip6_route_me_harder
    - tpm_tis: Move ilb_base_addr to tpm_tis_data
    - tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()
    - tpm: delete the TPM_TIS_CLK_ENABLE flag
    - tpm: remove unused variables
    - tpm: only attempt to disable the LPC CLKRUN if is already enabled
    - x86/xen: Calculate __max_logical_packages on PV domains
    - scsi: qla2xxx: Fix system crash for Notify ack timeout handling
    - scsi: qla2xxx: Fix gpnid error processing
    - scsi: qla2xxx: Move session delete to driver work queue
    - scsi: qla2xxx: Skip IRQ affinity for Target QPairs
    - scsi: qla2xxx: Fix re-login for Nport Handle in use
    - scsi: qla2xxx: Retry switch command on time out
    - scsi: qla2xxx: Serialize GPNID for multiple RSCN
    - scsi: qla2xxx: Fix login state machine stuck at GPDB
    - scsi: qla2xxx: Fix NPIV host cleanup in target mode
    - scsi: qla2xxx: Relogin to target port on a cable swap
    - scsi: qla2xxx: Fix Relogin being triggered too fast
    - scsi: qla2xxx: Fix PRLI state check
    - scsi: qla2xxx: Fix abort command deadlock due to spinlock
    - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
    - scsi: qla2xxx: Fix scan state field for fcport
    - scsi: qla2xxx: Clear loop id after delete
    - scsi: qla2xxx: Defer processing of GS IOCB calls
    - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout.
    - scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref
    - scsi: qla2xxx: Fix memory leak in dual/target mode
    - NFS: Fix an incorrect type in struct nfs_direct_req
    - pNFS: Prevent the layout header refcount going to zero in pnfs_roc()
    - NFS: Fix unstable write completion
    - Linux 4.15.10
  * Bionic update to 4.15.10 stable release (LP: #1756100) // CVE-2018-1000004.
    - ALSA: seq: Don't allow resizing pool in use
  * nfp: prioritize stats updates (LP: #1752061)
    - nfp: flower: prioritize stats updates
  * Ubuntu 18.04 - Kernel crash on nvme subsystem-reset /dev/nvme0 (Bolt / NVMe)
    (LP: #1753371)
    - nvme-pci: Fix EEH failure on ppc
  * sbsa watchdog crashes thunderx2 system (LP: #1755595)
    - watchdog: sbsa: use 32-bit read for WCV
  * KVM: s390: add vcpu stat counters for many instruction (LP: #1755132)
    - KVM: s390: diagnoses are instructions as well
    - KVM: s390: add vcpu stat counters for many instruction
  * CIFS SMB2/SMB3 does not work for domain based DFS (LP: #1747572)
    - CIFS: make IPC a regular tcon
    - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl
    - CIFS: dump IPC tcon in debug proc file
  * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
    - i2c: octeon: Prevent error message on bus error
  * Boston-LC:bos1u1: Stress test on Qlogic Fibre Channel on Ubuntu KVM guest
    that caused KVM host crashed in qlt_free_session_done call (LP: #1750441)
    - scsi: qla2xxx: Fix memory corruption during hba reset test
  * Ubuntu 18.04 - Performance: Radix page fault handler bug in KVM
    (LP: #1752236)
    - KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler
  * Fix ARC hit rate (LP: #1755158)
    - SAUCE: Fix ARC hit rate (LP: #1755158)
  * Bionic update to 4.15.9 stable release (LP: #1755275)
    - bpf: fix mlock precharge on arraymaps
    - bpf: fix memory leak in lpm_trie map_free callback function
    - bpf: fix rcu lockdep warning for lpm_trie map_free callback
    - bpf, x64: implement retpoline for tail call
    - bpf, arm64: fix out of bounds access in tail call
    - bpf: add schedule points in percpu arrays management
    - bpf: allow xadd only on aligned memory
    - bpf, ppc64: fix out of bounds access in tail call
    - scsi: mpt3sas: fix oops in error handlers after shutdown/unload
    - scsi: mpt3sas: wait for and flush running commands on shutdown/unload
    - KVM: x86: fix backward migration with async_PF
    - Linux 4.15.9
  * Bionic update to 4.15.8 stable release (LP: #1755179)
    - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
    - ipmi_si: Fix error handling of platform device
    - platform/x86: dell-laptop: Allocate buffer on heap rather than globally
    - powerpc/pseries: Enable RAS hotplug events later
    - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking
    - ixgbe: fix crash in build_skb Rx code path
    - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the
      bus
    - tpm: fix potential buffer overruns caused by bit glitches on the bus
    - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on
      the bus
    - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the
      bus
    - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
    - ALSA: usb-audio: Add a quirck for B&W PX headphones
    - ALSA: control: Fix memory corruption risk in snd_ctl_elem_read
    - ALSA: x86: Fix missing spinlock and mutex initializations
    - ALSA: hda: Add a power_save blacklist
    - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock
    - mmc: sdhci-pci: Fix S0i3 for Intel BYT-based controllers
    - mmc: dw_mmc-k3: Fix out-of-bounds access through DT alias
    - mmc: dw_mmc: Avoid accessing registers in runtime suspended state
    - mmc: dw_mmc: Factor out dw_mci_init_slot_caps
    - mmc: dw_mmc: Fix out-of-bounds access for slot's caps
    - timers: Forward timer base before migrating timers
    - parisc: Use cr16 interval timers unconditionally on qemu
    - parisc: Reduce irq overhead when run in qemu
    - parisc: Fix ordering of cache and TLB flushes
    - parisc: Hide virtual kernel memory layout
    - btrfs: use proper endianness accessors for super_copy
    - block: fix the count of PGPGOUT for WRITE_SAME
    - block: kyber: fix domain token leak during requeue
    - block: pass inclusive 'lend' parameter to truncate_inode_pages_range
    - vfio: disable filesystem-dax page pinning
    - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
    - dax: fix vma_is_fsdax() helper
    - direct-io: Fix sleep in atomic due to sync AIO
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - x86/platform/intel-mid: Handle Intel Edison reboot correctly
    - x86/cpu_entry_area: Sync cpu_entry_area to initial_page_table
    - bridge: check brport attr show in brport_show
    - fib_semantics: Don't match route with mismatching tclassid
    - hdlc_ppp: carrier detect ok, don't turn off negotiation
    - ipv6 sit: work around bogus gcc-8 -Wrestrict warning
    - net: amd-xgbe: fix comparison to bitshift when dealing with a mask
    - net: ethernet: ti: cpsw: fix net watchdog timeout
    - net: fix race on decreasing number of TX queues
    - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
    - netlink: ensure to loop over all netns in genlmsg_multicast_allns()
    - net: sched: report if filter is too large to dump
    - ppp: prevent unregistered channels from connecting to PPP units
    - sctp: verify size of a new chunk in _sctp_make_chunk()
    - udplite: fix partial checksum initialization
    - net/mlx5e: Fix TCP checksum in LRO buffers
    - sctp: fix dst refcnt leak in sctp_v4_get_dst
    - mlxsw: spectrum_switchdev: Check success of FDB add operation
    - net/mlx5e: Specify numa node when allocating drop rq
    - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
    - tcp: Honor the eor bit in tcp_mtu_probe
    - rxrpc: Fix send in rxrpc_send_data_packet()
    - tcp_bbr: better deal with suboptimal GSO
    - doc: Change the min default value of tcp_wmem/tcp_rmem.
    - net/mlx5e: Fix loopback self test when GRO is off
    - net_sched: gen_estimator: fix broken estimators based on percpu stats
    - net/sched: cls_u32: fix cls_u32 on filter replace
    - sctp: do not pr_err for the duplicated node in transport rhlist
    - mlxsw: spectrum_router: Fix error path in mlxsw_sp_vr_create
    - net: ipv4: Set addr_type in hash_keys for forwarded case
    - sctp: fix dst refcnt leak in sctp_v6_get_dst()
    - bridge: Fix VLAN reference count problem
    - net/mlx5e: Verify inline header size do not exceed SKB linear size
    - tls: Use correct sk->sk_prot for IPV6
    - amd-xgbe: Restore PCI interrupt enablement setting on resume
    - cls_u32: fix use after free in u32_destroy_key()
    - mlxsw: spectrum_router: Do not unconditionally clear route offload
      indication
    - netlink: put module reference if dump start fails
    - tcp: purge write queue upon RST
    - tuntap: correctly add the missing XDP flush
    - tuntap: disable preemption during XDP processing
    - virtio-net: disable NAPI only when enabled during XDP set
    - cxgb4: fix trailing zero in CIM LA dump
    - net/mlx5: Fix error handling when adding flow rules
    - net: phy: Restore phy_resume() locking assumption
    - tcp: tracepoint: only call trace_tcp_send_reset with full socket
    - l2tp: don't use inet_shutdown on tunnel destroy
    - l2tp: don't use inet_shutdown on ppp session destroy
    - l2tp: fix races with tunnel socket close
    - l2tp: fix race in pppol2tp_release with session object destroy
    - l2tp: fix tunnel lookup use-after-free race
    - s390/qeth: fix underestimated count of buffer elements
    - s390/qeth: fix SETIP command handling
    - s390/qeth: fix overestimated count of buffer elements
    - s390/qeth: fix IP removal on offline cards
    - s390/qeth: fix double-free on IP add/remove race
    - Revert "s390/qeth: fix using of ref counter for rxip addresses"
    - s390/qeth: fix IP address lookup for L3 devices
    - s390/qeth: fix IPA command submission race
    - tcp: revert F-RTO middle-box workaround
    - tcp: revert F-RTO extension to detect more spurious timeouts
    - blk-mq: don't call io sched's .requeue_request when requeueing rq to
      ->dispatch
    - media: m88ds3103: don't call a non-initalized function
    - EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL
    - KVM: s390: take care of clock-comparator sign control
    - KVM: s390: provide only a single function for setting the tod (fix SCK)
    - KVM: s390: consider epoch index on hotplugged CPUs
    - KVM: s390: consider epoch index on TOD clock syncs
    - nospec: Allow index argument to have const-qualified type
    - x86/mm: Fix {pmd,pud}_{set,clear}_flags()
    - ARM: orion: fix orion_ge00_switch_board_info initialization
    - ARM: dts: rockchip: Remove 1.8 GHz operation point from phycore som
    - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
    - ARM: kvm: fix building with gcc-8
    - KVM: X86: Fix SMRAM accessing even if VM is shutdown
    - KVM: mmu: Fix overlap between public and private memslots
    - KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
    - KVM: x86: move LAPIC initialization after VMCS creation
    - KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR
      path as unlikely()
    - KVM: x86: fix vcpu initialization with userspace lapic
    - KVM/x86: remove WARN_ON() for when vm_munmap() fails
    - ACPI / bus: Parse tables as term_list for Dell XPS 9570 and Precision M5530
    - ARM: dts: LogicPD SOM-LV: Fix I2C1 pinmux
    - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
    - powerpc/64s/radix: Boot-time NULL pointer protection using a guard-PID
    - md: only allow remove_and_add_spares when no sync_thread running.
    - platform/x86: dell-laptop: fix kbd_get_state's request value
    - Linux 4.15.8
  * ZFS setgid broken on 0.7 (LP: #1753288)
    - SAUCE: Fix ZFS setgid
  * /proc/kallsyms prints "(null)" for null addresses in 4.15 (LP: #1754297)
    - vsprintf: avoid misleading "(null)" for %px
  * Miscellaneous Ubuntu changes
    - d-i: Add netsec to nic-modules
    - [Config] fix up retpoline abi files
    - [Config] set NOBP and expoline options for s390

  [ Ubuntu: 4.15.0-12.13 ]

