linux-kvm 4.15.0-1027.27 source package in Ubuntu

Changelog

linux-kvm (4.15.0-1027.27) bionic; urgency=medium

  * linux-kvm: 4.15.0-1027.27 -proposed tracker (LP: #1802561)

  [ Ubuntu: 4.15.0-42.45 ]

  * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)
  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - KVM: s390: reset crypto attributes for all vcpus
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - s390/zcrypt: remove VLA usage from the AP bus
    - s390/zcrypt: Remove deprecated ioctls.
    - s390/zcrypt: Remove deprecated zcrypt proc interface.
    - s390/zcrypt: Support up to 256 crypto adapters.
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.
  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  *  CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs
  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

  [ Ubuntu: 4.15.0-40.43 ]

  * linux: 4.15.0-40.43 -proposed tracker (LP: #1802554)
  * crash in ENA driver on removing an interface (LP: #1802341)
    - SAUCE: net: ena: fix crash during ena_remove()
  * Ubuntu 18.04.1 - [s390x] Kernel panic while stressing network bonding
    (LP: #1797367)
    - s390/qeth: don't keep track of MAC address's cast type
    - s390/qeth: consolidate qeth MAC address helpers
    - s390/qeth: avoid using is_multicast_ether_addr_64bits on (u8 *)[6]
    - s390/qeth: remove outdated portname debug msg
    - s390/qeth: reduce hard-coded access to ccw channels
    - s390/qeth: sanitize strings in debug messages
  * [18.04 FEAT] zcrypt DD: introduce APQN tags to support deterministic driver
    binding (LP: #1799184)
    - s390/zcrypt: code beautify
    - s390/zcrypt: AP bus support for alternate driver(s)
    - s390/zcrypt: hex string mask improvements for apmask and aqmask.
    - s390/zcrypt: remove unused functions and declarations
    - s390/zcrypt: Show load of cards and queues in sysfs
  * [GLK/CLX] Enhanced IBRS (LP: #1786139)
    - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
    - x86/speculation: Support Enhanced IBRS on future CPUs
  * Allow signed kernels to be kexec'ed under lockdown (LP: #1798441)
    - Fix kexec forbidding kernels signed with keys in the secondary keyring to
      boot
  * Overlayfs in user namespace leaks directory content of inaccessible
    directories (LP: #1793458) // CVE-2018-6559
    - SAUCE: overlayfs: ensure mounter privileges when reading directories
  * Update ENA driver to version 2.0.1K (LP: #1798182)
    - net: ena: remove ndo_poll_controller
    - net: ena: fix warning in rmmod caused by double iounmap
    - net: ena: fix rare bug when failed restart/resume is followed by driver
      removal
    - net: ena: fix NULL dereference due to untimely napi initialization
    - net: ena: fix auto casting to boolean
    - net: ena: minor performance improvement
    - net: ena: complete host info to match latest ENA spec
    - net: ena: introduce Low Latency Queues data structures according to ENA spec
    - net: ena: add functions for handling Low Latency Queues in ena_com
    - net: ena: add functions for handling Low Latency Queues in ena_netdev
    - net: ena: use CSUM_CHECKED device indication to report skb's checksum status
    - net: ena: explicit casting and initialization, and clearer error handling
    - net: ena: limit refill Rx threshold to 256 to avoid latency issues
    - net: ena: change rx copybreak default to reduce kernel memory pressure
    - net: ena: remove redundant parameter in ena_com_admin_init()
    - net: ena: update driver version to 2.0.1
    - net: ena: fix indentations in ena_defs for better readability
    - net: ena: Fix Kconfig dependency on X86
    - net: ena: enable Low Latency Queues
    - net: ena: fix compilation error in xtensa architecture
  * Bionic update: upstream stable patchset 2018-10-29 (LP: #1800537)
    - bonding: re-evaluate force_primary when the primary slave name changes
    - cdc_ncm: avoid padding beyond end of skb
    - ipv6: allow PMTU exceptions to local routes
    - net: dsa: add error handling for pskb_trim_rcsum
    - net/sched: act_simple: fix parsing of TCA_DEF_DATA
    - tcp: verify the checksum of the first data segment in a new connection
    - udp: fix rx queue len reported by diag and proc interface
    - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds
      vlan
    - tls: fix use-after-free in tls_push_record
    - ext4: fix hole length detection in ext4_ind_map_blocks()
    - ext4: update mtime in ext4_punch_hole even if no blocks are released
    - ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
    - ext4: fix fencepost error in check for inode count overflow during resize
    - driver core: Don't ignore class_dir_create_and_add() failure.
    - Btrfs: fix clone vs chattr NODATASUM race
    - Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
    - btrfs: return error value if create_io_em failed in cow_file_range
    - btrfs: scrub: Don't use inode pages for device replace
    - ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation
    - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
