Package "linux-kvm"

 linux-kvm (4.4.0-1024.29) xenial; urgency=medium
 .
   * linux-kvm: 4.4.0-1024.29 -proposed tracker (LP: #1770019)
 .
   [ Ubuntu: 4.4.0-125.150 ]
 .
   * linux: 4.4.0-125.150 -proposed tracker (LP: #1770011)
   * Unable to insert test_bpf module on Xenial (LP: #1765698)
     - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
     - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
   * virtio_scsi race can corrupt memory, panic kernel (LP: #1765241)
     - SAUCE: (no-up) virtio-scsi: Fix race in target free
   * bpf_map_lookup_elem: BUG: unable to handle kernel paging request
     (LP: #1763454) // CVE-2017-17862
     - SAUCE: Add missing hunks from "bpf: fix branch pruning logic"
   * Xenial: rfkill: fix missing return on rfkill_init (LP: #1764810)
     - rfkill: fix missing return on rfkill_init
   * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
     - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
   * Xenial update to 4.4.128 stable release (LP: #1765010)
     - cfg80211: make RATE_INFO_BW_20 the default
     - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
     - rtc: snvs: fix an incorrect check of return value
     - x86/asm: Don't use RBP as a temporary register in
       csum_partial_copy_generic()
     - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
     - IB/srpt: Fix abort handling
     - af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
     - mac80211: bail out from prep_connection() if a reconfig is ongoing
     - bna: Avoid reading past end of buffer
     - qlge: Avoid reading past end of buffer
     - ipmi_ssif: unlock on allocation failure
     - net: cdc_ncm: Fix TX zero padding
     - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
     - lockd: fix lockd shutdown race
     - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
     - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in
       alloc_pid()
     - s390: move _text symbol to address higher than zero
     - net/mlx4_en: Avoid adding steering rules with invalid ring
     - NFSv4.1: Work around a Linux server bug...
     - CIFS: silence lockdep splat in cifs_relock_file()
     - net: qca_spi: Fix alignment issues in rx path
     - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
     - Input: elan_i2c - check if device is there before really probing
     - Input: elantech - force relative mode on a certain module
     - KVM: PPC: Book3S PR: Check copy_to/from_user return values
     - vmxnet3: ensure that adapter is in proper state during force_close
     - SMB2: Fix share type handling
     - bus: brcmstb_gisb: Use register offsets with writes too
     - bus: brcmstb_gisb: correct support for 64-bit address output
     - PowerCap: Fix an error code in powercap_register_zone()
     - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
     - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before
       calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
     - x86/tsc: Provide 'tsc=unstable' boot parameter
     - ARM: dts: imx6qdl-wandboard: Fix audio channel swap
     - ipv6: avoid dad-failures for addresses with NODAD
     - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
     - usb: dwc3: keystone: check return value
     - btrfs: fix incorrect error return ret being passed to mapping_set_error
     - ata: libahci: properly propagate return value of platform_get_irq()
     - neighbour: update neigh timestamps iff update is effective
     - arp: honour gratuitous ARP _replies_
     - usb: chipidea: properly handle host or gadget initialization failure
     - USB: ene_usb6250: fix first command execution
     - net: x25: fix one potential use-after-free issue
     - USB: ene_usb6250: fix SCSI residue overwriting
     - serial: 8250: omap: Disable DMA for console UART
     - serial: sh-sci: Fix race condition causing garbage during shutdown
     - sh_eth: Use platform device for printing before register_netdev()
     - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
     - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
     - ath5k: fix memory leak on buf on failed eeprom read
     - selftests/powerpc: Fix TM resched DSCR test with some compilers
     - xfrm: fix state migration copy replay sequence numbers
     - iio: hi8435: avoid garbage event at first enable
     - iio: hi8435: cleanup reset gpio
     - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
     - md-cluster: fix potential lock issue in add_new_disk
     - ARM: davinci: da8xx: Create DSP device only when assigned memory
     - ray_cs: Avoid reading past end of buffer
     - leds: pca955x: Correct I2C Functionality
     - sched/numa: Use down_read_trylock() for the mmap_sem
     - net/mlx5: Tolerate irq_set_affinity_hint() failures
     - selinux: do not check open permission on sockets
     - block: fix an error code in add_partition()
     - mlx5: fix bug reading rss_hash_type from CQE
     - net: ieee802154: fix net_device reference release too early
     - libceph: NULL deref on crush_decode() error path
     - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
     - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
     - ASoC: rsnd: SSI PIO adjust to 24bit mode
     - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
     - fix race in drivers/char/random.c:get_reg()
     - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
     - tcp: better validation of received ack sequences
     - net: move somaxconn init from sysctl code
     - Input: elan_i2c - clear INT before resetting controller
     - bonding: Don't update slave->link until ready to commit
     - KVM: nVMX: Fix handling of lmsw instruction
     - net: llc: add lock_sock in llc_ui_bind to avoid a race condition
     -

 linux-kvm (4.4.0-1022.27) xenial; urgency=medium
 .