  * linux: 4.15.0-12.13 -proposed tracker (LP: #1754059)
  * CONFIG_EFI=y on armhf (LP: #1726362)
    - [Config] CONFIG_EFI=y on armhf, reconcile secureboot EFI settings
  * ppc64el: Support firmware disable of RFI flush (LP: #1751994)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
  * [Feature] CFL/CNL (PCH:CNP-H): New GPIO Commit added (GPIO Driver needed)
    (LP: #1751714)
    - gpio / ACPI: Drop unnecessary ACPI GPIO to Linux GPIO translation
    - pinctrl: intel: Allow custom GPIO base for pad groups
    - pinctrl: cannonlake: Align GPIO number space with Windows
  * [Feature] Add xHCI debug device support in the driver (LP: #1730832)
    - usb: xhci: Make some static functions global
    - usb: xhci: Add DbC support in xHCI driver
    - [Config] USB_XHCI_DBGCAP=y for commit mainline dfba2174dc42.
  * [SRU] Lenovo E41 Mic mute hotkey is not responding (LP: #1753347)
    - platform/x86: ideapad-laptop: Increase timeout to wait for EC answer
  * headset mic can't be detected on two Dell machines (LP: #1748807)
    - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
  * hisi_sas: Add disk LED support (LP: #1752695)
    - scsi: hisi_sas: directly attached disk LED feature for v2 hw
  * [Feature] [Graphics]Whiskey Lake (Coffelake-U 4+2) new PCI Device ID adds
    (LP: #1742561)
    - drm/i915/cfl: Adding more Coffee Lake PCI IDs.
  * [Bug] [USB Function][CFL-CNL PCH]Stall Error and USB Transaction Error in
    trace, Disable of device-initiated U1/U2 failed and rebind failed: -517
    during suspend/resume with usb storage. (LP: #1730599)
    - usb: Don't print a warning if interface driver rebind is deferred at resume
  * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
    - [Packaging] retpoline -- elide %cs:0xNNNN constants on i386
    - [Config] retpoline -- clean up i386 retpoline files
  * hisilicon hibmc regression due to ea642c3216cb ("drm/ttm: add io_mem_pfn
    callback") (LP: #1738334)
    - drm/ttm: add ttm_bo_io_mem_pfn to check io_mem_pfn
  * [Asus UX360UA] battery status in unity-panel is not changing when battery is
    being charged (LP: #1661876) // AC adapter status not detected on Asus
    ZenBook UX410UAK (LP: #1745032)
    - ACPI / battery: Add quirk for Asus UX360UA and UX410UAK
  * ASUS UX305LA - Battery state not detected correctly (LP: #1482390)
    - ACPI / battery: Add quirk for Asus GL502VSK and UX305LA
  * [18.04 FEAT] Automatically detect layer2 setting in the qeth device driver
    (LP: #1747639)
    - s390/diag: add diag26c support for VNIC info
    - s390/qeth: support early setup for z/VM NICs
  * Bionic update to v4.15.7 stable release (LP: #1752317)
    - netfilter: drop outermost socket lock in getsockopt()
    - arm64: mm: don't write garbage into TTBR1_EL1 register
    - kconfig.h: Include compiler types to avoid missed struct attributes
    - MIPS: boot: Define __ASSEMBLY__ for its.S build
    - xtensa: fix high memory/reserved memory collision
    - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
    - MIPS: Drop spurious __unused in struct compat_flock
    - cfg80211: fix cfg80211_beacon_dup
    - i2c: designware: must wait for enable
    - i2c: bcm2835: Set up the rising/falling edge delays
    - X.509: fix BUG_ON() when hash algorithm is unsupported
    - X.509: fix NULL dereference when restricting key with unsupported_sig
    - PKCS#7: fix certificate chain verification
    - PKCS#7: fix certificate blacklisting
    - extcon: int3496: process id-pin first so that we start with the right status
    - genirq/matrix: Handle CPU offlining proper
    - RDMA/uverbs: Protect from races between lookup and destroy of uobjects
    - RDMA/uverbs: Protect from command mask overflow
    - RDMA/uverbs: Fix bad unlock balance in ib_uverbs_close_xrcd
    - RDMA/uverbs: Fix circular locking dependency
    - RDMA/uverbs: Sanitize user entered port numbers prior to access it
    - iio: adc: stm32: fix stm32h7_adc_enable error handling
    - iio: srf08: fix link error "devm_iio_triggered_buffer_setup" undefined
    - iio: buffer: check if a buffer has been set up when poll is called
    - iio: adis_lib: Initialize trigger before requesting interrupt
    - Kbuild: always define endianess in kconfig.h
    - x86/apic/vector: Handle vector release on CPU unplug correctly
    - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
    - mm, swap, frontswap: fix THP swap if frontswap enabled
    - mm: don't defer struct page initialization for Xen pv guests
    - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
    - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
    - irqchip/mips-gic: Avoid spuriously handling masked interrupts
    - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices
    - net: thunderbolt: Tear down connection properly on suspend
    - net: thunderbolt: Run disconnect flow asynchronously when logout is received
    - ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and
      io_watchdog_func()
    - usb: ohci: Proper handling of ed_rm_list to handle race condition between
      usb_kill_urb() and finish_unlinks()
    - arm64: Remove unimplemented syscall log message
    - arm64: Disable unhandled signal log messages by default
    - arm64: cpufeature: Fix CTR_EL0 field definitions
    - Add delay-init quirk for Corsair K70 RGB keyboards
    - usb: host: ehci: use correct device pointer for dma ops
    - usb: dwc3: gadget: Set maxpacket size for ep0 IN
    - usb: dwc3: ep0: Reset TRB counter for ep0 IN
    - usb: phy: mxs: Fix NULL pointer dereference on i.MX23/28
    - usb: ldusb: add PIDs for new CASSY devices supported by this driver
    - Revert "usb: musb: host: don't start next rx urb if current one failed"
    - usb: gadget: f_fs: Process all descriptors during bind
    - usb: gadget: f_fs: Use config_ep_by_speed()
    - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
    - drm/cirrus: Load lut in crtc_commit
    - drm/atomic: Fix memleak on ERESTARTSYS during non-blocking commits
    - drm: Handle unexpected holes in color-eviction
    - drm/amdgpu: disable MMHUB power gating on raven
    - drm/amdgpu: fix VA hole handling on Vega10 v3
    - drm/amdgpu: Add dpm quirk for Jet PRO (v2)
    - drm/amdgpu: only check mmBIF_IOV_FUNC_IDENTIFIER on tonga/fiji
    - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
    - drm/amdgpu: add new device to use atpx quirk
    - arm64: __show_regs: Only resolve kernel symbols when running at EL1
    - drm/i915/breadcrumbs: Ignore unsubmitted signalers
    - microblaze: fix endian handling
    - Linux 4.15.7
  * [regression] Colour banding and artefacts appear system-wide on an Asus
    Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) // Bionic update
    to v4.15.7 stable release (LP: #1752317)
    - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
  * errors with sas hotplug (LP: #1752146)
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()
    - scsi: libsas: fix error when getting phy events
    - scsi: libsas: initialize sas_phy status according to response of DISCOVER
    - scsi: libsas: Use dynamic alloced work to avoid sas event lost
    - scsi: libsas: shut down the PHY if events reached the threshold
    - scsi: libsas: make the event threshold configurable
    - scsi: libsas: Use new workqueue to run sas event and disco event
    - scsi: libsas: use flush_workqueue to process disco events synchronously
    - scsi: libsas: direct call probe and destruct
    - scsi: libsas: notify event PORTE_BROADCAST_RCVD in sas_enable_revalidation()
  * rtnetlink: enable namespace identifying properties in rtnetlink requests
    (LP: #1748232)
    - rtnetlink: enable IFLA_IF_NETNSID in do_setlink()
    - rtnetlink: enable IFLA_IF_NETNSID for RTM_SETLINK
    - rtnetlink: enable IFLA_IF_NETNSID for RTM_DELLINK
    - rtnetlink: enable IFLA_IF_NETNSID for RTM_NEWLINK
    - rtnetlink: remove check for IFLA_IF_NETNSID
    - rtnetlink: require unique netns identifier
  * Bionic update to v4.15.6 stable release (LP: #1752119)
    - tun: fix tun_napi_alloc_frags() frag allocator
    - ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
    - ptr_ring: try vmalloc() when kmalloc() fails
    - selinux: ensure the context is NUL terminated in
      security_context_to_sid_core()
    - selinux: skip bounded transition processing if the policy isn't loaded
    - media: pvrusb2: properly check endpoint types
    - crypto: x86/twofish-3way - Fix %rbp usage
    - staging: android: ion: Add __GFP_NOWARN for system contig heap
    - staging: android: ion: Switch from WARN to pr_warn
    - blk_rq_map_user_iov: fix error override
    - KVM: x86: fix escape of guest dr6 to the host
    - kcov: detect double association with a single task
    - netfilter: x_tables: fix int overflow in xt_alloc_table_info()
    - netfilter: x_tables: avoid out-of-bounds reads in
      xt_request_find_{match|target}
    - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
    - netfilter: on sockopt() acquire sock lock only in the required scope
    - netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
    - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
    - rds: tcp: correctly sequence cleanup on netns deletion.
    - rds: tcp: atomically purge entries from rds_tcp_conn_list during netns
      delete
    - net: avoid skb_warn_bad_offload on IS_ERR
    - net_sched: gen_estimator: fix lockdep splat
    - soc: qcom: rmtfs_mem: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - ASoC: ux500: add MODULE_LICENSE tag
    - video: fbdev/mmp: add MODULE_LICENSE
    - ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
    - arm64: dts: add #cooling-cells to CPU nodes
    - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
    - ANDROID: binder: remove WARN() for redundant txn error
    - ANDROID: binder: synchronize_rcu() when using POLLFREE.
    - staging: android: ashmem: Fix a race condition in pin ioctls
    - binder: check for binder_thread allocation failure in binder_poll()
    - binder: replace "%p" with "%pK"
    - staging: fsl-mc: fix build testing on x86
    - staging: iio: adc: ad7192: fix external frequency setting
    - staging: iio: ad5933: switch buffer mode to software
    - xhci: Fix NULL pointer in xhci debugfs
    - xhci: Fix xhci debugfs devices node disappearance after hibernation
    - xhci: xhci debugfs device nodes weren't removed after device plugged out
    - xhci: fix xhci debugfs errors in xhci_stop
    - usbip: keep usbip_device sockfd state in sync with tcp_socket
    - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
    - mei: me: add cannon point device ids
    - mei: me: add cannon point device ids for 4th device
    - vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
    - Linux 4.15.6
  * Unable to insert test_bpf module on Bionic s390x (LP: #1751234)
    - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
  * [Ubuntu 18.04 FEAT] OpenCAPI enabling (LP: #1746988)
    - powerpc/powernv: Introduce new PHB type for opencapi links
    - powerpc/powernv: Set correct configuration space size for opencapi devices
    - powerpc/powernv: Add opal calls for opencapi
    - powerpc/powernv: Add platform-specific services for opencapi
    - powerpc/powernv: Capture actag information for the device
    - ocxl: Driver code for 'generic' opencapi devices
    - ocxl: Add AFU interrupt support
    - ocxl: Add a kernel API for other opencapi drivers
    - ocxl: Add trace points
    - ocxl: Add Makefile and Kconfig
    - [Config] CONFIG_OCXL=m for ppc64el
    - cxl: Remove support for "Processing accelerators" class
    - ocxl: Documentation
    - ocxl: add MAINTAINERS entry
    - cxl: Add support for ASB_Notify on POWER9
  * Request to update 18.04 kernel aacraid to upstream 4.16 version
    (LP: #1746801)
    - scsi: aacraid: remove unused variable managed_request_id
    - scsi: aacraid: Do not attempt abort when Fw panicked
    - scsi: aacraid: Do not remove offlined devices
    - scsi: aacraid: Fix ioctl reset hang
    - scsi: aacraid: Allow reset_host sysfs var to recover Panicked Fw
    - scsi: aacraid: Refactor reset_host store function
    - scsi: aacraid: Move code to wait for IO completion to shutdown func
    - scsi: aacraid: Create bmic submission function from bmic identify
    - scsi: aacraid: Change phy luns function to use common bmic function
    - scsi: aacraid: Refactor and rename to make mirror existing changes
    - scsi: aacraid: Add target setup helper function
    - scsi: aacraid: Untangle targets setup from report phy luns
    - scsi: aacraid: Move function around to match existing code
    - scsi: aacraid: Create helper functions to get lun info
    - scsi: aacraid: Save bmic phy information for each phy
    - scsi: aacraid: Add helper function to set queue depth
    - scsi: aacraid: Merge func to get container information
    - scsi: aacraid: Process hba and container hot plug events in single function
    - scsi: aacraid: Added macros to help loop through known buses and targets
    - scsi: aacraid: Refactor resolve luns code and scsi functions
    - scsi: aacraid: Merge adapter setup with resolve luns
    - scsi: aacraid: Block concurrent hotplug event handling
    - scsi: aacraid: Use hotplug handling function in place of scsi_scan_host
    - scsi: aacraid: Reschedule host scan in case of failure
    - scsi: aacraid: Fix hang while scanning in eh recovery
    - scsi: aacraid: Skip schedule rescan in case of kdump
    - scsi: aacraid: Remove unused rescan variable
    - scsi: aacraid: Remove AAC_HIDE_DISK check in queue command
    - scsi: aacraid: Update driver version to 50877
    - scsi: aacraid: Fix driver oops with dead battery
    - scsi: aacraid: remove redundant setting of variable c
    - scsi: aacraid: Get correct lun count
    - scsi: aacraid: Delay for rescan worker needs to be 10 seconds
  * [18.04] kpatch - Add livepatch hook support for ppc64le (LP: #1741992)
    - powerpc/modules: Add REL24 relocation support of livepatch symbols
    - powerpc/modules: Don't try to restore r2 after a sibling call
    - powerpc/modules: Improve restore_r2() error message
  * Ubuntu 18.04 - Include latest ibmvnic fixes in Ubuntu kernel (LP: #1748517)
    - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES
    - ibmvnic: Increase maximum number of RX/TX queues
    - ibmvnic: Include header descriptor support for ARP packets
    - ibmvnic: Don't handle RX interrupts when not up.
    - ibmvnic: Wait for device response when changing MAC
    - ibmvnic: fix firmware version when no firmware level has been provided by
      the VIOS server
    - ibmvnic: fix empty firmware version and errors cleanup
    - ibmvnic: Fix rx queue cleanup for non-fatal resets
    - ibmvnic: Ensure that buffers are NULL after free
    - ibmvnic: queue reset when CRQ gets closed during reset
    - ibmvnic: Reset long term map ID counter
    - ibmvnic: Remove skb->protocol checks in ibmvnic_xmit
    - ibmvnic: Wait until reset is complete to set carrier on
    - ibmvnic: Fix login buffer memory leaks
    - ibmvnic: Fix NAPI structures memory leak
    - ibmvnic: Free RX socket buffer in case of adapter error
    - ibmvnic: Clean RX pool buffers during device close
    - ibmvnic: Check for NULL skb's in NAPI poll routine
    - ibmvnic: Fix early release of login buffer
  * Power9 DD 2.2 needs HMI fixup backport of upstream
    patch(d075745d893c78730e4a3b7a60fca23c2f764081) into kernel (LP: #1751834)
    - KVM: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9
  * Driver not found in Ubuntu kernel does not detect interface (LP: #1745927)
    - d-i: add cxgb4 to nic-modules
  * BCM5719/tg3 loses connectivity due to missing heartbeats between fw and
    driver (LP: #1751337)
    - tg3: APE heartbeat changes
  * Miscellaneous Ubuntu changes
    - ubuntu: vbox -- update to 5.2.6-dfsg-5
    - Revert "UBUNTU: SAUCE: Import aufs driver"
    - SAUCE: Import aufs driver
    - Revert "UBUNTU: SAUCE: (no-up) Convert bnx2x firmware files to ihex format"
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - [Config] fix up retpoline abi files
    - ubuntu: vbox -- update to 5.2.8-dfsg-2

 -- Kamal Mostafa <email address hidden>  Tue, 20 Mar 2018 15:06:14 -0700

Available diffs

Superseded in xenial-security on 2018-04-23
Superseded in xenial-updates on 2018-04-23
Deleted in xenial-proposed (Reason: NBS)
linux-kvm (4.4.0-1020.25) xenial; urgency=medium

  * linux-kvm: 4.4.0-1020.25 -proposed tracker (LP: #1755219)

  * linux-kvm standard configs for Ubuntu Server workloads (LP: #1736561)
    - kvm: [config] enable NO_HZ_IDLE, HIGH_RES_TIMERS
    - kvm: [config] enable NUMA
    - kvm: [config] enable all CGROUPs
    - kvm: [config] enable all CONFIG_RD decompressors
    - kvm: [config] enable COREDUMP
    - kvm: [config] enable X86_X2APIC
    - kvm: [config] enable PREEMPT_VOLUNTARY
    - kvm: [config] enable HOTPLUG_CPU
    - kvm: [config] enable BLK_DEV_SD
    - kvm: [config] enable ATA, PATA, SATA
    - kvm: [config] enable BONDING, MACVLAN, TUN, VETH
    - kvm: [config] enable HW_RANDOM_{AMD,INTEL,TIMERIOMEM}
    - kvm: [config] enable EFI_VARS
    - kvm: [config] enable SQUASHFS
    - kvm: [retpoline] add new retpoline call sites

  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - kvm: [config] enable X86_VSYSCALL_EMULATION

  * Xenial update to 4.4.110 stable release (LP: #1745071)
    - [config] updateconfigs for master changes

  * linux-kvm configs for Kata containers (LP: #1752147)
    - kvm: [config] Enable PCI Hotplug
    - kvm: [config] Add support for DPDK
    - kvm: [config] Enable DAX
    - kvm: [config] Enable 9P fs

  [ Ubuntu: 4.4.0-117.141 ]

  * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)
  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - reiserfs: don't preallocate blocks for extended attributes
    - reiserfs: Don't clear SGID when inheriting ACLs
    - fs/fcntl: f_setown, avoid undefined behaviour
    - scsi: libiscsi: fix shifting of DID_REQUEUE host byte
    - Input: trackpoint - force 3 buttons if 0 button is reported
    - usb: usbip: Fix possible deadlocks reported by lockdep
    - usbip: fix stub_rx: get_pipe() to validate endpoint number
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
    - usbip: prevent leaking socket pointer address in messages
    - um: link vmlinux with -no-pie
    - vsyscall: Fix permissions for emulate mode with KAISER/PTI
    - eventpoll.h: add missing epoll event masks
    - x86/microcode/intel: Extend BDW late-loading further with LLC size check
    - hrtimer: Reset hrtimer cpu base proper on CPU hotplug
    - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
    - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
    - ipv6: fix udpv6 sendmsg crash caused by too small MTU
    - ipv6: ip6_make_skb() needs to clear cork.base.dst
    - lan78xx: Fix failure in USB Full Speed
    - net: igmp: fix source address check for IGMPv3 reports
    - tcp: __tcp_hdrlen() helper
    - net: qdisc_pkt_len_init() should be more robust
    - pppoe: take ->needed_headroom of lower device into account on xmit
    - r8169: fix memory corruption on retrieval of hardware statistics.
    - sctp: do not allow the v4 socket to bind a v4mapped v6 address
    - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
    - vmxnet3: repair memory leak
    - net: Allow neigh contructor functions ability to modify the primary_key
    - ipv4: Make neigh lookup keys for loopback/point-to-point devices be
      INADDR_ANY
    - flow_dissector: properly cap thoff field
    - net: tcp: close sock if net namespace is exiting
    - nfsd: auth: Fix gid sorting when rootsquash enabled
    - Linux 4.4.114
  * Xenial update to 4.4.113 stable release (LP: #1754375)
    - gcov: disable for COMPILE_TEST
    - scsi: sg: disable SET_FORCE_LOW_DMA
    - futex: Prevent overflow by strengthen input validation
    - ALSA: pcm: Remove yet superfluous WARN_ON()
    - ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
    - ALSA: hda - Apply the existing quirk to iMac 14,1
    - af_key: fix buffer overread in verify_address_len()
    - af_key: fix buffer overread in parse_exthdrs()
    - scsi: hpsa: fix volume offline state
    - sched/deadline: Zero out positive runtime after throttling constrained tasks
    - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
    - x86/apic/vector: Fix off by one in error path
    - Input: 88pm860x-ts - fix child-node lookup
    - Input: twl6040-vibra - fix DT node memory management
    - Input: twl6040-vibra - fix child-node lookup
    - Input: twl4030-vibra - fix sibling-node lookup
    - tracing: Fix converting enum's from the map in trace_event_eval_update()
    - phy: work around 'phys' references to usb-nop-xceiv devices
    - ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
    - can: peak: fix potential bug in packet fragmentation
    - dm btree: fix serious bug in btree_split_beneath()
    - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
    - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
    - kbuild: modversions for EXPORT_SYMBOL() for asm
    - x86/pti: Document fix wrong index
    - MIPS: AR7: ensure the port type's FCR value is used
    - Linux 4.4.113
  * Xenial update to 4.4.113 stable release (LP: #1754375) // CVE-2017-5753
    (Spectre v1 Intel -> upstream)
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
  * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
    - i2c: octeon: Prevent error message on bus error
  * qeth: fix calculation of required buffer elements for skb (LP: #1750810)
    - s390/qeth: fix underestimated count of buffer elements
  * Support rfkill-any led trigger for Fujitsu u727 (LP: #1745130)
    - rfkill: Add rfkill-any LED trigger
  * Redpine: Sometimes Wi-Fi connection shows "unavailable" after resume from
    WoWLAN S4. WLAN can be recover after reboot or reloading WIFI driver.
    (LP: #1753438) // Redpine: BLE scanning for nearby beacons per second is too
    low and result high loss rate. (LP: #1753439)
    - SAUCE: Redpine: resolve race while resuming from S4
    - SAUCE: Redpine: Fix card write failure issue at S4 restore
    - SAUCE: Redpine: Add deep sleep enable before connection
    - SAUCE: Redpine: resolve power save issue after S4 resume
  * qeth: check not more than 16 SBALEs on the completion queue (LP: #1750568)
    - qeth: check not more than 16 SBALEs on the completion queue
  * qeth: fix L3 next-hop im xmit qeth hdr (LP: #1750813)
    - s390/qeth: fix L3 next-hop in xmit qeth hdr
  * qemu-efi-aarch64 in >= artful can't boot xenial cloud images (LP: #1744754)
    - irqchip/gic-v3: Refactor gic_of_init() for GICv3 driver
    - irqchip/gic-v3: Add ACPI support for GICv3/4 initialization
    - irqchip/gic-v3: ACPI: Add redistributor support via GICC structures
    - irqchip/gic-v3: Remove gic_root_node variable from the ITS code
    - irqchip/gic-v3-its: Mark its_init() and its children as __init
    - ACPICA: Headers: Add new constants for the DBG2 ACPI table
    - of/serial: move earlycon early_param handling to serial
    - ACPI: parse SPCR and enable matching console
    - [Config] CONFIG_ACPI_SPCR_TABLE=y
    - ARM64: ACPI: enable ACPI_SPCR_TABLE
    - serial: pl011: add console matching function
  * OOM and High CPU utilization in update_blocked_averages because of too many
    cfs_rqs in rq->leaf_cfs_rq_list (LP: #1747896)
    - sched/fair: Fix O(nr_cgroups) in load balance path
  * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
    - SAUCE: tools -- add ability to disable libbfd
    - [Packaging] correct disablement of libbfd
  * retpoline abi files are empty on i386 (LP: #1751021)
    - [Packaging] retpoline-extract -- instantiate retpoline files for i386
    - [Packaging] final-checks -- sanity checking ABI contents
    - [Packaging] final-checks -- check for empty retpoline files
  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware
  * CVE-2017-17448
    - netfilter: nfnetlink_cthelper: Add missing permission checks
  * TB16 dock ethernet corrupts data with hw checksum silently failing
    (LP: #1729674)
    - r8152: disable RX aggregation on Dell TB16 dock
  * linux < 4.8: x-netns vti is broken (LP: #1744078)
    - net: l3mdev: Add master device lookup by index
    - xfrm: Only add l3mdev oif to dst lookups
  * Xenial update to 4.4.112 stable release (LP: #1745266)
    - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
    - can: gs_usb: fix return value of the "set_bittiming" callback
    - IB/srpt: Disable RDMA access by the initiator
    - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
    - MIPS: Factor out NT_PRFPREG regset access helpers
    - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
    - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
    - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
    - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
    - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
    - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
    - x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
    - x86/acpi: Handle SCI interrupts above legacy space gracefully
    - iommu/arm-smmu-v3: Don't free page table ops twice
    - ALSA: pcm: Remove incorrect snd_BUG_ON() usages
    - ALSA: pcm: Add missing error checks in OSS emulation plugin builder
    - ALSA: pcm: Abort properly at pending signal in OSS read/write loops
    - ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
    - ALSA: aloop: Release cable upon open error path
    - ALSA: aloop: Fix inconsistent format due to incomplete rule
    - ALSA: aloop: Fix racy hw constraints adjustment
    - x86/acpi: Reduce code duplication in mp_override_legacy_irq()
    - mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
    - mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
    - mm/page-writeback: fix dirty_ratelimit calculation
    - mm/zswap: use workqueue to destroy pool
    - zswap: don't param_set_charp while holding spinlock
    - locks: don't check for race with close when setting OFD lock
    - futex: Replace barrier() in unqueue_me() with READ_ONCE()
    - locking/mutex: Allow next waiter lockless wakeup
    - usbvision fix overflow of interfaces array
    - usb: musb: ux500: Fix NULL pointer dereference at system PM
    - r8152: fix the wake event
    - r8152: use test_and_clear_bit
    - r8152: adjust ALDPS function
    - lan78xx: use skb_cow_head() to deal with cloned skbs
    - sr9700: use skb_cow_head() to deal with cloned skbs
    - smsc75xx: use skb_cow_head() to deal with cloned skbs
    - cx82310_eth: use skb_cow_head() to deal with cloned skbs
    - x86/mm/pat, /dev/mem: Remove superfluous error message
    - hwrng: core - sleep interruptible in read
    - sysrq: Fix warning in sysrq generated crash.
    - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
    - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
    - x86/pti/efi: broken conversion from efi to kernel page table
    - 8021q: fix a memory leak for VLAN 0 device
    - ip6_tunnel: disable dst caching if tunnel is dual-stack
    - net: core: fix module type in sock_diag_bind
    - RDS: Heap OOB write in rds_message_alloc_sgs()
    - sh_eth: fix TSU resource handling
    - sh_eth: fix SH7757 GEther initialization
    - net: stmmac: enable EEE in MII, GMII or RGMII only
    - ipv6: fix possible mem leaks in ipv6_make_skb()
    - crypto: algapi - fix NULL dereference in crypto_remove_spawns()
    - rbd: set max_segments to USHRT_MAX
    - x86/microcode/intel: Extend BDW late-loading with a revision check
    - KVM: x86: Add memory barrier on vmcs field lookup
    - drm/vmwgfx: Potential off by one in vmw_view_add()
    - kaiser: Set _PAGE_NX only if supported
    - bpf: don't (ab)use instructions to store state
    - bpf: move fixup_bpf_calls() function
    - bpf: refactor fixup_bpf_calls()
    - bpf: adjust insn_aux_data when patching insns
    - bpf: prevent out-of-bounds speculation
    - bpf, array: fix overflow in max_entries and undefined behavior in index_mask
    - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
    - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
    - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
    - USB: serial: cp210x: add new device ID ELV ALC 8xxx
    - usb: misc: usb3503: make sure reset is low for at least 100us
    - USB: fix usbmon BUG trigger
    - usbip: remove kernel addresses from usb device and urb debug msgs
    - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
    - Bluetooth: Prevent stack info leak from the EFS element.
    - uas: ignore UAS for Norelsys NS1068(X) chips
    - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
    - x86/Documentation: Add PTI description
    - sysfs/cpu: Fix typos in vulnerability documentation
    - x86/alternatives: Fix optimize_nops() checking
    - selftests/x86: Add test_vsyscall
    - Linux 4.4.112
  * Xenial update to 4.4.111 stable release (LP: #1745263)
    - x86/kasan: Write protect kasan zero shadow
    - kernel/acct.c: fix the acct->needcheck check in check_free_space()
    - crypto: n2 - cure use after free
    - crypto: chacha20poly1305 - validate the digest size
    - crypto: pcrypt - fix freeing pcrypt instances
    - sunxi-rsb: Include OF based modalias in device uevent
    - fscache: Fix the default for fscache_maybe_release_page()
    - kernel: make groups_sort calling a responsibility group_info allocators
    - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
    - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only()
      signals
    - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in
      complete_signal()
    - ARC: uaccess: dont use "l" gcc inline asm constraint modifier
    - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
    - genksyms: Handle string literals with spaces in reference files
    - module: Issue warnings when tainting kernel
    - proc: much faster /proc/vmstat
    - Fix build error in vma.c
    - Linux 4.4.111
  * x86/net/bpf: return statement missing value (LP: #1745364)
    - SAUCE: (no-up) arch/x86/bpf: Fix missed return statement
  * Ubuntu 16.04 - s390/cpuinfo: show facilities as reported by stfle
    (LP: #1744736)
    - s390/bitops: add for_each_set_bit_inv helper
    - s390/cpuinfo: show facilities as reported by stfle
  * Xenial update to 4.4.110 stable release (LP: #1745071)
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - SAUCE: Replace CONFIG_KAISER with CONFIG_PAGE_TABLE_ISOLATION
    - Linux 4.4.110
  * Xenial update to 4.4.109 stable release (LP: #1745069)
    - ACPI: APEI / ERST: Fix missing error handling in erst_reader()
    - crypto: mcryptd - protect the per-CPU queue with a lock
    - mfd: cros ec: spi: Don't send first message too soon
    - mfd: twl4030-audio: Fix sibling-node lookup
    - mfd: twl6040: Fix child-node lookup
    - ALSA: rawmidi: Avoid racy info ioctl via ctl device
    - ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
    - PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
    - parisc: Hide Diva-built-in serial aux and graphics card
    - spi: xilinx: Detect stall with Unknown commands
    - KVM: X86: Fix load RFLAGS w/o the fixed bit
    - powerpc/perf: Dereference BHRB entries safely
    - net: mvneta: clear interface link status on port disable
    - tracing: Remove extra zeroing out of the ring buffer page
    - tracing: Fix possible double free on failure of allocating trace buffer
    - tracing: Fix crash when it fails to alloc ring buffer
    - ring-buffer: Mask out the info bits when returning buffer page length
    - iw_cxgb4: Only validate the MSN for successful completions
    - ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
    - ASoC: twl4030: fix child-node lookup
    - ALSA: hda: Drop useless WARN_ON()
    - ALSA: hda - fix headset mic detection issue on a Dell machine
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - kbuild: add '-fno-stack-check' to kernel build options
    - ipv4: igmp: guard against silly MTU values
    - ipv6: mcast: better catch silly mtu values
    - net: igmp: Use correct source address on IGMPv3 reports
    - netlink: Add netns check on taps
    - net: qmi_wwan: add Sierra EM7565 1199:9091
    - net: reevalulate autoflowlabel setting after sysctl setting
    - tcp md5sig: Use skb's saddr when replying to an incoming segment
    - tg3: Fix rx hang on MTU change with 5717/5719
    - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
    - sctp: Replace use of sockets_allocated with specified macro.
    - ipv4: Fix use-after-free when flushing FIB tables
    - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink
      leaks
    - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
    - sock: free skb in skb_complete_tx_timestamp on error
    - usbip: fix usbip bind writing random string after command in match_busid
    - usbip: stub: stop printing kernel pointer addresses in messages
    - usbip: vhci: stop printing kernel pointer addresses in messages
    - USB: serial: ftdi_sio: add id for Airbus DS P8GR
    - USB: serial: qcserial: add Sierra Wireless EM7565
    - USB: serial: option: add support for Telit ME910 PID 0x1101
    - USB: serial: option: adding support for YUGA CLM920-NC5
    - usb: Add device quirk for Logitech HD Pro Webcam C925e
    - usb: add RESET_RESUME for ELSA MicroLink 56K
    - USB: Fix off by one in type-specific length check of BOS SSP capability
    - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
    - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
    - x86/smpboot: Remove stale TLB flush invocations
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
    - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
    - Linux 4.4.109
  * Xenial update to 4.4.108 stable release (LP: #1745054)
    - arm64: Initialise high_memory global variable earlier
    - cxl: Check if vphb exists before iterating over AFU devices
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - mm/rmap: batched invalidations should use existing api
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - ARM: Hide finish_arch_post_lock_switch() from modules
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - ALSA: hda - add support for docking station for HP 820 G2
    - ALSA: hda - add support for docking station for HP 840 G3
    - arm: kprobes: Fix the return address of multiple kretprobes
    - arm: kprobes: Align stack to 8-bytes in test code
    - cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
    - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
    - sch_dsmark: fix invalid skb_cow() usage
    - bna: integer overflow bug in debugfs
    - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4
    - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
    - usb: gadget: udc: remove pointer dereference after free
    - netfilter: nfnl_cthelper: fix runtime expectation policy updates
    - netfilter: nfnl_cthelper: Fix memory leak
    - inet: frag: release spinlock before calling icmp_send()
    - pinctrl: st: add irq_request/release_resources callbacks
    - scsi: lpfc: Fix PT2PT PRLI reject
    - KVM: x86: correct async page present tracepoint
    - KVM: VMX: Fix enable VPID conditions
    - ARM: dts: ti: fix PCI bus dtc warnings
    - hwmon: (asus_atk0110) fix uninitialized data access
    - HID: xinmo: fix for out of range for THT 2P arcade controller.
    - r8152: prevent the driver from transmitting packets with carrier off
    - s390/qeth: no ETH header for outbound AF_IUCV
    - bna: avoid writing uninitialized data into hw registers
    - net: Do not allow negative values for busy_read and busy_poll sysctl
      interfaces
    - i40e: Do not enable NAPI on q_vectors that have no rings
    - RDMA/iser: Fix possible mr leak on device removal event
    - irda: vlsi_ir: fix check for DMA mapping errors
    - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
    - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
    - ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend
    - KVM: pci-assign: do not map smm memory slot pages in vt-d page tables
    - isdn: kcapi: avoid uninitialized data
    - xhci: plat: Register shutdown for xhci_plat
    - netfilter: nfnetlink_queue: fix secctx memory leak
    - ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
    - cpuidle: powernv: Pass correct drv->cpumask for registration
    - bnxt_en: Fix NULL pointer dereference in reopen failure path
    - backlight: pwm_bl: Fix overflow condition
    - crypto: crypto4xx - increase context and scatter ring buffer elements
    - rtc: pl031: make interrupt optional
    - net: phy: at803x: Change error to EINVAL for invalid MAC
    - PCI: Avoid bus reset if bridge itself is broken
    - scsi: cxgb4i: fix Tx skb leak
    - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume
      created on two SATA drive
    - PCI: Create SR-IOV virtfn/physfn links before attaching driver
    - igb: check memory allocation failure
    - ixgbe: fix use of uninitialized padding
    - PCI/AER: Report non-fatal errors only to the affected endpoint
    - scsi: lpfc: Fix secure firmware updates
    - scsi: lpfc: PLOGI failures during NPIV testing
    - fm10k: ensure we process SM mbx when processing VF mbx
    - tcp: fix under-evaluated ssthresh in TCP Vegas
    - rtc: set the alarm to the next expiring timer
    - cpuidle: fix broadcast control when broadcast can not be entered
    - thermal: hisilicon: Handle return value of clk_prepare_enable
    - MIPS: math-emu: Fix final emulation phase for certain instructions
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit()
    - ALSA: hda - Degrade i915 binding failure message
    - ALSA: hda - Fix yet another i915 pointer leftover in error path
    - alpha: fix build failures
    - Linux 4.4.108
  * Xenial update to 4.4.107 stable release (LP: #1745052)
    - crypto: hmac - require that the underlying hash algorithm is unkeyed
    - crypto: salsa20 - fix blkcipher_walk API usage
    - autofs: fix careless error in recent commit
    - tracing: Allocate mask_str buffer dynamically
    - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
    - USB: core: prevent malicious bNumInterfaces overflow
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
    - ceph: drop negative child dentries before try pruning inode's alias
    - Bluetooth: btusb: driver to enable the usb-wakeup feature
    - xhci: Don't add a virt_dev to the devs array before it's fully allocated
    - sched/rt: Do not pull from current CPU if only one CPU to pull
    - dmaengine: dmatest: move callback wait queue to thread context
    - ext4: fix fdatasync(2) after fallocate(2) operation
    - ext4: fix crash when a directory's i_size is too small
    - KEYS: add missing permission check for request_key() destination
    - mac80211: Fix addition of mesh configuration element
    - usb: phy: isp1301: Add OF device ID table
    - md-cluster: free md_cluster_info if node leave cluster
    - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
    - userfaultfd: selftest: vm: allow to build in vm/ directory
    - net: initialize msg.msg_flags in recvfrom
    - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
    - net: bcmgenet: correct MIB access of UniMAC RUNT counters
    - net: bcmgenet: reserved phy revisions must be checked first
    - net: bcmgenet: power down internal phy if open or resume fails
    - net: bcmgenet: Power up the internal PHY before probing the MII
    - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
    - NFSD: fix nfsd_reset_versions for NFSv4.
    - Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
    - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
    - netfilter: bridge: honor frag_max_size when refragmenting
    - writeback: fix memory leak in wb_queue_work()
    - net: wimax/i2400m: fix NULL-deref at probe
    - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
    - net: Resend IGMP memberships upon peer notification.
    - mlxsw: reg: Fix SPVM max record count
    - mlxsw: reg: Fix SPVMLR max record count
    - intel_th: pci: Add Gemini Lake support
    - openrisc: fix issue handling 8 byte get_user calls
    - scsi: hpsa: update check for logical volume status
    - scsi: hpsa: limit outstanding rescans
    - fjes: Fix wrong netdevice feature flags
    - drm/radeon/si: add dpm quirk for Oland
    - sched/deadline: Make sure the replenishment timer fires in the next period
    - sched/deadline: Throttle a constrained deadline task activated after the
      deadline
    - sched/deadline: Use deadline instead of period when calculating overflow
    - mmc: mediatek: Fixed bug where clock frequency could be set wrong
    - drm/radeon: reinstate oland workaround for sclk
    - afs: Fix missing put_page()
    - afs: Populate group ID from vnode status
    - afs: Adjust mode bits processing
    - afs: Flush outstanding writes when an fd is closed
    - afs: Migrate vlocation fields to 64-bit
    - afs: Prevent callback expiry timer overflow
    - afs: Fix the maths in afs_fs_store_data()
    - afs: Populate and use client modification time
    - afs: Fix page leak in afs_write_begin()
    - afs: Fix afs_kill_pages()
    - perf symbols: Fix symbols__fixup_end heuristic for corner cases
    - efi/esrt: Cleanup bad memory map log messages
    - NFSv4.1 respect server's max size in CREATE_SESSION
    - btrfs: add missing memset while reading compressed inline extents
    - target: Use system workqueue for ALUA transitions
    - target: fix ALUA transition timeout handling
    - target: fix race during implicit transition work flushes
    - sfc: don't warn on successful change of MAC
    - fbdev: controlfb: Add missing modes to fix out of bounds access
    - video: udlfb: Fix read EDID timeout
    - video: fbdev: au1200fb: Release some resources if a memory allocation fails
    - video: fbdev: au1200fb: Return an error code if a memory allocation fails
    - rtc: pcf8563: fix output clock rate
    - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
    - PCI/PME: Handle invalid data when reading Root Status
    - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
    - netfilter: ipvs: Fix inappropriate output of procfs
    - powerpc/opal: Fix EBUSY bug in acquiring tokens
    - powerpc/ipic: Fix status get and status clear
    - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
    - iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
    - target:fix condition return in core_pr_dump_initiator_port()
    - target/file: Do not return error for UNMAP if length is zero
    - arm-ccn: perf: Prevent module unload while PMU is in use
    - crypto: tcrypt - fix buffer lengths in test_aead_speed()
    - mm: Handle 0 flags in _calc_vm_trans() macro
    - clk: mediatek: add the option for determining PLL source clock
    - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
    - clk: tegra: Fix cclk_lp divisor register
    - ppp: Destroy the mutex when cleanup
    - thermal/drivers/step_wise: Fix temperature regulation misbehavior
    - GFS2: Take inode off order_write list when setting jdata flag
    - bcache: explicitly destroy mutex while exiting
    - bcache: fix wrong cache_misses statistics
    - l2tp: cleanup l2tp_tunnel_delete calls
    - xfs: fix log block underflow during recovery cycle verification
    - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
    - PCI: Detach driver before procfs & sysfs teardown on device remove
    - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
    - scsi: hpsa: destroy sas transport properties before scsi_host
    - powerpc/perf/hv-24x7: Fix incorrect comparison in memord
    - tty fix oops when rmmod 8250
    - usb: musb: da8xx: fix babble condition handling
    - pinctrl: adi2: Fix Kconfig build problem
    - raid5: Set R5_Expanded on parity devices as well as data.
    - scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
    - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
    - scsi: sd: change manage_start_stop to bool in sysfs interface
    - scsi: sd: change allow_restart to bool in sysfs interface
    - scsi: bfa: integer overflow in debugfs
    - udf: Avoid overflow when session starts at large offset
    - macvlan: Only deliver one copy of the frame to the macvlan interface
    - RDMA/cma: Avoid triggering undefined behavior
    - IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
    - ath9k: fix tx99 potential info leak
    - Linux 4.4.107
  * Xenial update to 4.4.106 stable release (LP: #1745047)
    - can: ti_hecc: Fix napi poll return value for repoll
    - can: kvaser_usb: free buf in error paths
    - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
    - can: kvaser_usb: ratelimit errors if incomplete messages are received
    - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
    - can: ems_usb: cancel urb on -EPIPE and -EPROTO
    - can: esd_usb2: cancel urb on -EPIPE and -EPROTO
    - can: usb_8dev: cancel urb on -EPIPE and -EPROTO
    - virtio: release virtio index when fail to device_register
    - hv: kvp: Avoid reading past allocated blocks from KVP file
    - isa: Prevent NULL dereference in isa_bus driver callbacks
    - scsi: libsas: align sata_device's rps_resp on a cacheline
    - efi: Move some sysfs files to be read-only by root
    - ASN.1: fix out-of-bounds read when parsing indefinite length item
    - ASN.1: check for error from ASN1_OP_END__ACT actions
    - X.509: reject invalid BIT STRING for subjectPublicKey
    - x86/PCI: Make broadcom_postcore_init() check acpi_disabled
    - ALSA: pcm: prevent UAF in snd_pcm_info
    - ALSA: seq: Remove spurious WARN_ON() at timer check
    - ALSA: usb-audio: Fix out-of-bound error
    - ALSA: usb-audio: Add check return value for usb_string()
    - iommu/vt-d: Fix scatterlist offset handling
    - s390: fix compat system call table
    - kdb: Fix handling of kallsyms_symbol_next() return value
    - drm: extra printk() wrapper macros
    - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
    - media: dvb: i2c transfers over usb cannot be done from stack
    - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
    - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
    - arm64: fpsimd: Prevent registers leaking from dead tasks
    - ARM: BUG if jumping to usermode address in kernel mode
    - ARM: avoid faulting on qemu
    - thp: reduce indentation level in change_huge_pmd()
    - thp: fix MADV_DONTNEED vs. numa balancing race
    - mm: drop unused pmdp_huge_get_and_clear_notify()
    - Revert "drm/armada: Fix compile fail"
    - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
    - Revert "s390/kbuild: enable modversions for symbols exported from asm"
    - vti6: Don't report path MTU below IPV6_MIN_MTU.
    - ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
    - x86/hpet: Prevent might sleep splat on resume
    - selftest/powerpc: Fix false failures for skipped tests
    - module: set __jump_table alignment to 8
    - ARM: OMAP2+: Fix device node reference counts
    - ARM: OMAP2+: Release device node after it is no longer needed.
    - gpio: altera: Use handle_level_irq when configured as a level_high
    - HID: chicony: Add support for another ASUS Zen AiO keyboard
    - usb: gadget: configs: plug memory leak
    - USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
    - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
    - libata: drop WARN from protocol error in ata_sff_qc_issue()
    - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
    - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
    - irqchip/crossbar: Fix incorrect type of register size
    - KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
    - arm: KVM: Survive unknown traps from guests
    - arm64: KVM: Survive unknown traps from guests
    - spi_ks8995: fix "BUG: key accdaa28 not in .data!"
    - bnx2x: prevent crash when accessing PTP with interface down
    - bnx2x: fix possible overrun of VFPF multicast addresses array
    - bnx2x: do not rollback VF MAC/VLAN filters we did not configure
    - ipv6: reorder icmpv6_init() and ip6_mr_init()
    - crypto: s5p-sss - Fix completing crypto request in IRQ handler
    - i2c: riic: fix restart condition
    - zram: set physical queue limits to avoid array out of bounds accesses
    - netfilter: don't track fragmented packets
    - axonram: Fix gendisk handling
    - drm/amd/amdgpu: fix console deadlock if late init failed
    - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
    - EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
    - EDAC, i5000, i5400: Fix definition of NRECMEMB register
    - kbuild: pkg: use --transform option to prefix paths in tar
    - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
    - route: also update fnhe_genid when updating a route cache
    - route: update fnhe_expires for redirect when the fnhe exists
    - lib/genalloc.c: make the avail variable an atomic_long_t
    - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE
      instead of 0
    - NFS: Fix a typo in nfs_rename()
    - sunrpc: Fix rpc_task_begin trace point
    - block: wake up all tasks blocked in get_request()
    - sparc64/mm: set fields in deferred pages
    - sctp: do not free asoc when it is already dead in sctp_sendmsg
    - sctp: use the right sk after waking up from wait_buf sleep
    - atm: horizon: Fix irq release error
    - jump_label: Invoke jump_label_test() via early_initcall()
    - xfrm: Copy policy family in clone_policy
    - IB/mlx4: Increase maximal message size under UD QP
    - IB/mlx5: Assign send CQ and recv CQ of UMR QP
    - afs: Connect up the CB.ProbeUuid
    - ipvlan: fix ipv6 outbound device
    - audit: ensure that 'audit=1' actually enables audit for PID 1
    - ipmi: Stop timers before cleaning up the module
    - s390: always save and restore all registers on context switch
    - tipc: fix memory leak in tipc_accept_from_sock()
    - rds: Fix NULL pointer dereference in __rds_rdma_map
    - sit: update frag_off info
    - packet: fix crash in fanout_demux_rollover()
    - net/packet: fix a race in packet_bind() and packet_notifier()
    - Revert "x86/efi: Build our own page table structures"
    - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"
    - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
    - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
    - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
    - Linux 4.4.106
  * Xenial update to 4.4.105 stable release (LP: #1745046)
    - bcache: only permit to recovery read error when cache device is clean
    - bcache: recover data from backing when data is clean
    - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
    - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
    - serial: 8250_pci: Add Amazon PCI serial device ID
    - s390/runtime instrumentation: simplify task exit handling
    - USB: serial: option: add Quectel BG96 id
    - ima: fix hash algorithm initialization
    - s390/pci: do not require AIS facility
    - selftests/x86/ldt_get: Add a few additional tests for limits
    - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
    - spi: sh-msiof: Fix DMA transfer size check
    - usb: phy: tahvo: fix error handling in tahvo_usb_probe()
    - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
    - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
    - EDAC, sb_edac: Fix missing break in switch
    - sysrq : fix Show Regs call trace on ARM
    - perf test attr: Fix ignored test case result
    - kprobes/x86: Disable preemption in ftrace-based jprobes
    - net: systemport: Utilize skb_put_padto()
    - net: systemport: Pad packet before inserting TSB
    - ARM: OMAP1: DMA: Correct the number of logical channels
    - vti6: fix device register to report IFLA_INFO_KIND
    - net/appletalk: Fix kernel memory disclosure
    - ravb: Remove Rx overflow log messages
    - nfs: Don't take a reference on fl->fl_file for LOCK operation
    - KVM: arm/arm64: Fix occasional warning from the timer work function
    - NFSv4: Fix client recovery when server reboots multiple times
    - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
    - net: sctp: fix array overrun read on sctp_timer_tbl
    - tipc: fix cleanup at module unload
    - dmaengine: pl330: fix double lock
    - tcp: correct memory barrier usage in tcp_check_space()
    - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
    - xen-netfront: Improve error handling during initialization
    - net: fec: fix multicast filtering hardware setup
    - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
    - usb: hub: Cycle HUB power when initialization fails
    - usb: xhci: fix panic in xhci_free_virt_devices_depth_first
    - usb: ch9: Add size macro for SSP dev cap descriptor
    - USB: core: Add type-specific length check of BOS descriptors
    - USB: Increase usbfs transfer limit
    - USB: devio: Prevent integer overflow in proc_do_submiturb()
    - USB: usbfs: Filter flags passed in from user space
    - usb: host: fix incorrect updating of offset
    - xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
    - Linux 4.4.105
  * Xenial update to 4.4.104 stable release (LP: #1745043)
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - x86/efi: Hoist page table switching code into efi_call_virt()
    - x86/efi: Build our own page table structures
    - ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
    - x86/efi-bgrt: Fix kernel panic when mapping BGRT data
    - x86/efi-bgrt: Replace early_memremap() with memremap()
    - mm/madvise.c: fix madvise() infinite loop under special circumstances
    - btrfs: clear space cache inode generation always
    - KVM: x86: pvclock: Handle first-time write to pvclock-page contains random
      junk
    - KVM: x86: Exit to user-mode on #UD intercept when emulator requires
    - KVM: x86: inject exceptions produced by x86_decode_insn
    - mmc: core: Do not leave the block driver in a suspended state
    - eeprom: at24: check at24_read/write arguments
    - bcache: Fix building error on MIPS
    - Revert "drm/radeon: dont switch vt on suspend"
    - drm/radeon: fix atombios on big endian
    - drm/panel: simple: Add missing panel_simple_unprepare() calls
    - mtd: nand: Fix writing mtdoops to nand flash.
    - NFS: revalidate "." etc correctly on "open".
    - drm/i915: Don't try indexed reads to alternate slave addresses
    - drm/i915: Prevent zero length "index" write
    - nfsd: Make init_open_stateid() a bit more whole
    - nfsd: Fix stateid races between OPEN and CLOSE
    - nfsd: Fix another OPEN stateid race
    - Linux 4.4.104
  * Xenial update to 4.4.103 stable release (LP: #1744873)
    - s390: fix transactional execution control register handling
    - s390/runtime instrumention: fix possible memory corruption
    - s390/disassembler: add missing end marker for e7 table
    - s390/disassembler: increase show_code buffer size
    - AF_VSOCK: Shrink the area influenced by prepare_to_wait
    - vsock: use new wait API for vsock_stream_sendmsg()
    - sched: Make resched_cpu() unconditional
    - lib/mpi: call cond_resched() from mpi_powm() loop
    - x86/decoder: Add new TEST instruction pattern
    - ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
    - ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
    - MIPS: ralink: Fix MT7628 pinmux
    - MIPS: ralink: Fix typo in mt7628 pinmux function
    - ALSA: hda: Add Raven PCI ID
    - dm bufio: fix integer overflow when limiting maximum cache size
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()
    - MIPS: Fix an n32 core file generation regset support regression
    - MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
    - autofs: don't fail mount for transient error
    - nilfs2: fix race condition that causes file system corruption
    - eCryptfs: use after free in ecryptfs_release_messaging()
    - bcache: check ca->alloc_thread initialized before wake up it
    - isofs: fix timestamps beyond 2027
    - NFS: Fix typo in nomigration mount option
    - nfs: Fix ugly referral attributes
    - nfsd: deal with revoked delegations appropriately
    - rtlwifi: rtl8192ee: Fix memory leak when loading firmware
    - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
    - ata: fixes kernel crash while tracing ata_eh_link_autopsy event
    - ext4: fix interaction between i_size, fallocate, and delalloc after a crash
    - ALSA: pcm: update tstamp only if audio_tstamp changed
    - ALSA: usb-audio: Add sanity checks to FE parser
    - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
    - ALSA: usb-audio: Add sanity checks in v2 clock parsers
    - ALSA: timer: Remove kernel warning at compat ioctl error paths
    - ALSA: hda/realtek - Fix ALC700 family no sound issue
    - fix a page leak in vhost_scsi_iov_to_sgl() error recovery
    - fs/9p: Compare qid.path in v9fs_test_inode
    - iscsi-target: Fix non-immediate TMR reference leak
    - target: Fix QUEUE_FULL + SCSI task attribute handling
    - KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
    - KVM: SVM: obey guest PAT
    - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
    - clk: ti: dra7-atl-clock: Fix of_node reference counting
    - clk: ti: dra7-atl-clock: fix child-node lookups
    - libnvdimm, namespace: fix label initialization to use valid seq numbers
    - libnvdimm, namespace: make 'resource' attribute only readable by root
    - IB/srpt: Do not accept invalid initiator port names
    - IB/srp: Avoid that a cable pull can trigger a kernel crash
    - NFC: fix device-allocation error return
    - i40e: Use smp_rmb rather than read_barrier_depends
    - igb: Use smp_rmb rather than read_barrier_depends
    - igbvf: Use smp_rmb rather than read_barrier_depends
    - ixgbevf: Use smp_rmb rather than read_barrier_depends
    - i40evf: Use smp_rmb rather than read_barrier_depends
    - fm10k: Use smp_rmb rather than read_barrier_depends
    - ixgbe: Fix skb list corruption on Power systems
    - parisc: Fix validity check of pointer size argument in new CAS
      implementation
    - powerpc/signal: Properly handle return value from uprobe_deny_signal()
    - media: Don't do DMA on stack for firmware upload in the AS102 driver
    - media: rc: check for integer overflow
    - cx231xx-cards: fix NULL-deref on missing association descriptor
    - media: v4l2-ctrl: Fix flags field on Control events
    - sched/rt: Simplify the IPI based RT balancing logic
    - fscrypt: lock mutex before checking for bounce page pool
    - net/9p: Switch to wait_event_killable()
    - PM / OPP: Add missing of_node_put(np)
    - e1000e: Fix error path in link detection
    - e1000e: Fix return value test
    - RDS: RDMA: return appropriate error on rdma map failures
    - PCI: Apply _HPX settings only to relevant devices
    - dmaengine: zx: set DMA_CYCLIC cap_mask bit
    - net: Allow IP_MULTICAST_IF to set index to L3 slave
    - net: 3com: typhoon: typhoon_init_one: make return values more specific
    - net: 3com: typhoon: typhoon_init_one: fix incorrect return values
    - drm/armada: Fix compile fail
    - ath10k: fix incorrect txpower set by P2P_DEVICE interface
    - ath10k: ignore configuring the incorrect board_id
    - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
    - ath10k: set CTS protection VDEV param only if VDEV is up
    - ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
    - drm: Apply range restriction after color adjustment when allocation
    - mac80211: Remove invalid flag operations in mesh TSF synchronization
    - mac80211: Suppress NEW_PEER_CANDIDATE event if no room
    - iio: light: fix improper return value
    - staging: iio: cdc: fix improper return value
    - spi: SPI_FSL_DSPI should depend on HAS_DMA
    - netfilter: nft_queue: use raw_smp_processor_id()
    - netfilter: nf_tables: fix oob access
    - ASoC: rsnd: don't double free kctrl
    - btrfs: return the actual error value from from btrfs_uuid_tree_iterate
    - ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
    - s390/kbuild: enable modversions for symbols exported from asm
    - xen: xenbus driver must not accept invalid transaction ids
    - Revert "sctp: do not peel off an assoc from one netns to another one"
    - Linux 4.4.103
  * ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
    - powerpc: Do not call ppc_md.panic in fadump panic notifier
  * Xenial update to 4.4.102 stable release (LP: #1744870)
    - mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all
      call sites"
    - Linux 4.4.102
  * Xenial update to 4.4.101 stable release (LP: #1744794)
    - tcp: do not mangle skb->cb[] in tcp_make_synack()
    - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
    - bonding: discard lowest hash bit for 802.3ad layer3+4
    - vlan: fix a use-after-free in vlan_device_event()
    - af_netlink: ensure that NLMSG_DONE never fails in dumps
    - sctp: do not peel off an assoc from one netns to another one
    - fealnx: Fix building error on MIPS
    - net/sctp: Always set scope_id in sctp_inet6_skb_msgname
    - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
    - serial: omap: Fix EFR write on RTS deassertion
    - arm64: fix dump_instr when PAN and UAO are in use
    - ocfs2: should wait dio before inode lock in ocfs2_setattr()
    - ipmi: fix unsigned long underflow
    - mm/page_alloc.c: broken deferred calculation
    - coda: fix 'kernel memory exposure attempt' in fsync
    - mm: check the return value of lookup_page_ext for all call sites
    - mm/page_ext.c: check if page_ext is not prepared
    - mm/pagewalk.c: report holes in hugetlb ranges
    - Linux 4.4.101
  * Xenial update to 4.4.100 stable release (LP: #1744639)
    - media: imon: Fix null-ptr-deref in imon_probe
    - media: dib0700: fix invalid dvb_detach argument
    - KVM: x86: fix singlestepping over syscall
    - net: cdc_ether: fix divide by 0 on bad descriptors
    - net: qmi_wwan: fix divide by 0 on bad descriptors
    - arm: crypto: reduce priority of bit-sliced AES cipher
    - Bluetooth: btusb: fix QCA Rome suspend/resume
    - dmaengine: dmatest: warn user when dma test times out
    - extcon: palmas: Check the parent instance to prevent the NULL
    - fm10k: request reset when mbx->state changes
    - ARM: dts: Fix compatible for ti81xx uarts for 8250
    - ARM: dts: Fix am335x and dm814x scm syscon to probe children
    - ARM: OMAP2+: Fix init for multiple quirks for the same SoC
    - ARM: dts: Fix omap3 off mode pull defines
    - ata: ATA_BMDMA should depend on HAS_DMA
    - ata: SATA_HIGHBANK should depend on HAS_DMA
    - ata: SATA_MV should depend on HAS_DMA
    - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache
    - igb: reset the PHY before reading the PHY ID
    - igb: close/suspend race in netif_device_detach
    - igb: Fix hw_dbg logging in igb_update_flash_i210
    - scsi: ufs-qcom: Fix module autoload
    - scsi: ufs: add capability to keep auto bkops always enabled
    - staging: rtl8188eu: fix incorrect ERROR tags from logs
    - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort
    - scsi: lpfc: Correct host name in symbolic_name field
    - scsi: lpfc: Correct issue leading to oops during link reset
    - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload
    - ALSA: vx: Don't try to update capture stream before running
    - ALSA: vx: Fix possible transfer overflow
    - backlight: lcd: Fix race condition during register
    - backlight: adp5520: Fix error handling in adp5520_bl_probe()
    - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap
    - ALSA: hda/realtek - Add new codec ID ALC299
    - arm64: dts: NS2: reserve memory for Nitro firmware
    - ixgbe: fix AER error handling
    - ixgbe: handle close/suspend race with netif_device_detach/present
    - ixgbe: Reduce I2C retry count on X550 devices
    - ixgbe: add mask for 64 RSS queues
    - ixgbe: do not disable FEC from the driver
    - staging: rtl8712: fixed little endian problem
    - MIPS: End asm function prologue macros with .insn
    - mm: add PHYS_PFN, use it in __phys_to_pfn()
    - MIPS: init: Ensure bootmem does not corrupt reserved memory
    - MIPS: init: Ensure reserved memory regions are not added to bootmem
    - MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds
    - Revert "crypto: xts - Add ECB dependency"
    - Revert "uapi: fix linux/rds.h userspace compilation errors"
    - uapi: fix linux/rds.h userspace compilation error
    - uapi: fix linux/rds.h userspace compilation errors
    - USB: usbfs: compute urb->actual_length for isochronous
    - USB: Add delay-init quirk for Corsair K70 LUX keyboards
    - USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
    - USB: serial: garmin_gps: fix I/O after failed probe and remove
    - USB: serial: garmin_gps: fix memory leak on probe errors
    - Linux 4.4.100
  * Xenial update to 4.4.99 stable release (LP: #1744636)
    - mac80211: accept key reinstall without changing anything
    - mac80211: use constant time comparison with keys
    - mac80211: don't compare TKIP TX MIC key in reinstall prevention
    - usb: usbtest: fix NULL pointer dereference
    - Input: ims-psu - check if CDC union descriptor is sane
    - ALSA: seq: Cancel pending autoload work at unbinding device
    - tun/tap: sanitize TUNSETSNDBUF input
    - tcp: fix tcp_mtu_probe() vs highest_sack
    - l2tp: check ps->sock before running pppol2tp_session_ioctl()
    - tun: call dev_get_valid_name() before register_netdevice()
    - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
    - packet: avoid panic in packet_getsockopt()
    - ipv6: flowlabel: do not leave opt->tot_len with garbage
    - net/unix: don't show information about sockets from other namespaces
    - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
    - tun: allow positive return values on dev_get_valid_name() call
    - sctp: reset owner sk for data chunks on out queues when migrating a sock
    - ppp: fix race in ppp device destruction
    - ipip: only increase err_count for some certain type icmp in ipip_err
    - tcp/dccp: fix ireq->opt races
    - tcp/dccp: fix lockdep splat in inet_csk_route_req()
    - tcp/dccp: fix other lockdep splats accessing ireq_opt
    - security/keys: add CONFIG_KEYS_COMPAT to Kconfig
    - tipc: fix link attribute propagation bug
    - brcmfmac: remove setting IBSS mode when stopping AP
    - target/iscsi: Fix iSCSI task reassignment handling
    - target: Fix node_acl demo-mode + uncached dynamic shutdown regression
    - misc: panel: properly restore atomic counter on error path
    - Linux 4.4.99
  * elantech touchpad of Lenovo L480/580 failed to detect hw_version
    (LP: #1733605)
    - Input: elantech - add new icbody type 15
  * Disabling zfs does not always disable module checks for the zfs modules
    (LP: #1737176)
    - [Packaging] disable zfs module checks when zfs is disabled
  * Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
    (LP: #1735977)
    - integrity: convert digsig to akcipher api
  * CVE-2017-17450
    - netfilter: xt_osf: Add missing permission checks
  * CVE-2017-15129
    - net: Fix double free and memory corruption in get_net_ns_by_id()
  * CVE-2018-5344
    - loop: fix concurrent lo_open/lo_release
  * [KVM] Lower the default for halt_poll_ns to 200000 ns (LP: #1724614)
    - KVM: x86: lower default for halt_poll_ns
  * $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted
    (LP: #1744077)
    - [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly
  * Redpine: Wifi/BT not functioning after s3 resume (LP: #1742090) //
    [16.04][classic] Redpine: wowlan feature doesn't work (LP: #1742094)
    - SAUCE: Redpine: fix for wowlan wakeup failure
    - SAUCE: Redpine: fix data issue with non-uapsd APs
    - SAUCE: Redpine: fix reset card issue
    - SAUCE: Redpine: fix wowlan issue
  * Using an NVMe drive causes huge power drain (LP: #1664602) // Samsung SSD
    960 EVO 500GB refused to change power state (LP: #1705748)
    - nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
  * Using an NVMe drive causes huge power drain (LP: #1664602)
    - nvme/scsi: Remove power management support
    - nvme: return the whole CQE through the request passthrough interface
    - nvme: factor out a add nvme_is_write helper
    - nvme: Modify and export sync command submission for fabrics
    - nvme: Fix nvme_get/set_features() with a NULL result pointer
    - nvme: Pass pointers, not dma addresses, to nvme_get/set_features()
    - nvme: Add a quirk mechanism that uses identify_ctrl
    - nvme: Enable autonomous power state transitions
    - nvme: Adjust the Samsung APST quirk
    - nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA"
    - nvme: only consider exit latency when choosing useful non-op power states
    - nvme: relax APST default max latency to 100ms
    - nvme: Quirk APST on Intel 600P/P3100 devices
  * CVE-2017-17862
    - bpf: fix branch pruning logic
  * CVE-2017-16995
    - bpf: fix incorrect sign extension in check_alu_op()
  * CVE-2017-17741
    - KVM: Fix stack-out-of-bounds read in write_mmio
  * CVE-2018-5333
    - RDS: null pointer dereference in rds_atomic_free_op
  * the kernel is blackholing IPv6 packets to linkdown nexthops (LP: #1738219)
    - ipv6: Do not consider linkdown nexthops during multipath
  * /dev/bcache/by-uuid links not created after reboot (LP: #1729145)
    - SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent
  * e1000e in 4.4.0-97-generic breaks 82574L under heavy load. (LP: #1730550)
    - e1000e: Avoid receiver overrun interrupt bursts
    - e1000e: Separate signaling for link check/link up
  * ath10k: enhance rf signal strength (LP: #1736317)
    - ath10k: add max_tx_power for QCA6174 WLAN.RM.2.0 firmware
  * User reports excessive ALUA retry messages (LP: #1720228)
    - scsi_dh_alua: uninitialized variable in alua_rtpg()
  * Add installer support for new Broadcom network drivers.  (LP: #1734757)
    - d-i: Add bnxt_en_bpo to nic-modules.
  * Transparent hugepages should default to enabled=madvise (LP: #1703742)
    - SAUCE: use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default