    - ALSA: hda: add dock and led support for HP EliteBook 830 G5
    - ALSA: hda: add dock and led support for HP ProBook 640 G4
    - x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read()
    - smb3: fix various xid leaks
    - CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session
      expiry
    - cifs: For SMB2 security informaion query, check for minimum sized security
      descriptor instead of sizeof FileAllInformation class
    - nbd: fix nbd device deletion
    - nbd: update size when connected
    - nbd: use bd_set_size when updating disk size
    - blk-mq: reinit q->tag_set_list entry only after grace period
    - bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
    - cpufreq: Fix new policy initialization during limits updates via sysfs
    - cpufreq: governors: Fix long idle detection logic in load calculation
    - libata: zpodd: small read overflow in eject_tray()
    - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
    - w1: mxc_w1: Enable clock before calling clk_get_rate() on it
    - x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
    - iwlwifi: fw: harden page loading code
    - orangefs: set i_size on new symlink
    - orangefs: report attributes_mask and attributes for statx
    - HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
    - HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
    - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
    - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620
    - cpufreq: ti-cpufreq: Fix an incorrect error return value
    - x86/vector: Fix the args of vector_alloc tracepoint
    - x86/apic/vector: Prevent hlist corruption and leaks
    - x86/apic: Provide apic_ack_irq()
    - x86/ioapic: Use apic_ack_irq()
    - x86/platform/uv: Use apic_ack_irq()
    - irq_remapping: Use apic_ack_irq()
    - genirq/generic_pending: Do not lose pending affinity update
    - genirq/affinity: Defer affinity setting if irq chip is busy
    - genirq/migration: Avoid out of line call if pending is not set
  * [bionic]mlx5: reading SW stats through ifstat cause kernel crash
    (LP: #1799049)
    - net/mlx5e: Don't attempt to dereference the ppriv struct if not being
      eswitch manager
  * [Bionic][Cosmic]  ipmi: Fix timer race with module unload (LP: #1799281)
    - ipmi: Fix timer race with module unload
  * [Bionic] ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
    (LP: #1799276)
    - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver
  * execveat03 in ubuntu_ltp_syscalls failed on X/B (LP: #1786729)
    - cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
  * [Bionic][Cosmic] Fix to ipmi to support vendor specific messages greater
    than 255 bytes (LP: #1799794)
    - ipmi:ssif: Add support for multi-part transmit messages > 2 parts
  * libvirtd is unable to configure bridge devices inside of LXD containers
    (LP: #1784501)
    - kernfs: allow creating kernfs objects with arbitrary uid/gid
    - sysfs, kobject: allow creating kobject belonging to arbitrary users
    - kobject: kset_create_and_add() - fetch ownership info from parent
    - driver core: set up ownership of class devices in sysfs
    - net-sysfs: require net admin in the init ns for setting tx_maxrate
    - net-sysfs: make sure objects belong to container's owner
    - net: create reusable function for getting ownership info of sysfs inodes
    - bridge: make sure objects belong to container's owner
    - sysfs: Fix regression when adding a file to an existing group
  * [Ubuntu] kvm: fix deadlock when killed by oom (LP: #1800849)
    - s390/kvm: fix deadlock when killed by oom
  * [Ubuntu] net/af_iucv: fix skb leaks for HiperTransport (LP: #1800639)
    - net/af_iucv: drop inbound packets with invalid flags
    - net/af_iucv: fix skb handling on HiperTransport xmit error
  * Power consumption during s2idle is higher than long idle(sk hynix)
    (LP: #1801875)
    - SAUCE: pci: prevent sk hynix nvme from entering D3
    - SAUCE: nvme: add quirk to not call disable function when suspending
  * Enable keyboard wakeup for S2Idle laptops (LP: #1798552)
    - Input: i8042 - enable keyboard wakeups by default when s2idle is used
  * NULL pointer dereference at 0000000000000020 when access
    dst_orig->ops->family in function  xfrm_lookup_with_ifid() (LP: #1801878)
    - xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
  * [Ubuntu] qdio: reset old sbal_state flags (LP: #1801686)
    - s390/qdio: reset old sbal_state flags
  * hns3: map tx ring to tc (LP: #1802023)
    - net: hns3: Set tx ring' tc info when netdev is up
  * [Ubuntu] qeth: Fix potential array overrun in cmd/rc lookup (LP: #1800641)
    - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
    - s390: qeth: Fix potential array overrun in cmd/rc lookup
  * Vulkan applications cause permanent memory leak with Intel GPU
    (LP: #1798165)
    - drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
  * Mounting SOFS SMB shares fails (LP: #1792580)
    - cifs: connect to servername instead of IP for IPC$ share
  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