   * linux-kvm: 4.4.0-1022.27 -proposed tracker (LP: #1766610)
 .
   * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
     kvm kernel (LP: #1766832)
     - kvm: [config] enable CONFIG_MODULE_UNLOAD
 .
   * test_072_config_debug_set_module_ronx in kernel security test failed with
     4.4 X-kvm (LP: #1760646)
     - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX
 .
   * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
     with 4.4/4.15 kvm (LP: #1760656)
     - kvm: [config] enable BPF_SYSCALL
 .
   * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
     kvm (LP: #1760653)
     - kvm: [config] enable ipsec configs
 .
   * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
     kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
     with 4.4/4.15 kvm (LP: #1760649)
     - kvm: [config] enable DEVMEM
 .
   * test_076_config_security_acl_ext4 in kernel security test failed with
     4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
     security test failed with 4.4/4.15 kvm (LP: #1760657)
     - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems
 .
   * test_074_config_security_default_mmap_min_addr in kernel security test
     failed with 4.4/4.15 kvm (LP: #1760650)
     - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536
 .
   [ Ubuntu: 4.4.0-123.147 ]
 .
   * linux: 4.4.0-123.147 -proposed tracker (LP: #1766604)
   * Unable to insert test_bpf module on Xenial (LP: #1765698)
     - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
     - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
   * virtio_scsi race can corrupt memory, panic kernel (LP: #1765241)
     - SAUCE: (no-up) virtio-scsi: Fix race in target free
   * bpf_map_lookup_elem: BUG: unable to handle kernel paging request
     (LP: #1763454) // CVE-2017-17862
     - SAUCE: Add missing hunks from "bpf: fix branch pruning logic"
   * Xenial: rfkill: fix missing return on rfkill_init (LP: #1764810)
     - rfkill: fix missing return on rfkill_init
   * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
     - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
   * Xenial update to 4.4.128 stable release (LP: #1765010)
     - cfg80211: make RATE_INFO_BW_20 the default
     - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
     - rtc: snvs: fix an incorrect check of return value
     - x86/asm: Don't use RBP as a temporary register in
       csum_partial_copy_generic()
     - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
     - IB/srpt: Fix abort handling
     - af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
     - mac80211: bail out from prep_connection() if a reconfig is ongoing
     - bna: Avoid reading past end of buffer
     - qlge: Avoid reading past end of buffer
     - ipmi_ssif: unlock on allocation failure
     - net: cdc_ncm: Fix TX zero padding
     - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
     - lockd: fix lockd shutdown race
     - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
     - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in
       alloc_pid()
     - s390: move _text symbol to address higher than zero
     - net/mlx4_en: Avoid adding steering rules with invalid ring
     - NFSv4.1: Work around a Linux server bug...
     - CIFS: silence lockdep splat in cifs_relock_file()
     - net: qca_spi: Fix alignment issues in rx path
     - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
     - Input: elan_i2c - check if device is there before really probing
     - Input: elantech - force relative mode on a certain module
     - KVM: PPC: Book3S PR: Check copy_to/from_user return values
     - vmxnet3: ensure that adapter is in proper state during force_close
     - SMB2: Fix share type handling
     - bus: brcmstb_gisb: Use register offsets with writes too
     - bus: brcmstb_gisb: correct support for 64-bit address output
     - PowerCap: Fix an error code in powercap_register_zone()
     - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
     - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before
       calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
     - x86/tsc: Provide 'tsc=unstable' boot parameter
     - ARM: dts: imx6qdl-wandboard: Fix audio channel swap
     - ipv6: avoid dad-failures for addresses with NODAD
     - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
     - usb: dwc3: keystone: check return value
     - btrfs: fix incorrect error return ret being passed to mapping_set_error
     - ata: libahci: properly propagate return value of platform_get_irq()
     - neighbour: update neigh timestamps iff update is effective
     - arp: honour gratuitous ARP _replies_
     - usb: chipidea: properly handle host or gadget initialization failure
     - USB: ene_usb6250: fix first command execution
     - net: x25: fix one potential use-after-free issue
     - USB: ene_usb6250: fix SCSI residue overwriting
     - serial: 8250: omap: Disable DMA for console UART
     - serial: sh-sci: Fix race condition causing garbage during shutdown
     - sh_eth: Use platform device for printing before register_netdev()
     - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
     - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
     - ath5k: fix memory leak on buf on failed eeprom read
     - selftests/powerpc: Fix TM resched DSCR test with some compilers
     - xfrm: fix state migration copy replay sequence numbers
     - iio: hi8435: avoid garbage event at first enable
     - iio: hi8435: cleanup reset gpio
     - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
     - md-cluster: fix pot

 linux-kvm (4.4.0-1021.26) xenial; urgency=medium
 .