 -- Kleber Sacilotto de Souza <email address hidden>  Mon, 19 Mar 2018 10:54:09 +0000

Available diffs

Superseded in bionic-release on 2018-04-02
Superseded in bionic-release on 2018-03-15
Deleted in bionic-proposed on 2018-04-04 (Reason: moved to release)
linux-kvm (4.15.0-1002.2) bionic; urgency=medium

  * CONFIG_VIRTIO_BLK=y in bionic (LP: #1755808)
    - kvm: [config] VIRTIO_BLK=y built-in

  * Miscellaneous upstream changes
    - kvm: [config] enable X86_VSYSCALL_EMULATION

Superseded in xenial-security on 2018-04-04
Superseded in xenial-updates on 2018-04-04
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1019.24) xenial; urgency=medium

  * linux-kvm: 4.4.0-1019.24 -proposed tracker (LP: #1749092)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
    (LP: #1748671)
    - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
    - SAUCE: turn off IBRS when full retpoline is present
    - [Packaging] retpoline files must be sorted
    - [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
    Ubuntu 16.04 LTS Kernel (LP: #1744117)
    - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
    - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
    (LP: #1747090)
    - KVM: s390: wire up bpb feature
    - KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
    - SAUCE: drop lingering gmb() macro
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: Fix spec_ctrl support in KVM
    - SAUCE: turn off IBPB when full retpoline is present

Deleted in xenial-proposed on 2018-02-14 (Reason: NBS)
linux-kvm (4.4.0-1018.23) xenial; urgency=low

  * linux-kvm: 4.4.0-1018.23 -proposed tracker (LP: #1746944)

  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
    (LP: #1743638)
    - [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: reinstate MFENCE_RDTSC feature definition
    - locking/barriers: introduce new observable speculation barrier
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - ipv4: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - userns: prevent speculative execution
    - SAUCE: claim mitigation via observable speculation barrier
    - SAUCE: powerpc: add osb barrier
    - SAUCE: s390/spinlock: add osb memory barrier
    - SAUCE: arm64: no osb() implementation yet
    - SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
    - x86/cpu: Merge bugs.c and bugs_64.c
    - sysfs/cpu: Add vulnerability folder
    - x86/cpu: Implement CPU vulnerabilites sysfs functions
    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
    - x86/asm: Use register variable to get stack pointer value
    - x86/kbuild: enable modversions for symbols exported from asm
    - x86/asm: Make asm/alternative.h safe from assembly
    - EXPORT_SYMBOL() for asm
    - kconfig.h: use __is_defined() to check if MODULE is defined
    - x86/retpoline: Add initial retpoline support
    - x86/spectre: Add boot time option to select Spectre v2 mitigation
    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
    - x86/retpoline/entry: Convert entry assembler indirect jumps
    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
    - x86/retpoline/hyperv: Convert assembler indirect jumps
    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
    - x86/retpoline/checksum32: Convert assembler indirect jumps
    - x86/retpoline/irq32: Convert assembler indirect jumps
    - x86/retpoline: Fill return stack buffer on vmexit
    - x86/retpoline: Remove compile time warning
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - module: Add retpoline tag to VERMAGIC
    - x86/mce: Make machine check speculation protected
    - retpoline: Introduce start/end markers of indirect thunk
    - kprobes/x86: Blacklist indirect thunk functions for kprobes
    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - [Config] CONFIG_RETPOLINE=y
    - [Packaging] retpoline -- add call site validation
    - [Config] disable retpoline checks for first upload
  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
    - Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
    - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
    - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
    - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
    - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
      support IBPB feature -- repair missmerge"
    - Revert "arm: no gmb() implementation yet"
    - Revert "arm64: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
    - Revert "s390/spinlock: add gmb memory barrier"
    - Revert "powerpc: add gmb barrier"
    - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - Revert "x86/svm: Add code to clobber the RSB on VM exit"
    - Revert "KVM: x86: Add speculative control CPUID support for guests"
    - Revert "x86/svm: Set IBPB when running a different VCPU"
    - Revert "x86/svm: Set IBRS value on VM entry and exit"
    - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
    - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
    - Revert "x86/cpu/AMD: Add speculative control support for AMD"
    - Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
    - Revert "x86/entry: Use retpoline for syscall's indirect calls"
    - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
      syscall entrance"
    - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
    - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
      control"
    - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
    - Revert "x86/kvm: Pad RSB on VM transition"
    - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
    - Revert "x86/kvm: Set IBPB when switching VM"
    - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
    - Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread"
    - Revert "x86/mm: Set IBPB upon context switch"
    - Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
    - Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
    - Revert "x86/enter: Use IBRS on syscall and interrupts"
    - Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
    - Revert "x86/feature: Report presence of IBPB and IBRS control"
    - Revert "x86/feature: Enable the x86 feature to control Speculation"
    - Revert "udf: prevent speculative execution"
    - Revert "net: mpls: prevent speculative execution"
    - Revert "fs: prevent speculative execution"
    - Revert "ipv6: prevent speculative execution"
    - Revert "userns: prevent speculative execution"
    - Revert "Thermal/int340x: prevent speculative execution"
    - Revert "qla2xxx: prevent speculative execution"
    - Revert "carl9170: prevent speculative execution"
    - Revert "uvcvideo: prevent speculative execution"
    - Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"
  * CVE-2017-17712
    - net: ipv4: fix for a race condition in raw_sendmsg
  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default
  * CVE-CVE-2017-12190
    - more bio_map_user_iov() leak fixes
  * CVE-2015-8952
    - mbcache2: reimplement mbcache
    - ext2: convert to mbcache2
    - ext4: convert to mbcache2
    - mbcache2: limit cache size
    - mbcache2: Use referenced bit instead of LRU
    - ext4: kill ext4_mballoc_ready
    - ext4: shortcut setting of xattr to the same value
    - mbcache: remove mbcache
    - mbcache2: rename to mbcache
    - mbcache: get rid of _e_hash_list_head
    - mbcache: add reusable flag to cache entries
  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one
  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

  [ Ubuntu: 4.4.0-112.135 ]

  * linux: 4.4.0-112.135 -proposed tracker (LP: #1744244)
  * CVE-2017-5715 // CVE-2017-5753
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - SAUCE: Fix spec_ctrl support in KVM
    - SAUCE: s390: improve cpu alternative handling for gmb and nobp
    - SAUCE: s390: print messages for gmb and nobp
    - [Config] KERNEL_NOBP=y

  [ Ubuntu: 4.4.0-111.134 ]

  * linux: 4.4.0-111.134 -proposed tracker (LP: #1743362)
  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
      -- repair missmerge
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - kvm: vmx: Scrub hardware GPRs at VM-exit
  * CVE-2017-5754
    - SAUCE: powerpc: use sync instead of hwsync mnemonic

 -- Kleber Sacilotto de Souza <email address hidden>  Thu, 08 Feb 2018 12:30:28 +0100
Superseded in xenial-updates on 2018-02-21
Superseded in xenial-security on 2018-02-21
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1017.22) xenial; urgency=low

  * linux-kvm: 4.4.0-1016.21 -proposed tracker (LP: #1743002)

  [ Ubuntu: 4.4.0-110.133 ]

  * linux: 4.4.0-110.133 -proposed tracker (LP: #1742995)
  * CVE-2017-5753
    - x86/microcode/AMD: Add support for fam17h microcode loading
    - bpf: add bpf_patch_insn_single helper
    - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
    - bpf: add generic constant blinding for use in jits
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/syscall: Clear unused extra registers on syscall entrance
    - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
      entrance
    - x86/entry: Use retpoline for syscall's indirect calls
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - x86/svm: Add code to clobber the RSB on VM exit
    - x86/svm: Add code to clear registers on VM exit
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - powerpc: add gmb barrier
    - s390/spinlock: add gmb memory barrier
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - arm64: no gmb() implementation yet
    - arm: no gmb() implementation yet
  * CVE-2017-5715
    - x86/microcode/AMD: Add support for fam17h microcode loading
    - bpf: add bpf_patch_insn_single helper
    - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
    - bpf: add generic constant blinding for use in jits
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/syscall: Clear unused extra registers on syscall entrance
    - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
      entrance
    - x86/entry: Use retpoline for syscall's indirect calls
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - x86/svm: Add code to clobber the RSB on VM exit
    - x86/svm: Add code to clear registers on VM exit
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - powerpc: add gmb barrier
    - s390/spinlock: add gmb memory barrier
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - arm64: no gmb() implementation yet
    - arm: no gmb() implementation yet
  * powerpc: flush L1D on return to use (LP: #1742772)
    - SAUCE: powerpc: Secure memory rfi flush
    - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
    - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
    - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
    - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
    - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
    - SAUCE: rfi-flush: Implement congruence-first fallback flush
    - SAUCE: rfi-flush: Make l1d_flush_type bit flags
    - SAUCE: rfi-flush: Push the instruction selection down to the patching
      routine
    - SAUCE: rfi-flush: Expand the RFI section to two nop slots
    - SAUCE: rfi-flush: Support more than one flush type at once
    - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
    - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
    - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
    - SAUCE: Remove setup.h include file otherwise compilation complains about
      missing header file.
    - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Rework powernv logic to be more cautious
    - SAUCE: rfi-flush: Rework pseries logic to be more cautious
    - SAUCE: rfi-flush: Fix the fallback flush to actually activate
    - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
    - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
    - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
    - SAUCE: rfi-flush: Use rfi-flush in printks
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI
  * s390: add ppa to kernel entry/exit (LP: #1742771)
    - s390: introduce CPU alternatives
    - s390: add ppa to kernel entry / exit
  * CVE-2017-5754
    - x86/tlb: Drop the _GPL from the cpu_tlbstate export
    - Map the vsyscall page with _PAGE_USER
    - s390: introduce CPU alternatives
    - s390: add ppa to kernel entry / exit
    - SAUCE: powerpc: Secure memory rfi flush
    - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
    - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
    - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
    - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
    - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
    - SAUCE: rfi-flush: Implement congruence-first fallback flush
    - SAUCE: rfi-flush: Make l1d_flush_type bit flags
    - SAUCE: rfi-flush: Push the instruction selection down to the patching
      routine
    - SAUCE: rfi-flush: Expand the RFI section to two nop slots
    - SAUCE: rfi-flush: Support more than one flush type at once
    - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
    - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
    - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
    - SAUCE: Remove setup.h include file otherwise compilation complains about
      missing header file.
    - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Rework powernv logic to be more cautious
    - SAUCE: rfi-flush: Rework pseries logic to be more cautious
    - SAUCE: rfi-flush: Fix the fallback flush to actually activate
    - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
    - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
    - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
    - SAUCE: rfi-flush: Use rfi-flush in printks
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI

Superseded in xenial-security on 2018-01-29
Superseded in xenial-updates on 2018-01-29
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1015.20) xenial; urgency=low

  * linux-kvm: 4.4.0-1015.20 -proposed tracker (LP: #1741651)

  [ Ubuntu: 4.4.0-107.130 ]

  * linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)
  * CVE-2017-5754
    - Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
    - KPTI: Report when enabled
    - x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
    - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
    - x86/kasan: Clear kasan_zero_page after TLB flush
    - kaiser: Set _PAGE_NX only if supported

