Package "linux-kvm"

  linux-kvm (4.15.0-1025.25) bionic; urgency=medium

  * linux-kvm: 4.15.0-1025.25 -proposed tracker (LP: #1797065)

  [ Ubuntu: 4.15.0-38.41 ]

  * linux: 4.15.0-38.41 -proposed tracker (LP: #1797061)
  * Silent data corruption in Linux kernel 4.15 (LP: #1796542)
    - block: add a lower-level bio_add_page interface
    - block: bio_iov_iter_get_pages: fix size of last iovec
    - blkdev: __blkdev_direct_IO_simple: fix leak in error case
    - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs

  linux-kvm (4.15.0-1024.24) bionic; urgency=medium

  * linux-kvm: 4.15.0-1024.24 -proposed tracker (LP: #1795572)

  * kvm kernel missing nbd module (LP: #1793976)
    - kvm: [Config] enable BLK_DEV_NBD

  * IP_SET modules not included in kernel build, prevents container
    functionality (LP: #1793841)
    - kvm: [Config] enable IP_SET_* modules

  [ Ubuntu: 4.15.0-37.40 ]

  * linux: 4.15.0-37.40 -proposed tracker (LP: #1795564)
  * hns3: enable ethtool rx-vlan-filter on supported hw (LP: #1793394)
    - net: hns3: Add vlan filter setting by ethtool command -K
  * hns3: Modifying channel parameters will reset ring parameters back to
    defaults (LP: #1793404)
    - net: hns3: Fix desc num set to default when setting channel
  * hisi_sas: Add SATA FIX check for v3 hw (LP: #1794151)
    - scsi: hisi_sas: Add SATA FIS check for v3 hw
  * Fix potential corruption using SAS controller on HiSilicon arm64 boards
    (LP: #1794156)
    - scsi: hisi_sas: add memory barrier in task delivery function
  * hisi_sas: Reduce unnecessary spin lock contention (LP: #1794165)
    - scsi: hisi_sas: Tidy hisi_sas_task_prep()
  * Add functional level reset support for the SAS controller on HiSilicon D06
    systems (LP: #1794166)
    - scsi: hisi_sas: tidy host controller reset function a bit
    - scsi: hisi_sas: relocate some common code for v3 hw
    - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw
  * HiSilicon SAS controller doesn't recover from PHY STP link timeout
    (LP: #1794172)
    - scsi: hisi_sas: tidy channel interrupt handler for v3 hw
    - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout
  * getxattr: always handle namespaced attributes (LP: #1789746)
    - getxattr: use correct xattr length
  * Fix unusable NVIDIA GPU after S3 (LP: #1793338)
    - PCI: Reprogram bridge prefetch registers on resume
  * Fails to boot under Xen PV: BUG: unable to handle kernel paging request at
    edc21fd9 (LP: #1789118)
    - x86/EISA: Don't probe EISA bus for Xen PV guests
  * qeth: use vzalloc for QUERY OAT buffer (LP: #1793086)
    - s390/qeth: use vzalloc for QUERY OAT buffer
  * SRU: Enable middle button of touchpad on ThinkPad P72 (LP: #1793463)
    - Input: elantech - enable middle button of touchpad on ThinkPad P72
  * Dell new AIO requires a new uart backlight driver (LP: #1727235)
    - SAUCE: platform/x86: dell-uart-backlight: new backlight driver for DELL AIO
    - updateconfigs for Dell UART backlight driver
  * [Ubuntu] s390/crypto: Fix return code checking in cbc_paes_crypt.
    (LP: #1794294)
    - s390/crypto: Fix return code checking in cbc_paes_crypt()
  * hns3: Retrieve RoCE MSI-X config from firmware (LP: #1793221)
    - net: hns3: Fix MSIX allocation issue for VF
    - net: hns3: Refine the MSIX allocation for PF
  * net: hns: Avoid hang when link is changed while handling packets
    (LP: #1792209)
    - net: hns: add the code for cleaning pkt in chip
    - net: hns: add netif_carrier_off before change speed and duplex
  * Page leaking in cachefiles_read_backing_file while vmscan is active
    (LP: #1793430)
    - SAUCE: cachefiles: Page leaking in cachefiles_read_backing_file while vmscan
      is active
  * some nvidia p1000 graphic cards hang during the boot (LP: #1791569)
    - drm/nouveau/gr/gf100-: virtualise tpc_mask + apply fixes from traces
  * Error reported when creating ZFS pool with "-t" option, despite successful
    pool creation (LP: #1769937)
    - SAUCE: (noup) Update zfs to 0.7.5-1ubuntu16.4
  * Fix I2C touchpanels' interrupt storms after system suspend (LP: #1792309)
    - HID: i2c-hid: Fix flooded incomplete report after S3 on Rayd touchscreen
    - HID: i2c-hid: Don't reset device upon system resume
  * ipmmu is always registered (LP: #1783746)
    - iommu/ipmmu-vmsa: Don't register as BUS IOMMU if machine doesn't have IPMMU-
      VMSA
  * Bionic update: upstream stable patchset 2018-09-27 (LP: #1794889)
    - clocksource/drivers/imx-tpm: Correct some registers operation flow
    - Input: synaptics-rmi4 - fix an unchecked out of memory error path
    - KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update
    - x86: Add check for APIC access address for vmentry of L2 guests
    - MIPS: io: Prevent compiler reordering writeX()
    - nfp: ignore signals when communicating with management FW
    - perf report: Fix switching to another perf.data file
    - fsnotify: fix ignore mask logic in send_to_group()
    - MIPS: io: Add barrier after register read in readX()
    - s390/smsgiucv: disable SMSG on module unload
    - isofs: fix potential memory leak in mount option parsing
    - MIPS: dts: Boston: Fix PCI bus dtc warnings:
    - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR
    - doc: Add vendor prefix for Kieback & Peter GmbH
    - dt-bindings: pinctrl: sunxi: Fix reference to driver
    - dt-bindings: serial: sh-sci: Add support for r8a77965 (H)SCIF
    - dt-bindings: dmaengine: rcar-dmac: document R8A77965 support
    - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux
    - ASoC: rt5514: Add the missing register in the readable table
    - eCryptfs: don't pass up plaintext names when using filename encryption
    - soc: bcm: raspberrypi-power: Fix use of __packed
    - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
    - PCI: kirin: Fix reset gpio name
    - ASoC: topology: Fix bugs of freeing soc topology
    - xen: xenbus_dev_frontend: Really return response string
    - ASoC: topology: Check widget kcontrols before deref.
    - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()
    - blkcg: don't hold blkcg lock when deactivating policy
    - tipc: fix infinite loop when dumping link monitor summary
    - scsi: iscsi: respond to netlink with unicast when appropriate
    - scsi: megaraid_sas: Do not log an error if FW successfully initializes.
    - scsi: target: fix crash with iscsi target and dvd
    - netfilter: nf_tables: NAT chain and extensions require NF_TABLES