   * linux-kvm: 4.4.0-1021.26 -proposed tracker (LP: #1761445)
 .
   * linux-kvm VFIO support for Kata containers (LP: #1759421)
     - kvm: [config] Enable VFIO
 .
   [ Ubuntu: 4.4.0-120.144 ]
 .
   * linux: 4.4.0-120.144 -proposed tracker (LP: #1761438)
   * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
     image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
     - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
       thread"
     - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
   * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
     install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
     - [Packaging] include the retpoline extractor in the headers
   * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
     - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
     - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
     - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
     - x86/paravirt, objtool: Annotate indirect calls
     - x86/asm: Stop depending on ptrace.h in alternative.h
     - [Packaging] retpoline -- add safe usage hint support
     - [Packaging] retpoline-check -- only report additions
     - [Packaging] retpoline -- widen indirect call/jmp detection
     - [Packaging] retpoline -- elide %rip relative indirections
     - [Packaging] retpoline -- clear hint information from packages
     - SAUCE: modpost: add discard to non-allocatable whitelist
     - KVM: x86: Make indirect calls in emulator speculation safe
     - KVM: VMX: Make indirect call speculation safe
     - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
     - SAUCE: early/late -- annotate indirect calls in early/late initialisation
       code
     - SAUCE: vga_set_mode -- avoid jump tables
     - [Config] retpoline -- switch to new format
     - [Packaging] final-checks -- remove check for empty retpoline files
   * Xenial update to 4.4.117 stable release (LP: #1756860)
     - IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
     - PM / devfreq: Propagate error from devfreq_add_device()
     - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
     - ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
     - arm: spear600: Add missing interrupt-parent of rtc
     - arm: spear13xx: Fix dmas cells
     - arm: spear13xx: Fix spics gpio controller's warning
     - ALSA: seq: Fix regression by incorrect ioctl_mutex usages
     - KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(),
       by always inlining iterator helper methods
     - x86/cpu: Change type of x86_cache_size variable to unsigned int
     - drm/radeon: adjust tested variable
     - rtc-opal: Fix handling of firmware error codes, prevent busy loops
     - ext4: save error to disk in __ext4_grp_locked_error()
     - ext4: correct documentation for grpid mount option
     - mm: hide a #warning for COMPILE_TEST
     - video: fbdev: atmel_lcdfb: fix display-timings lookup
     - console/dummy: leave .con_font_get set to NULL
     - rtlwifi: rtl8821ae: Fix connection lost problem correctly
     - Btrfs: fix deadlock in run_delalloc_nocow
     - Btrfs: fix crash due to not cleaning up tree log block's dirty bits
     - Btrfs: fix unexpected -EEXIST when creating new inode
     - ALSA: hda - Fix headset mic detection problem for two Dell machines
     - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
     - ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
     - ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
     - ALSA: seq: Fix racy pool initializations
     - mvpp2: fix multicast address filter
     - dm: correctly handle chained bios in dec_pending()
     - x86: fix build warnign with 32-bit PAE
     - vfs: don't do RCU lookup of empty pathnames
     - ARM: pxa/tosa-bt: add MODULE_LICENSE tag
     - ARM: dts: s5pv210: add interrupt-parent for ohci
     - media: r820t: fix r820t_write_reg for KASAN
     - Linux 4.4.117
   * zfs system process hung on container stop/delete (LP: #1754584)
     - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu19
     - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)
   * apparmor: fix bad __initdata tagging on, apparmor_initialized (LP: #1758471)
     - SAUCE: apparmor: fix bad __initdata tagging on, apparmor_initialized
   * Xenial update to 4.4.116 stable release (LP: #1756121)
     - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
     - powerpc/64: Fix flush_(d|i)cache_range() called from modules
     - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
     - powerpc: Simplify module TOC handling
     - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
     - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
     - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
     - net: cdc_ncm: initialize drvflags before usage
     - ASoC: simple-card: Fix misleading error message
     - ASoC: rsnd: don't call free_irq() on Parent SSI
     - ASoC: rsnd: avoid duplicate free_irq()
     - drm: rcar-du: Use the VBK interrupt for vblank events
     - drm: rcar-du: Fix race condition when disabling planes at CRTC stop
     - x86/asm: Fix inline asm call constraints for GCC 4.4
     - ip6mr: fix stale iterator
     - net: igmp: add a missing rcu locking section
     - qlcnic: fix deadlock bug
     - r8169: fix RTL8168EP take too long to complete driver initialization.