  [ Ubuntu: 4.4.0-106.129 ]

  * linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)
  * CVE-2017-5754
    - KAISER: Kernel Address Isolation
    - kaiser: merged update
    - kaiser: do not set _PAGE_NX on pgd_none
    - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
    - kaiser: fix build and FIXME in alloc_ldt_struct()
    - kaiser: KAISER depends on SMP
    - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
    - kaiser: fix perf crashes
    - kaiser: ENOMEM if kaiser_pagetable_walk() NULL
    - kaiser: tidied up asm/kaiser.h somewhat
    - kaiser: tidied up kaiser_add/remove_mapping slightly
    - kaiser: kaiser_remove_mapping() move along the pgd
    - kaiser: cleanups while trying for gold link
    - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
    - kaiser: delete KAISER_REAL_SWITCH option
    - kaiser: vmstat show NR_KAISERTABLE as nr_overhead
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm: Add INVPCID helpers
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - kaiser: enhanced by kernel and user PCIDs
    - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
    - kaiser: PCID 0 for kernel and 128 for user
    - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
    - kaiser: paranoid_entry pass cr3 need to paranoid_exit
    - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
    - kaiser: fix unlikely error in alloc_ldt_struct()
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: drop is_atomic arg to kaiser_pagetable_walk()
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - kvm: x86: fix RSM when PCID is non-zero
    - SAUCE: arch/x86/entry/vdso: temporarily disable vdso
    - [Config]: CONFIG_KAISER=y

 -- Kamal Mostafa <email address hidden>  Sat, 06 Jan 2018 14:10:06 -0800
Deleted in xenial-proposed on 2018-01-16 (Reason: NBS)
linux-kvm (4.4.0-1014.19) xenial; urgency=low

  * linux-kvm: 4.4.0-1014.19 -proposed tracker (LP: #1737923)


  [ Ubuntu: 4.4.0-105.128 ]

  * linux: 4.4.0-105.128 -proposed tracker (LP: #1737916)
  * CVE-CVE-2017-12190
    - more bio_map_user_iov() leak fixes
  * CVE-2015-8952
    - mbcache2: reimplement mbcache
    - ext2: convert to mbcache2
    - ext4: convert to mbcache2
    - mbcache2: limit cache size
    - mbcache2: Use referenced bit instead of LRU
    - ext4: kill ext4_mballoc_ready
    - ext4: shortcut setting of xattr to the same value
    - mbcache: remove mbcache
    - mbcache2: rename to mbcache
    - mbcache: get rid of _e_hash_list_head
    - mbcache: add reusable flag to cache entries
  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one
  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

  [ Ubuntu: 4.4.0-105.128 ]

  * linux: 4.4.0-105.128 -proposed tracker (LP: #1737916)
  * CVE-CVE-2017-12190
    - more bio_map_user_iov() leak fixes
  * CVE-2015-8952
    - mbcache2: reimplement mbcache
    - ext2: convert to mbcache2
    - ext4: convert to mbcache2
    - mbcache2: limit cache size
    - mbcache2: Use referenced bit instead of LRU
    - ext4: kill ext4_mballoc_ready
    - ext4: shortcut setting of xattr to the same value
    - mbcache: remove mbcache
    - mbcache2: rename to mbcache
    - mbcache: get rid of _e_hash_list_head
    - mbcache: add reusable flag to cache entries
  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one
  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

 -- Thadeu Lima de Souza Cascardo <email address hidden>  Fri, 15 Dec 2017 15:38:15 -0200

Available diffs

Deleted in bionic-proposed (Reason: not migratable due to binutils strict dep; will be reuplo...)
Superseded in xenial-security on 2018-01-09
Superseded in xenial-updates on 2018-01-09
Deleted in xenial-proposed (Reason: NBS)
linux-kvm (4.4.0-1013.18) xenial; urgency=low

  * linux-kvm: 4.4.0-1013.18 -proposed tracker (LP: #1737518)


  [ Ubuntu: 4.4.0-104.127 ]

  * linux: 4.4.0-104.127 -proposed tracker (LP: #1737511)
  * upgrading linux-image package to 4.4.0-103.126 breaks Ceph network file
    system connection (LP: #1737033)
    - Revert "libceph: MOSDOpReply v7 encoding"
    - Revert "libceph: advertise support for TUNABLES5"
    - Revert "crush: decode and initialize chooseleaf_stable"
    - Revert "crush: add chooseleaf_stable tunable"
    - Revert "crush: ensure take bucket value is valid"
    - Revert "crush: ensure bucket id is valid before indexing buckets array"

 -- Thadeu Lima de Souza Cascardo <email address hidden>  Mon, 11 Dec 2017 12:57:47 -0200

Available diffs

Superseded in xenial-security on 2017-12-14
Superseded in xenial-updates on 2017-12-14
Deleted in xenial-proposed (Reason: NBS)
linux-kvm (4.4.0-1012.17) xenial; urgency=low

  * linux-kvm: 4.4.0-1012.17 -proposed tracker (LP: #1736189)

  [ Ubuntu: 4.4.0-103.126 ]

  * linux: 4.4.0-103.126 -proposed tracker (LP: #1736181)
  * CVE-2017-1000405
    - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
  * CVE-2017-16939
    - netlink: add a start callback for starting a netlink dump
    - ipsec: Fix aborted xfrm policy dump crash

Deleted in xenial-proposed on 2017-12-06 (Reason: NBS)
linux-kvm (4.4.0-1011.16) xenial; urgency=low

  * linux-kvm: 4.4.0-1011.16 -proposed tracker (LP: #1734968)

  * linux-kvm standard configs for kernel test suite (LP: #1729681)
    - kvm: [config] enable AIO
    - kvm: [config] enable HUGETLBFS
    - kvm: [config] enable IA32_EMULATION
    - kvm: [config] enable SWAP
    - kvm: [config] enable USERFAULTFD
    - kvm: [config] enable FANOTIFY
    - kvm: [config] enable EVENTFD
    - kvm: [config] enable POSIX_MQUEUE
    - kvm: [config] enable MEMBARRIER
    - kvm: [config] enable CONNECTOR, PROC_EVENTS
    - kvm: [config] enable ADVISE_SYSCALLS
    - kvm: [config] enable SECURITY, SECURITY_APPARMOR
    - kvm: [config] enable DEVPTS_MULTIPLE_INSTANCES
    - kvm: [config] enable IP_ADVANCED_ROUTER
    - kvm: [config] enable RELOCATABLE, RANDOMIZE_BASE
    - kvm: [config] enable CC_STACKPROTECTOR_STRONG
    - kvm: [config] enable SELINUX, SMACK, TOMOYO, YAMA
    - kvm: [config] enable OPENVSWITCH

  [ Ubuntu: 4.4.0-102.125 ]

  * linux: 4.4.0-102.125 -proposed tracker (LP: #1733541)
  * tar -x sometimes fails on overlayfs (LP: #1728489)
    - ovl: check if all layers are on the same fs
    - ovl: persistent inode number for directories
  * NVMe timeout is too short (LP: #1729119)
    - nvme: update timeout module parameter type
  * Set PANIC_TIMEOUT=10 on Power Systems (LP: #1730660)
    - [Config]: Set PANIC_TIMEOUT=10 on ppc64el
  * Cannot pair BLE remote devices when using combo BT SoC (LP: #1731467)
    - Bluetooth: increase timeout for le auto connections
  * CIFS errors on 4.4.0-98, but not on 4.4.0-97 with same config (LP: #1729337)
    - SMB3: Validate negotiate request must always be signed
  * Plantronics P610 does not support sample rate reading (LP: #1719853)
    - ALSA: usb-audio: Add sample rate quirk for Plantronics P610
  * Invalid btree pointer causes the kernel NULL pointer dereference
    (LP: #1729256)
    - xfs: reinit btree pointer on attr tree inactivation walk
  * Samba mount/umount in docker container triggers kernel Oops (LP: #1729637)
    - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER
    - ipv6: fix NULL dereference in ip6_route_dev_notify()
  * [kernel] tty/hvc: Use opal irqchip interface if available (LP: #1728098)
    - tty/hvc: Use opal irqchip interface if available
  * Device hotplugging with MPT SAS cannot work for VMWare ESXi (LP: #1730852)
    - scsi: mptsas: Fixup device hotplug for VMWare ESXi
  * NMI watchdog: BUG: soft lockup on Guest upon boot (KVM) (LP: #1727331)
    - KVM: PPC: Book3S: Treat VTB as a per-subcore register, not per-thread
  * Attempt to map rbd image from ceph jewel/luminous hangs (LP: #1728739)
    - crush: ensure bucket id is valid before indexing buckets array
    - crush: ensure take bucket value is valid
    - crush: add chooseleaf_stable tunable
    - crush: decode and initialize chooseleaf_stable
    - libceph: advertise support for TUNABLES5
    - libceph: MOSDOpReply v7 encoding
  * Xenial update to 4.4.98 stable release (LP: #1732698)
    - adv7604: Initialize drive strength to default when using DT
    - video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
    - PCI: mvebu: Handle changes to the bridge windows while enabled
    - xen/netback: set default upper limit of tx/rx queues to 8
    - drm: drm_minor_register(): Clean up debugfs on failure
    - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
    - iommu/arm-smmu-v3: Clear prior settings when updating STEs
    - powerpc/corenet: explicitly disable the SDHC controller on kmcoge4
    - ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6
    - crypto: vmx - disable preemption to enable vsx in aes_ctr.c
    - iio: trigger: free trigger resource correctly
    - phy: increase size of MII_BUS_ID_SIZE and bus_id
    - serial: sh-sci: Fix register offsets for the IRDA serial port
    - usb: hcd: initialize hcd->flags to 0 when rm hcd
    - netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
    - IPsec: do not ignore crypto err in ah4 input
    - Input: mpr121 - handle multiple bits change of status register
    - Input: mpr121 - set missing event capability
    - IB/ipoib: Change list_del to list_del_init in the tx object
    - s390/qeth: issue STARTLAN as first IPA command
    - (config) Add NET_DSA=n
    - net: dsa: select NET_SWITCHDEV
    - platform/x86: hp-wmi: Fix detection for dock and tablet mode
    - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
    - KEYS: trusted: sanitize all key material
    - KEYS: trusted: fix writing past end of buffer in trusted_read()
    - platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state
    - platform/x86: hp-wmi: Do not shadow error values
    - x86/uaccess, sched/preempt: Verify access_ok() context
    - workqueue: Fix NULL pointer dereference
    - crypto: x86/sha1-mb - fix panic due to unaligned access
    - KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
    - ARM: 8720/1: ensure dump_instr() checks addr_limit
    - ALSA: seq: Fix OSS sysex delivery in OSS emulation
    - ALSA: seq: Avoid invalid lockdep class warning
    - MIPS: microMIPS: Fix incorrect mask in insn_table_MM
    - MIPS: Fix CM region target definitions
    - MIPS: SMP: Use a completion event to signal CPU up
    - MIPS: Fix race on setting and getting cpu_online_mask
    - MIPS: SMP: Fix deadlock & online race
    - test: firmware_class: report errors properly on failure
    - selftests: firmware: add empty string and async tests
    - selftests: firmware: send expected errors to /dev/null
    - tools: firmware: check for distro fallback udev cancel rule
    - MIPS: AR7: Defer registration of GPIO
    - MIPS: AR7: Ensure that serial ports are properly set up
    - Input: elan_i2c - add ELAN060C to the ACPI table
    - drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
    - rbd: use GFP_NOIO for parent stat and data requests
    - can: sun4i: handle overrun in RX FIFO
    - can: c_can: don't indicate triple sampling support for D_CAN
    - x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context
    - PKCS#7: fix unitialized boolean 'want'
    - Linux 4.4.98
  * ELANTECH Touchpad is not detected in 'Lenovo Ideapad 320 14AST' after fresh
    install (LP: #1727544)
    - Input: elan_i2c - add ELAN060C to the ACPI table
  * Xenial update to 4.4.97 stable release (LP: #1731915)
    - ALSA: timer: Add missing mutex lock for compat ioctls
    - ALSA: seq: Fix nested rwsem annotation for lockdep splat
    - cifs: check MaxPathNameComponentLength != 0 before using it
    - KEYS: return full count in keyring_read() if buffer is too small
    - KEYS: fix out-of-bounds read during ASN.1 parsing
    - ASoC: adau17x1: Workaround for noise bug in ADC
    - arm64: ensure __dump_instr() checks addr_limit
    - ARM: dts: mvebu: pl310-cache disable double-linefill
    - ARM: 8715/1: add a private asm/unaligned.h
    - ocfs2: fstrim: Fix start offset of first cluster group during fstrim
    - perf tools: Fix build failure on perl script context
    - drm/msm: Fix potential buffer overflow issue
    - drm/msm: fix an integer overflow test
    - tracing/samples: Fix creation and deletion of simple_thread_fn creation
    - Fix tracing sample code warning.
    - PM / wakeirq: report a wakeup_event on dedicated wekup irq
    - mmc: s3cmci: include linux/interrupt.h for tasklet_struct
    - ARM: pxa: Don't rely on public mmc header to include leds.h
    - mfd: ab8500-sysctrl: Handle probe deferral
    - mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped
    - staging: rtl8712u: Fix endian settings for structs describing network
      packets
    - ext4: fix stripe-unaligned allocations
    - ext4: do not use stripe_width if it is not set
    - i2c: riic: correctly finish transfers
    - drm/amdgpu: when dpm disabled, also need to stop/start vce.
    - perf tools: Only increase index if perf_evsel__new_idx() succeeds
    - cx231xx: Fix I2C on Internal Master 3 Bus
    - xen/manage: correct return value check on xenbus_scanf()
    - scsi: aacraid: Process Error for response I/O
    - platform/x86: intel_mid_thermal: Fix module autoload
    - staging: lustre: llite: don't invoke direct_IO for the EOF case
    - staging: lustre: hsm: stack overrun in hai_dump_data_field
    - staging: lustre: ptlrpc: skip lock if export failed
    - exynos4-is: fimc-is: Unmap region obtained by of_iomap()
    - mei: return error on notification request to a disconnected client
    - s390/dasd: check for device error pointer within state change interrupts
    - bt8xx: fix memory leak
    - xen: don't print error message in case of missing Xenstore entry
    - staging: r8712u: Fix Sparse warning in rtl871x_xmit.c
    - Linux 4.4.97
  * Xenial update to 4.4.96 stable release (LP: #1731882)
    - workqueue: replace pool->manager_arb mutex with a flag
    - ALSA: hda/realtek - Add support for ALC236/ALC3204
    - ALSA: hda - fix headset mic problem for Dell machines with alc236
    - ceph: unlock dangling spinlock in try_flush_caps()
    - usb: xhci: Handle error condition in xhci_stop_device()
    - spi: uapi: spidev: add missing ioctl header
    - fuse: fix READDIRPLUS skipping an entry
    - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
    - Input: elan_i2c - add ELAN0611 to the ACPI table
    - Input: gtco - fix potential out-of-bound access
    - assoc_array: Fix a buggy node-splitting case
    - scsi: zfcp: fix erp_action use-before-initialize in REC action trace
    - scsi: sg: Re-fix off by one in sg_fill_request_table()
    - can: sun4i: fix loopback mode
    - can: kvaser_usb: Correct return value in printout
    - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages
    - regulator: fan53555: fix I2C device ids
    - x86/microcode/intel: Disable late loading on model 79
    - ecryptfs: fix dereference of NULL user_key_payload
    - Revert "drm: bridge: add DT bindings for TI ths8135"
    - Linux 4.4.96
  * Touchpad not detected - Lenovo ideapad 320-15IKB (LP: #1723736)
    - Input: elan_i2c - add ELAN0611 to the ACPI table

  [ Ubuntu: 4.4.0-101.124 ]

  * linux: 4.4.0-101.124 -proposed tracker (LP: #1731264)
  * s390/mm: fix write access check in gup_huge_pmd() (LP: #1730596)
    - s390/mm: fix write access check in gup_huge_pmd()

 -- Kamal Mostafa <email address hidden>  Tue, 28 Nov 2017 09:42:13 -0800

Available diffs

Superseded in xenial-security on 2017-12-07
Superseded in xenial-updates on 2017-12-07
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1010.15) xenial; urgency=low

  * linux-kvm: 4.4.0-1010.15 -proposed tracker (LP: #1729287)

  * linux-kvm needs CONFIG_USER_NS (LP: #1729023)
    - kvm: [config] enable USER_NS

  * no network after boot (LP: #1724359)
    - kvm: [config] enable DMI, DMIID

  * lack of random bits on linux-kvm (LP: #1729021)
    - kvm: [config] enable HW_RANDOM

  * lxd fails to run on linux-kvm (LP: #1723527)
    - kvm: [config] enable BRIDGE, NETFILTER, IPTABLES

  [ Ubuntu: 4.4.0-100.123 ]