 -- Khalid Elmously <email address hidden>  Thu, 15 Nov 2018 19:11:04 -0500

Upload details

Uploaded by:
Khaled El Mously on 2018-11-16
Sponsored by:
Kamal Mostafa
Uploaded to:
Bionic
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic security on 2018-12-03 main devel
Bionic updates on 2018-12-03 main devel

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
linux-kvm_4.15.0.orig.tar.gz 150.4 MiB c33b8ba5c45a40b689979caa2421c4d933864cd70eb93c00eb69adf43e9a24fc
linux-kvm_4.15.0-1027.27.diff.gz 8.2 MiB 4d91796d15a9e2b0f289aaa6a04d5354a1a584764841dbbdc492582de3cda769
linux-kvm_4.15.0-1027.27.dsc 3.8 KiB dfab95886ded4c92038f9f2ee2bc7eebcc0d89c07dec1228050f8021dae12968

Available diffs

View changes file

Binary packages built by this source

linux-headers-4.15.0-1027-kvm: Linux kernel headers for version 4.15.0 on 64 bit x86 SMP

 This package provides kernel header files for version 4.15.0 on
 64 bit x86 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-4.15.0-1027/debian.README.gz for details.

linux-image-4.15.0-1027-kvm: Linux kernel image for version 4.15.0 on 64 bit x86 SMP

 This package contains the Linux kernel image for version 4.15.0 on
 64 bit x86 SMP.
 .
 Supports amd64 processors.
 .
 Geared toward virtual systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-kvm meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-4.15.0-1027-kvm-dbgsym: Linux kernel debug image for version 4.15.0 on 64 bit x86 SMP

 This package provides a kernel debug image for version 4.15.0 on
 64 bit x86 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-kvm-headers-4.15.0-1027: Header files related to Linux kernel version 4.15.0

 This package provides kernel header files for version 4.15.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-kvm-headers-4.15.0-1027/debian.README.gz for details

linux-kvm-tools-4.15.0-1027: Linux kernel version specific tools for version 4.15.0-1027

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.15.0-1027 on
 64 bit x86.
 You probably want to install linux-tools-4.15.0-1027-<flavour>.

linux-kvm-tools-4.15.0-1027-dbgsym: debug symbols for linux-kvm-tools-4.15.0-1027
linux-modules-4.15.0-1027-kvm: Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward virtual systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-kvm meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-tools-4.15.0-1027-kvm: Linux kernel version specific tools for version 4.15.0-1027

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.15.0-1027 on
 64 bit x86.