     - tcp: release sk_frag.page in tcp_disconnect
     - vhost_net: stop device during reset owner
     - media: soc_camera: soc_scale_crop: add missing
       MODULE_DESCRIPTION/AUTHOR/LICENSE
     - KEYS: encrypted: fix buffer overread in valid_master_desc()
     - don't put symlink bodies in pagecache into highmem
     - crypto: t

 linux-kvm (4.4.0-1020.25) xenial; urgency=medium
 .
   * linux-kvm: 4.4.0-1020.25 -proposed tracker (LP: #1755219)
 .
   * linux-kvm standard configs for Ubuntu Server workloads (LP: #1736561)
     - kvm: [config] enable NO_HZ_IDLE, HIGH_RES_TIMERS
     - kvm: [config] enable NUMA
     - kvm: [config] enable all CGROUPs
     - kvm: [config] enable all CONFIG_RD decompressors
     - kvm: [config] enable COREDUMP
     - kvm: [config] enable X86_X2APIC
     - kvm: [config] enable PREEMPT_VOLUNTARY
     - kvm: [config] enable HOTPLUG_CPU
     - kvm: [config] enable BLK_DEV_SD
     - kvm: [config] enable ATA, PATA, SATA
     - kvm: [config] enable BONDING, MACVLAN, TUN, VETH
     - kvm: [config] enable HW_RANDOM_{AMD,INTEL,TIMERIOMEM}
     - kvm: [config] enable EFI_VARS
     - kvm: [config] enable SQUASHFS
     - kvm: [retpoline] add new retpoline call sites
 .
   * Xenial update to 4.4.114 stable release (LP: #1754592)
     - kvm: [config] enable X86_VSYSCALL_EMULATION
 .
   * Xenial update to 4.4.110 stable release (LP: #1745071)
     - [config] updateconfigs for master changes
 .
   * linux-kvm configs for Kata containers (LP: #1752147)
     - kvm: [config] Enable PCI Hotplug
     - kvm: [config] Add support for DPDK
     - kvm: [config] Enable DAX
     - kvm: [config] Enable 9P fs
 .
   [ Ubuntu: 4.4.0-117.141 ]
 .
   * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)
   * Xenial update to 4.4.114 stable release (LP: #1754592)
     - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
     - usbip: prevent vhci_hcd driver from leaking a socket pointer address
     - usbip: Fix implicit fallthrough warning
     - usbip: Fix potential format overflow in userspace tools
     - x86/microcode/intel: Fix BDW late-loading revision check
     - x86/retpoline: Fill RSB on context switch for affected CPUs
     - sched/deadline: Use the revised wakeup rule for suspending constrained dl
       tasks
     - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
     - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
     - PM / sleep: declare __tracedata symbols as char[] rather than char
     - time: Avoid undefined behaviour in ktime_add_safe()
     - timers: Plug locking race vs. timer migration
     - Prevent timer value 0 for MWAITX
     - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
     - drivers: base: cacheinfo: fix boot error message when acpi is enabled
     - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
     - PCI: layerscape: Fix MSG TLP drop setting
     - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
     - fs/select: add vmalloc fallback for select(2)
     - hwpoison, memcg: forcibly uncharge LRU pages
     - cma: fix calculation of aligned offset
     - mm, page_alloc: fix potential false positive in __zone_watermark_ok
     - ipc: msg, make msgrcv work with LONG_MIN
     - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
     - ACPI / processor: Avoid reserving IO regions too early
     - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
     - ACPICA: Namespace: fix operand cache leak
     - netfilter: x_tables: speed up jump target validation
     - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
       in 64bit kernel
     - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
     - netfilter: nf_ct_expect: remove the redundant slash when policy name is
       empty
     - netfilter: nfnetlink_queue: reject verdict request from different portid
     - netfilter: restart search if moved to other chain
     - netfilter: nf_conntrack_sip: extend request line validation
     - netfilter: use fwmark_reflect in nf_send_reset
     - ext2: Don't clear SGID when inheriting ACLs
     - reiserfs: fix race in prealloc discard
     - reiserfs: don't preallocate blocks for extended attributes
     - reiserfs: Don't clear SGID when inheriting ACLs
     - fs/fcntl: f_setown, avoid undefined behaviour
     - scsi: libiscsi: fix shifting of DID_REQUEUE host byte
     - Input: trackpoint - force 3 buttons if 0 button is reported
     - usb: usbip: Fix possible deadlocks reported by lockdep