  * linux: 4.4.0-100.123 -proposed tracker (LP: #1729273)
  * Xenial update to 4.4.95 stable release (LP: #1729107)
    - USB: devio: Revert "USB: devio: Don't corrupt user memory"
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
    - USB: serial: metro-usb: add MS7820 device id
    - usb: cdc_acm: Add quirk for Elatec TWN3
    - usb: quirks: add quirk for WORLDE MINI MIDI keyboard
    - usb: hub: Allow reset retry for USB2 devices on connect bounce
    - ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
    - can: gs_usb: fix busy loop if no more TX context is available
    - usb: musb: sunxi: Explicitly release USB PHY on exit
    - usb: musb: Check for host-mode using is_host_active() on reset interrupt
    - can: esd_usb2: Fix can_dlc value for received RTR, frames
    - drm/nouveau/bsp/g92: disable by default
    - drm/nouveau/mmu: flush tlbs before deleting page tables
    - ALSA: seq: Enable 'use' locking in all configurations
    - ALSA: hda: Remove superfluous '-' added by printk conversion
    - i2c: ismt: Separate I2C block read from SMBus block read
    - brcmsmac: make some local variables 'static const' to reduce stack size
    - bus: mbus: fix window size calculation for 4GB windows
    - clockevents/drivers/cs5535: Improve resilience to spurious interrupts
    - rtlwifi: rtl8821ae: Fix connection lost problem
    - KEYS: encrypted: fix dereference of NULL user_key_payload
    - lib/digsig: fix dereference of NULL user_key_payload
    - KEYS: don't let add_key() update an uninstantiated key
    - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
    - parisc: Avoid trashing sr2 and sr3 in LWS code
    - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
    - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
    - f2fs crypto: replace some BUG_ON()'s with error checks
    - f2fs crypto: add missing locking for keyring_key access
    - fscrypt: fix dereference of NULL user_key_payload
    - KEYS: Fix race between updating and finding a negative key
    - fscrypto: require write access to mount to set encryption policy
    - FS-Cache: fix dereference of NULL user_key_payload
    - Linux 4.4.95
  * Xenial update to 4.4.94 stable release (LP: #1729105)
    - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
    - drm/dp/mst: save vcpi with payloads
    - MIPS: Fix minimum alignment requirement of IRQ stack
    - sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
    - bpf/verifier: reject BPF_ALU64|BPF_END
    - udpv6: Fix the checksum computation when HW checksum does not apply
    - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
    - net: emac: Fix napi poll list corruption
    - packet: hold bind lock when rebinding to fanout hook
    - bpf: one perf event close won't free bpf program attached by another perf
      event
    - isdn/i4l: fetch the ppp_write buffer in one shot
    - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
    - l2tp: Avoid schedule while atomic in exit_net
    - l2tp: fix race condition in l2tp_tunnel_delete
    - tun: bail out from tun_get_user() if the skb is empty
    - packet: in packet_do_bind, test fanout with bind_lock held
    - packet: only test po->has_vnet_hdr once in packet_snd
    - net: Set sk_prot_creator when cloning sockets to the right proto
    - tipc: use only positive error codes in messages
    - Revert "bsg-lib: don't free job in bsg_prepare_job"
    - locking/lockdep: Add nest_lock integrity test
    - watchdog: kempld: fix gcc-4.3 build
    - irqchip/crossbar: Fix incorrect type of local variables
    - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length
    - mac80211: fix power saving clients handling in iwlwifi
    - net/mlx4_en: fix overflow in mlx4_en_init_timestamp()
    - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.
    - iio: adc: xilinx: Fix error handling
    - Btrfs: send, fix failure to rename top level inode due to name collision
    - f2fs: do not wait for writeback in write_begin
    - md/linear: shutup lockdep warnning
    - sparc64: Migrate hvcons irq to panicked cpu
    - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new
      probed PFs
    - crypto: xts - Add ECB dependency
    - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
    - slub: do not merge cache if slub_debug contains a never-merge flag
    - scsi: scsi_dh_emc: return success in clariion_std_inquiry()
    - net: mvpp2: release reference to txq_cpu[] entry after unmapping
    - i2c: at91: ensure state is restored after suspending
    - ceph: clean up unsafe d_parent accesses in build_dentry_path
    - uapi: fix linux/rds.h userspace compilation errors
    - uapi: fix linux/mroute6.h userspace compilation errors
    - target/iscsi: Fix unsolicited data seq_end_offset calculation
    - nfsd/callback: Cleanup callback cred on shutdown
    - cpufreq: CPPC: add ACPI_PROCESSOR dependency
    - Revert "tty: goldfish: Fix a parameter of a call to free_irq"
    - Linux 4.4.94

  [ Ubuntu: 4.4.0-99.122 ]

  * linux: 4.4.0-99.122 -proposed tracker (LP: #1728945)
  * Remove vmbus-rdma driver from Xenial kernel (LP: #1721538)
    - SAUCE: remove hv_network_direct driver
    - [Config]: Remove hv_network_direct driver
  * usb 3-1: 2:1: cannot get freq at ep 0x1 (LP: #1708499)
    - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M
  * Plantronics Blackwire C520-M - Cannot get freq at ep 0x1, 0x81
    (LP: #1709282)
    - ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M
  * wait-for-root fails to detect nbd root (LP: #696435)
    - nbd: Create size change events for userspace
  * Fix OpenNSL GPL bugs found by CoverityScan static analysis (LP: #1718388)
    - SAUCE: opennsl: bcm-knet: check for null sinfo to avoid a null pointer
      dereference
    - SAUCE: opennsl: bcm-knet: remove redundant null checks on dev->name
    - SAUCE: opennsl: bde: check for out-of-bounds index io.dev
  * HID: multitouch: Correct ALPS PTP Stick and Touchpad devices ID
    (LP: #1722719)
    - Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A"
  * Xenial update to 4.4.93 stable release (LP: #1724836)
    - brcmfmac: add length check in brcmf_cfg80211_escan_handler()
    - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
    - CIFS: Reconnect expired SMB sessions
    - nl80211: Define policy for packet pattern attributes
    - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
    - rcu: Allow for page faults in NMI handlers
    - USB: dummy-hcd: Fix deadlock caused by disconnect detection
    - MIPS: math-emu: Remove pr_err() calls from fpu_emu()
    - dmaengine: edma: Align the memcpy acnt array size with the transfer
    - HID: usbhid: fix out-of-bounds bug
    - crypto: shash - Fix zero-length shash ahash digest crash
    - KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
    - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
    - iommu/amd: Finish TLB flush in amd_iommu_unmap()
    - ALSA: usb-audio: Kill stray URB at exiting
    - ALSA: seq: Fix use-after-free at creating a port
    - ALSA: seq: Fix copy_from_user() call inside lock
    - ALSA: caiaq: Fix stray URB at probe error path
    - ALSA: line6: Fix leftover URB at error-path during probe
    - usb: gadget: composite: Fix use-after-free in
      usb_composite_overwrite_options
    - direct-io: Prevent NULL pointer access in submit_page_section
    - fix unbalanced page refcounting in bio_map_user_iov
    - USB: serial: ftdi_sio: add id for Cypress WICED dev board
    - USB: serial: cp210x: add support for ELV TFD500
    - USB: serial: option: add support for TP-Link LTE module
    - Revert "UBUNTU: SAUCE: USB: serial: qcserial: add Dell DW5818, DW5819"
    - USB: serial: qcserial: add Dell DW5818, DW5819
    - USB: serial: console: fix use-after-free after failed setup
    - x86/alternatives: Fix alt_max_short macro to really be a max()
    - Linux 4.4.93
  * NULL pointer dereference in tty_write() in kernel 4.4.0-93.116+
    (LP: #1721065)
    - tty: Prepare for destroying line discipline on hangup
  * Xenial update to 4.4.92 stable release (LP: #1724783)
    - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
    - USB: gadgetfs: Fix crash caused by inadequate synchronization
    - USB: gadgetfs: fix copy_to_user while holding spinlock
    - usb: gadget: udc: atmel: set vbus irqflags explicitly
    - usb-storage: unusual_devs entry to fix write-access regression for Seagate
      external drives
    - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
    - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
    - usb: pci-quirks.c: Corrected timeout values used in handshake
    - USB: dummy-hcd: fix connection failures (wrong speed)
    - USB: dummy-hcd: fix infinite-loop resubmission bug
    - USB: dummy-hcd: Fix erroneous synchronization change
    - USB: devio: Don't corrupt user memory
    - usb: gadget: mass_storage: set msg_registered after msg registered
    - USB: g_mass_storage: Fix deadlock when driver is unbound
    - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
    - ALSA: compress: Remove unused variable
    - ALSA: usx2y: Suppress kernel warning at page allocation failures
    - driver core: platform: Don't read past the end of "driver_override" buffer
    - Drivers: hv: fcopy: restore correct transfer length
    - stm class: Fix a use-after-free
    - ftrace: Fix kmemleak in unregister_ftrace_graph
    - HID: i2c-hid: allocate hid buffers for real worst case
    - iwlwifi: add workaround to disable wide channels in 5GHz
    - scsi: sd: Do not override max_sectors_kb sysfs setting
    - USB: uas: fix bug in handling of alternate settings
    - USB: core: harden cdc_parse_cdc_header
    - usb: Increase quirk delay for USB devices
    - USB: fix out-of-bounds in usb_set_configuration
    - xhci: fix finding correct bus_state structure for USB 3.1 hosts
    - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
    - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path
      of 'twl4030_madc_probe()'
    - iio: ad_sigma_delta: Implement a dedicated reset function
    - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma
      from stack.
    - iio: core: Return error for failed read_reg
    - iio: ad7793: Fix the serial interface reset
    - iio: adc: mcp320x: Fix readout of negative voltages
    - iio: adc: mcp320x: Fix oops on module unload
    - uwb: properly check kthread_run return value
    - uwb: ensure that endpoint is interrupt
    - brcmfmac: setup passive scan if requested by user-space
    - drm/i915/bios: ignore HDMI on port A
    - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
    - ext4: fix data corruption for mmap writes
    - ext4: Don't clear SGID when inheriting ACLs
    - ext4: don't allow encrypted operations without keys
    - Linux 4.4.92
  * Xenial update to 4.4.91 stable release (LP: #1724772)
    - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
    - drm: bridge: add DT bindings for TI ths8135
    - GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
    - RDS: RDMA: Fix the composite message user notification
    - ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
    - MIPS: Ensure bss section ends on a long-aligned address
    - MIPS: ralink: Fix incorrect assignment on ralink_soc
    - igb: re-assign hw address pointer on reset after PCI error
    - extcon: axp288: Use vbus-valid instead of -present to determine cable
      presence
    - sh_eth: use correct name for ECMR_MPDE bit
    - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit
      attributes
    - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
    - iio: adc: hx711: Add DT binding for avia,hx711
    - ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM
    - tty: goldfish: Fix a parameter of a call to free_irq
    - IB/ipoib: Fix deadlock over vlan_mutex
    - IB/ipoib: rtnl_unlock can not come after free_netdev
    - IB/ipoib: Replace list_del of the neigh->list with list_del_init
    - drm/amdkfd: fix improper return value on error
    - USB: serial: mos7720: fix control-message error handling
    - USB: serial: mos7840: fix control-message error handling
    - partitions/efi: Fix integer overflow in GPT size calculation
    - ASoC: dapm: handle probe deferrals
    - audit: log 32-bit socketcalls
    - usb: chipidea: vbus event may exist before starting gadget
    - ASoC: dapm: fix some pointer error handling
    - MIPS: Lantiq: Fix another request_mem_region() return code check
    - net: core: Prevent from dereferencing null pointer when releasing SKB
    - net/packet: check length in getsockopt() called with PACKET_HDRLEN
    - team: fix memory leaks
    - usb: plusb: Add support for PL-27A1
    - mmc: sdio: fix alignment issue in struct sdio_func
    - bridge: netlink: register netdevice before executing changelink
    - netfilter: invoke synchronize_rcu after set the _hook_ to NULL
    - MIPS: IRQ Stack: Unwind IRQ stack onto task stack
    - exynos-gsc: Do not swap cb/cr for semi planar formats
    - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
    - parisc: perf: Fix potential NULL pointer dereference
    - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
    - rds: ib: add error handle
    - md/raid10: submit bio directly to replacement disk
    - i2c: meson: fix wrong variable usage in meson_i2c_put_data
    - xfs: remove kmem_zalloc_greedy
    - libata: transport: Remove circular dependency at free time
    - drivers: firmware: psci: drop duplicate const from psci_of_match
    - IB/qib: fix false-postive maybe-uninitialized warning
    - ARM: remove duplicate 'const' annotations'
    - ALSA: au88x0: avoid theoretical uninitialized access
    - ttpci: address stringop overflow warning
    - Linux 4.4.91

 -- Kleber Sacilotto de Souza <email address hidden>  Fri, 03 Nov 2017 12:33:41 +0100

Available diffs

Superseded in xenial-security on 2017-11-20
Superseded in xenial-updates on 2017-11-20
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1009.14) xenial; urgency=low

  * linux-kvm: 4.4.0-1009.14 -proposed tracker (LP: #1722310)

  [ Ubuntu: 4.4.0-98.121 ]

  * linux: 4.4.0-98.121 -proposed tracker (LP: #1722299)
  * Controller lockup detected on ProLiant DL380 Gen9 with P440 Controller
    (LP: #1720359)
    - scsi: hpsa: limit transfer length to 1MB
  * [Dell Docking IE][0bda:8153] Realtek USB Ethernet leads to system hang
    (LP: #1720977)
    - r8152: fix the list rx_done may be used without initialization
  * Add installer support for Broadcom BCM573xx network drivers. (LP: #1720466)
    - d-i: Add bnxt_en to nic-modules.
  * snapcraft.yaml: add dpkg-dev to the build deps (LP: #1718886)
    - snapcraft.yaml: add dpkg-dev to the build deps
  * Support setting I2C_TIMEOUT via ioctl for i2c-designware (LP: #1718578)
    - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT
  * 5U84 - ses driver isn't binding right - cannot blink lights on 1 of the 2
    5u84 (LP: #1693369)
    - scsi_transport_sas: add function to get SAS endpoint address
    - ses: fix discovery of SATA devices in SAS enclosures
    - scsi: sas: provide stub implementation for scsi_is_sas_rphy
    - scsi: ses: Fix SAS device detection in enclosure
  * multipath -ll is not showing the disks which are actually multipath
    (LP: #1718397)
    - fs: aio: fix the increment of aio-nr and counting against aio-max-nr
  * Support Dell Wireless DW5819/5818 WWAN devices (LP: #1721455)
    - SAUCE: USB: serial: qcserial: add Dell DW5818, DW5819
  * CVE-2017-10911
    - xen-blkback: don't leak stack data via response ring
  * implement 'complain mode' in seccomp for developer mode with snaps
    (LP: #1567597)
    - seccomp: Provide matching filter for introspection
    - seccomp: Sysctl to display available actions
    - seccomp: Operation for checking if an action is available
    - seccomp: Sysctl to configure actions that are allowed to be logged
    - seccomp: Selftest for detection of filter flag support
    - seccomp: Action to log before allowing
  * implement errno action logging in seccomp for strict mode with snaps
    (LP: #1721676)
    - seccomp: Provide matching filter for introspection
    - seccomp: Sysctl to display available actions
    - seccomp: Operation for checking if an action is available
    - seccomp: Sysctl to configure actions that are allowed to be logged
    - seccomp: Selftest for detection of filter flag support
    - seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW
  * [Xenial] update OpenNSL kernel modules to 6.5.10 (LP: #1721511)
    - SAUCE: update OpenNSL kernel modules to 6.5.10
  * Xenial update to 4.4.90 stable release (LP: #1721550)
    - cifs: release auth_key.response for reconnect.
    - mac80211: flush hw_roc_start work before cancelling the ROC
    - KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
    - tracing: Fix trace_pipe behavior for instance traces
    - tracing: Erase irqsoff trace with empty write
    - md/raid5: fix a race condition in stripe batch
    - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse
      nlmsg properly
    - crypto: talitos - Don't provide setkey for non hmac hashing algs.
    - crypto: talitos - fix sha224
    - KEYS: fix writing past end of user-supplied buffer in keyring_read()
    - KEYS: prevent creating a different user's keyrings
    - KEYS: prevent KEYCTL_READ on negative key
    - powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
    - Fix SMB3.1.1 guest authentication to Samba
    - SMB: Validate negotiate (to protect against downgrade) even if signing off
    - SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
    - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
    - nl80211: check for the required netlink attributes presence
    - bsg-lib: don't free job in bsg_prepare_job
    - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
    - arm64: Make sure SPsel is always set
    - arm64: fault: Route pte translation faults via do_translation_fault
    - KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
    - kvm: nVMX: Don't allow L2 to access the hardware CR8
    - PCI: Fix race condition with driver_override
    - btrfs: fix NULL pointer dereference from free_reloc_roots()
    - btrfs: propagate error to btrfs_cmp_data_prepare caller
    - btrfs: prevent to set invalid default subvolid
    - x86/fpu: Don't let userspace set bogus xcomp_bv
    - gfs2: Fix debugfs glocks dump
    - timer/sysclt: Restrict timer migration sysctl values to 0 and 1
    - KVM: VMX: do not change SN bit in vmx_update_pi_irte()
    - KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
    - cxl: Fix driver use count
    - dmaengine: mmp-pdma: add number of requestors
    - ARM: pxa: add the number of DMA requestor lines
    - ARM: pxa: fix the number of DMA requestor lines
    - KVM: VMX: use cmpxchg64
    - video: fbdev: aty: do not leak uninitialized padding in clk to userspace
    - swiotlb-xen: implement xen_swiotlb_dma_mmap callback
    - fix xen_swiotlb_dma_mmap prototype
    - Linux 4.4.90
  * Xenial update to 4.4.89 stable release (LP: #1721477)
    - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
    - ipv6: add rcu grace period before freeing fib6_node
    - ipv6: fix sparse warning on rt6i_node
    - qlge: avoid memcpy buffer overflow
    - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
    - Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
    - Revert "net: fix percpu memory leaks"
    - gianfar: Fix Tx flow control deactivation
    - ipv6: fix memory leak with multiple tables during netns destruction
    - ipv6: fix typo in fib6_net_exit()
    - f2fs: check hot_data for roll-forward recovery
    - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps
    - md/raid5: release/flush io in raid5_do_work()
    - nfsd: Fix general protection fault in release_lock_stateid()
    - mm: prevent double decrease of nr_reserved_highatomic
    - tty: improve tty_insert_flip_char() fast path
    - tty: improve tty_insert_flip_char() slow path
    - tty: fix __tty_insert_flip_char regression
    - Input: i8042 - add Gigabyte P57 to the keyboard reset table
    - MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
    - MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
    - MIPS: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
    - MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite
      signs
    - MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
    - MIPS: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
    - crypto: AF_ALG - remove SGL terminator indicator when chaining
    - ext4: fix incorrect quotaoff if the quota feature is enabled
    - ext4: fix quota inconsistency during orphan cleanup for read-only mounts
    - powerpc: Fix DAR reporting when alignment handler faults
    - block: Relax a check in blk_start_queue()
    - md/bitmap: disable bitmap_resize for file-backed bitmaps.
    - skd: Avoid that module unloading triggers a use-after-free
    - skd: Submit requests to firmware before triggering the doorbell
    - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
    - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
    - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records
    - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA
    - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
    - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
    - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late
      response
    - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
    - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
    - scsi: megaraid_sas: Return pended IOCTLs with cmd_status
      MFI_STAT_WRONG_STATE in case adapter is dead
    - scsi: storvsc: fix memory leak on ring buffer busy
    - scsi: sg: remove 'save_scat_len'
    - scsi: sg: use standard lists for sg_requests
    - scsi: sg: off by one in sg_ioctl()
    - scsi: sg: factor out sg_fill_request_table()
    - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
    - scsi: qla2xxx: Fix an integer overflow in sysfs code
    - ftrace: Fix selftest goto location on error
    - tracing: Apply trace_clock changes to instance max buffer
    - ARC: Re-enable MMU upon Machine Check exception
    - PCI: shpchp: Enable bridge bus mastering if MSI is enabled
    - media: v4l2-compat-ioctl32: Fix timespec conversion
    - media: uvcvideo: Prevent heap overflow when accessing mapped controls
    - bcache: initialize dirty stripes in flash_dev_run()
    - bcache: Fix leak of bdev reference
    - bcache: do not subtract sectors_to_gc for bypassed IO
    - bcache: correct cache_dirty_target in __update_writeback_rate()
    - bcache: Correct return value for sysfs attach errors
    - bcache: fix for gc and write-back race
    - bcache: fix bch_hprint crash and improve output
    - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
    - Linux 4.4.89
  * ETPS/2 Elantech Touchpad inconsistently detected (Gigabyte P57W laptop)
    (LP: #1594214)
    - Input: i8042 - add Gigabyte P57 to the keyboard reset table
  * Xenial update to 4.4.88 stable release (LP: #1718195)
    - usb: quirks: add delay init quirk for Corsair Strafe RGB keyboard
    - USB: serial: option: add support for D-Link DWM-157 C1
    - usb: Add device quirk for Logitech HD Pro Webcam C920-C
    - usb:xhci:Fix regression when ATI chipsets detected
    - USB: core: Avoid race of async_completed() w/ usbdev_release()
    - staging/rts5208: fix incorrect shift to extract upper nybble
    - driver core: bus: Fix a potential double free
    - intel_th: pci: Add Cannon Lake PCH-H support
    - intel_th: pci: Add Cannon Lake PCH-LP support
    - ath10k: fix memory leak in rx ring buffer allocation
    - rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter
    - Bluetooth: Add support of 13d3:3494 RTL8723BE device
    - dlm: avoid double-free on error path in dlm_device_{register,unregister}
    - mwifiex: correct channel stat buffer overflows
    - drm/nouveau/pci/msi: disable MSI on big-endian platforms by default
    - workqueue: Fix flag collision
    - cs5536: add support for IDE controller variant
    - scsi: sg: protect against races between mmap() and SG_SET_RESERVED_SIZE
    - scsi: sg: recheck MMAP_IO request length with lock held
    - drm: adv7511: really enable interrupts for EDID detection
    - drm/bridge: adv7511: Fix mutex deadlock when interrupts are disabled
    - drm/bridge: adv7511: Use work_struct to defer hotplug handing to out of irq
      context
    - drm/bridge: adv7511: Switch to using drm_kms_helper_hotplug_event()
    - drm/bridge: adv7511: Re-write the i2c address before EDID probing
    - btrfs: resume qgroup rescan on rw remount
    - locktorture: Fix potential memory leak with rw lock test
    - ALSA: msnd: Optimize / harden DSP and MIDI loops
    - ARM: 8692/1: mm: abort uaccess retries upon fatal signal
    - NFS: Fix 2 use after free issues in the I/O code
    - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
    - Linux 4.4.88
  * Kernel has troule recognizing Corsair Strafe RGB keyboard (LP: #1678477)
    - usb: quirks: add delay init quirk for Corsair Strafe RGB keyboard

 -- Thadeu Lima de Souza Cascardo <email address hidden>  Wed, 11 Oct 2017 16:15:12 -0300

Available diffs

Superseded in xenial-updates on 2017-10-30
Superseded in xenial-security on 2017-10-30
Deleted in xenial-proposed (Reason: moved to -updates)
Superseded in xenial-proposed on 2017-10-02
linux-kvm (4.4.0-1008.13) xenial; urgency=low

  * linux-kvm: 4.4.0-1008.13 -proposed tracker (LP: #1718157)

  [ Ubuntu: 4.4.0-97.120 ]

  * linux: 4.4.0-97.120 -proposed tracker (LP: #1718149)
  * blk-mq: possible deadlock on CPU hot(un)plug (LP: #1670634)
    - [Config] s390x -- disable CONFIG_{DM, SCSI}_MQ_DEFAULT
  * Xenial update to 4.4.87 stable release (LP: #1715678)
    - irqchip: mips-gic: SYNC after enabling GIC region
    - i2c: ismt: Don't duplicate the receive length for block reads
    - i2c: ismt: Return EMSGSIZE for block reads with bogus length
    - ceph: fix readpage from fscache
    - cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
    - cpuset: Fix incorrect memory_pressure control file mapping
    - alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
    - CIFS: remove endian related sparse warning
    - wl1251: add a missing spin_lock_init()
    - xfrm: policy: check policy direction value
    - drm/ttm: Fix accounting error when fail to get pages for pool
    - kvm: arm/arm64: Fix race in resetting stage2 PGD
    - kvm: arm/arm64: Force reading uncached stage2 PGD
    - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove()
    - crypto: algif_skcipher - only call put_page on referenced and used pages
    - Linux 4.4.87
  * Xenial update to 4.4.86 stable release (LP: #1715430)
    - scsi: isci: avoid array subscript warning
    - ALSA: au88x0: Fix zero clear of stream->resources
    - btrfs: remove duplicate const specifier
    - i2c: jz4780: drop superfluous init
    - gcov: add support for gcc version >= 6
    - gcov: support GCC 7.1
    - lightnvm: initialize ppa_addr in dev_to_generic_addr()
    - p54: memset(0) whole array
    - lpfc: Fix Device discovery failures during switch reboot test.
    - arm64: mm: abort uaccess retries upon fatal signal
    - x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
    - arm64: fpsimd: Prevent registers leaking across exec
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - drm/i915: fix compiler warning in drivers/gpu/drm/i915/intel_uncore.c
    - Linux 4.4.86
  * Xenial update to 4.4.85 stable release (LP: #1714298)
    - af_key: do not use GFP_KERNEL in atomic contexts
    - dccp: purge write queue in dccp_destroy_sock()
    - dccp: defer ccid_hc_tx_delete() at dismantle time
    - ipv4: fix NULL dereference in free_fib_info_rcu()
    - net_sched/sfq: update hierarchical backlog when drop packet
    - ipv4: better IP_MAX_MTU enforcement
    - sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
    - tipc: fix use-after-free
    - ipv6: reset fn->rr_ptr when replacing route
    - ipv6: repair fib6 tree in failure case
    - tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
    - irda: do not leak initialized list.dev to userspace
    - net: sched: fix NULL pointer dereference when action calls some targets
    - net_sched: fix order of queue length updates in qdisc_replace()
    - mei: me: add broxton pci device ids
    - mei: me: add lewisburg device ids
    - Input: trackpoint - add new trackpoint firmware ID
    - Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310
    - ALSA: core: Fix unexpected error at replacing user TLV
    - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
    - ARCv2: PAE40: Explicitly set MSB counterpart of SLC region ops addresses
    - i2c: designware: Fix system suspend
    - drm: Release driver tracking before making the object available again
    - drm/atomic: If the atomic check fails, return its value first
    - drm: rcar-du: lvds: Fix PLL frequency-related configuration
    - drm: rcar-du: lvds: Rename PLLEN bit to PLLON
    - drm: rcar-du: Fix crash in encoder failure error path
    - drm: rcar-du: Fix display timing controller parameter
    - drm: rcar-du: Fix H/V sync signal polarity configuration
    - tracing: Fix freeing of filter in create_filter() when set_str is false
    - cifs: Fix df output for users with quota limits
    - cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
    - nfsd: Limit end of page list when decoding NFSv4 WRITE
    - perf/core: Fix group {cpu,task} validation
    - Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
    - Bluetooth: cmtp: fix possible might sleep error in cmtp_session
    - Bluetooth: bnep: fix possible might sleep error in bnep_session
    - binder: use group leader instead of open thread
    - binder: Use wake up hint for synchronous transactions.
    - ANDROID: binder: fix proc->tsk check.
    - iio: imu: adis16480: Fix acceleration scale factor for adis16480
    - iio: hid-sensor-trigger: Fix the race with user space powering up sensors
    - staging: rtl8188eu: add RNX-N150NUB support
    - ASoC: simple-card: don't fail if sysclk setting is not supported
    - ASoC: rsnd: disable SRC.out only when stop timing
    - ASoC: rsnd: avoid pointless loop in rsnd_mod_interrupt()
    - ASoC: rsnd: Add missing initialization of ADG req_rate
    - ASoC: rsnd: ssi: 24bit data needs right-aligned settings
    - ASoC: rsnd: don't call update callback if it was NULL
    - ntb_transport: fix qp count bug
    - ntb_transport: fix bug calculating num_qps_mw
    - ACPI: ioapic: Clear on-stack resource before using it
    - ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
    - Linux 4.4.85
  * Xenial update to 4.4.84 stable release (LP: #1713729)
    - audit: Fix use after free in audit_remove_watch_rule()
    - parisc: pci memory bar assignment fails with 64bit kernels on dino/cujo
    - crypto: x86/sha1 - Fix reads beyond the number of blocks passed
    - Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB
    - ALSA: seq: 2nd attempt at fixing race creating a queue
    - Revert "UBUNTU: SAUCE: (no-up) ALSA: usb-audio: Add quirk for sennheiser
      officerunner"
    - ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset
    - ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices
    - mm/mempolicy: fix use after free when calling get_mempolicy
    - xen: fix bio vec merging
    - x86/asm/64: Clear AC on NMI entries
    - irqchip/atmel-aic: Fix unbalanced of_node_put() in aic_common_irq_fixup()
    - irqchip/atmel-aic: Fix unbalanced refcount in aic_common_rtc_irq_fixup()
    - Sanitize 'move_pages()' permission checks
    - pids: make task_tgid_nr_ns() safe
    - perf/x86: Fix LBR related crashes on Intel Atom
    - usb: optimize acpi companion search for usb port devices
    - usb: qmi_wwan: add D-Link DWM-222 device ID
    - Linux 4.4.84
  * Intel i40e PF reset due to incorrect MDD detection (LP: #1713553)
    - i40e: Limit TX descriptor count in cases where frag size is greater than 16K
  * Neighbour confirmation broken, breaks ARP cache aging (LP: #1715812)
    - sock: add sk_dst_pending_confirm flag
    - net: add dst_pending_confirm flag to skbuff
    - sctp: add dst_pending_confirm flag
    - tcp: replace dst_confirm with sk_dst_confirm
    - net: add confirm_neigh method to dst_ops
    - net: use dst_confirm_neigh for UDP, RAW, ICMP, L2TP
    - net: pending_confirm is not used anymore
  * CVE-2017-14106
    - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
  * [CIFS] Fix maximum SMB2 header size (LP: #1713884)
    - CIFS: Fix maximum SMB2 header size
  * Middle button of trackpoint doesn't work (LP: #1715271)
    - Input: trackpoint - assume 3 buttons when buttons detection fails
  * kernel BUG at /build/linux-lts-xenial-_hWfOZ/linux-lts-
    xenial-4.4.0/security/apparmor/include/context.h:69! (LP: #1626984)
    - SAUCE: fix oops when disabled and module parameters, are accessed
  * Touchpad not detected (LP: #1708852)
    - Input: elan_i2c - add ELAN0608 to the ACPI table

 -- Kleber Sacilotto de Souza <email address hidden>  Wed, 20 Sep 2017 14:56:32 +0200

Available diffs

Superseded in xenial-security on 2017-10-10
Superseded in xenial-updates on 2017-10-10
Superseded in xenial-security on 2017-10-02
Superseded in xenial-updates on 2017-10-02
Deleted in xenial-proposed (Reason: moved to -updates)
linux-kvm (4.4.0-1007.12) xenial; urgency=low

  * linux-kvm: 4.4.0-1007.12 -proposed tracker (LP: #1716622)

  [ Ubuntu: 4.4.0-96.119 ]

  * linux: 4.4.0-96.119 -proposed tracker (LP: #1716613)
  * kernel panic -not syncing: Fatal exception: panic_on_oops (LP: #1708399)
    - s390/mm: no local TLB flush for clearing-by-ASCE IDTE
    - SAUCE: s390/mm: fix local TLB flushing vs. detach of an mm address space
    - SAUCE: s390/mm: fix race on mm->context.flush_mm
  * CVE-2017-1000251
    - Bluetooth: Properly check L2CAP config option output buffer length

Deleted in xenial-proposed on 2017-09-14 (Reason: NBS)
linux-kvm (4.4.0-1006.11) xenial; urgency=low

  * linux-kvm: 4.4.0-1006.11 -proposed tracker (LP: #1715659)

  [ Ubuntu: 4.4.0-95.118 ]

  * linux: 4.4.0-95.118 -proposed tracker (LP: #1715651)
  * Xenial update to 4.4.78 stable release broke Address Sanitizer
    (LP: #1715636)
    - mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes

Available diffs

Deleted in xenial-proposed on 2017-09-12 (Reason: NBS)
linux-kvm (4.4.0-1005.10) xenial; urgency=low

  * linux-kvm: 4.4.0-1005.10 -proposed tracker (LP: #1713469)

  * Include Broadcom GPL modules in Xenial Kernel (LP: #1665783)
    - [config] update config for master changes

  * Backport more recent Broadcom bnxt_en driver (LP: #1711056)
    - [config] update config for master changes

  [ Ubuntu: 4.4.0-94.117 ]

  * linux: 4.4.0-94.117 -proposed tracker (LP: #1713462)
  * mwifiex causes kernel oops when AP mode is enabled (LP: #1712746)
    - SAUCE: net/wireless: do not dereference invalid pointer
    - SAUCE: mwifiex: do not dereference invalid pointer
  * Backport more recent Broadcom bnxt_en driver (LP: #1711056)
    - SAUCE: bnxt_en_bpo: Import bnxt_en driver version 1.8.1
    - SAUCE: bnxt_en_bpo: Drop distro out-of-tree detection logic
    - SAUCE: bnxt_en_bpo: Remove unnecessary compile flags
    - SAUCE: bnxt_en_bpo: Move config settings to Kconfig
    - SAUCE: bnxt_en_bpo: Remove PCI_IDs handled by the regular driver
    - SAUCE: bnxt_en_bpo: Rename the backport driver to bnxt_en_bpo
    - bnxt_en_bpo: [Config] Enable CONFIG_BNXT_BPO=m
  * HID: multitouch: Support ALPS PTP Stick and Touchpad devices (LP: #1712481)
    - HID: multitouch: Support PTP Stick and Touchpad device
    - SAUCE: HID: multitouch: Support ALPS PTP stick with pid 0x120A
  * igb: Support using Broadcom 54616 as PHY (LP: #1712024)
    - SAUCE: igb: add support for using Broadcom 54616 as PHY
  * IPR driver causes multipath to fail paths/stuck IO on Medium Errors
    (LP: #1682644)
    - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION
  * accessing /dev/hvc1 with stress-ng on Ubuntu xenial causes crash
    (LP: #1711401)
    - tty/hvc: Use IRQF_SHARED for OPAL hvc consoles
  * memory-hotplug test needs to be fixed (LP: #1710868)
    - selftests: typo correction for memory-hotplug test
    - selftests: check hot-pluggagble memory for memory-hotplug test
    - selftests: check percentage range for memory-hotplug test
    - selftests: add missing test name in memory-hotplug test
    - selftests: fix memory-hotplug test
  * HP lt4132 LTE/HSPA+ 4G Module (03f0:a31d) does not work (LP: #1707643)
    - net: cdc_mbim: apply "NDP to end" quirk to HP lt4132
  * Migrating KSM page causes the VM lock up as the KSM page merging list is too
    large (LP: #1680513)
    - ksm: introduce ksm_max_page_sharing per page deduplication limit
    - ksm: fix use after free with merge_across_nodes = 0
    - ksm: cleanup stable_node chain collapse case
    - ksm: swap the two output parameters of chain/chain_prune
    - ksm: optimize refile of stable_node_dup at the head of the chain
  * sort ABI files with C.UTF-8 locale (LP: #1712345)
    - [Packaging] sort ABI files with C.UTF-8 locale
  * Include Broadcom GPL modules in Xenial Kernel (LP: #1665783)
    - [Config] OpenNSL Kconfig/Makefile
    - Import OpenNSL v3.1.0.17
    - [Config] CONFIG_OPENNSL=y for amd64
    - OpenNSL: Enable Kconfig and build
    - SAUCE: opennsl: add proper CFLAGS
  * Xenial update to 4.4.83 stable release (LP: #1711557)
    - cpuset: fix a deadlo