     - usbip: fix stub_rx: get_pipe() to validate endpoint number
     - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
     - usbip: prevent leaking socket pointer address in messages
     - um: link vmlinux with -no-pie
     - vsyscall: Fix permissions for emulate mode with KAISER/PTI
     - eventpoll.h: add missing epoll event masks
     - x86/microcode/intel: Extend BDW late-loading further with LLC size check
     - hrtimer: Reset hrtimer cpu base proper on CPU hotplug
     - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
     - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
     - ipv6: fix udpv6 sendmsg crash caused by too small MTU
     - ipv6: ip6_make_skb() needs to clear cork.base.dst
     - lan78xx: Fix failure in USB Full Speed
     - net: igmp: fix source address check for IGMPv3 reports
     - tcp: __tcp_hdrlen() helper
     - net: qdisc_pkt_len_init() should be more robust
     - pppoe: take ->needed_headroom of lower device into account on xmit
     - r8169: fix memory corruption on retrieval of hardware statistics.
     - sctp: do not allow the v4 socket to bind a v4mapped v6 address
     - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
     - vmxnet3: repair memory leak
     - net: Allow neigh contructor functions ability to modify the primary_key
     - ipv4: Make neigh lookup keys for loopback/point-to-point devices be
       INADDR_ANY
     - flow_dissector: properly cap thoff field
     - net: tcp: close sock if net namespace is exiting
     - nfsd: auth: Fix gid sorting when rootsquash enabled
     - Linux 4.4.114
   * Xenial update to 4.4.113 stable release (LP: #1754375)
     - gcov: disable for COMPILE_TEST
     - scsi: sg: disable SET_FO

 linux-kvm (4.4.0-1019.24) xenial; urgency=medium
 .
   * linux-kvm: 4.4.0-1019.24 -proposed tracker (LP: #1749092)
 .
   [ Ubuntu: 4.4.0-116.140 ]
 .
   * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
   * BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
     (LP: #1748671)
     - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport
 .
   [ Ubuntu: 4.4.0-115.139 ]
 .
   * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
   * CVE-2017-5715 (Spectre v2 Intel)
     - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
     - SAUCE: turn off IBRS when full retpoline is present
     - [Packaging] retpoline files must be sorted
     - [Packaging] pull in retpoline files
 .
   [ Ubuntu: 4.4.0-114.137 ]
 .
   * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
   * ALSA backport missing NVIDIA GPU codec IDs to patch table to
     Ubuntu 16.04 LTS Kernel (LP: #1744117)
     - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
   * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
     - scsi: libiscsi: Allow sd_shutdown on bad transport
   * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
     - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
   * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
     (LP: #1747090)
     - KVM: s390: wire up bpb feature
     - KVM: s390: Enable all facility bits that are known good for passthrough
   * CVE-2017-5715 (Spectre v2 Intel)
     - SAUCE: drop lingering gmb() macro
     - x86/feature: Enable the x86 feature to control Speculation
     - x86/feature: Report presence of IBPB and IBRS control
     - x86/enter: MACROS to set/clear IBRS and set IBPB
     - x86/enter: Use IBRS on syscall and interrupts
     - x86/idle: Disable IBRS entering idle and enable it on wakeup
     - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
     - x86/mm: Set IBPB upon context switch
     - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
     - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
     - x86/kvm: Set IBPB when switching VM
     - x86/kvm: Toggle IBRS on VM entry and exit
     - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
     - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
     - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
     - x86/cpu/AMD: Add speculative control support for AMD
     - x86/microcode: Extend post microcode reload to support IBPB feature
     - KVM: SVM: Do not intercept new speculative control MSRs
     - x86/svm: Set IBRS value on VM entry and exit
     - x86/svm: Set IBPB when running a different VCPU
     - KVM: x86: Add speculative control CPUID support for guests
     - SAUCE: Fix spec_ctrl support in KVM
     - SAUCE: turn off IBPB when full retpoline is present
 .