  linux-kvm (4.15.0-1023.23) bionic; urgency=medium

  [ Ubuntu: 4.15.0-36.39 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

  linux-kvm (4.15.0-1022.22) bionic; urgency=medium

  * linux-kvm: 4.15.0-1022.22 -proposed tracker (LP: #1791731)

  * [Regression] kernel crashdump fails on arm64 (LP: #1786878)
    - [Config] CONFIG_ARCH_SUPPORTS_ACPI=y

  * please include the kernel module IPIP (LP: #1790605)
    - kvm: [config] enable CONFIG_NET_IPIP

  [ Ubuntu: 4.15.0-35.38 ]

  * linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
  * device hotplug of vfio devices can lead to deadlock in vfio_pci_release
    (LP: #1792099)
    - SAUCE: vfio -- release device lock before userspace requests
  * L1TF mitigation not effective in some CPU and RAM combinations
    (LP: #1788563)
    - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
    - x86/speculation/l1tf: Fix off-by-one error when warning that system has too
      much RAM
    - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
  * CVE-2018-15594
    - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
  * CVE-2017-5715 (Spectre v2 s390x)
    - KVM: s390: implement CPU model only facilities
    - s390: detect etoken facility
    - KVM: s390: add etoken support for guests
    - s390/lib: use expoline for all bcr instructions
    - s390: fix br_r1_trampoline for machines without exrl
    - SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
  * Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
    disabled (performance) (LP: #1790602)
    - cpuidle: powernv: Fix promotion from snooze if next state disabled
  * Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636)
    - powerpc: hard disable irqs in smp_send_stop loop
    - powerpc: Fix deadlock with multiple calls to smp_send_stop
    - powerpc: smp_send_stop do not offline stopped CPUs
    - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled
  * Security fix: check if IOMMU page is contained in the pinned physical page
    (LP: #1785675)
    - vfio/spapr: Use IOMMU pageshift rather than pagesize
    - KVM: PPC: Check if IOMMU page is contained in the pinned physical page
  * Missing Intel GPU pci-id's (LP: #1789924)
    - drm/i915/kbl: Add KBL GT2 sku
    - drm/i915/whl: Introducing Whiskey Lake platform
    - drm/i915/aml: Introducing Amber Lake platform
    - drm/i915/cfl: Add a new CFL PCI ID.
  * CVE-2018-15572
    - x86/speculation: Protect against userspace-userspace spectreRSB
  * Support Power Management for Thunderbolt Controller (LP: #1789358)
    - thunderbolt: Handle NULL boot ACL entries properly
    - thunderbolt: Notify userspace when boot_acl is changed
    - thunderbolt: Use 64-bit DMA mask if supported by the platform
    - thunderbolt: Do not unnecessarily call ICM get route
    - thunderbolt: No need to take tb->lock in domain suspend/complete
    - thunderbolt: Use correct ICM commands in system suspend
    - thunderbolt: Add support for runtime PM
  * random oopses on s390 systems using NVMe devices (LP: #1790480)
    - s390/pci: fix out of bounds access during irq setup
  * [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
    for arm64 using SMC firmware call to set a hardware chicken bit
    (LP: #1787993) // CVE-2018-3639 (arm64)
    - arm64: alternatives: Add dynamic patching feature
    - KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
    - KVM: arm64: Avoid storing the vcpu pointer on the stack
    - arm/arm64: smccc: Add SMCCC-specific return codes
    - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
    - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
    - arm64: Add ARCH_WORKAROUND_2 probing
    - arm64: Add 'ssbd' command-line option
    - arm64: ssbd: Add global mitigation state accessor
    - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
    - arm64: ssbd: Restore mitigation status on CPU resume
    - arm64: ssbd: Introduce thread flag to control userspace mitigation
    - arm64: ssbd: Add prctl interface for per-thread mitigation
    - arm64: KVM: Add HYP per-cpu accessors
    - arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
    - arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
    - arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
    - [Config] ARM64_SSBD=y
  * Reconcile hns3 SAUCE patches with upstream (LP: #1787477)
    - Revert "UBUNTU: SAUCE: net: hns3: Optimize PF CMDQ interrupt switching
      process"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox receiving unknown
      message"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for VF mailbox cannot receiving PF
      response"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix comments for
      hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for using wrong mask and
      shift in hclge_get_ring_chain_from_mbx"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix for reset_level default
      assignment probelm"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove unnecessary ring
      configuration operation while resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: fix return value error in
      hns3_reset_notify_down_enet"
    - Revert "UBUNTU: SAUCE: net: hns3: Fix for phy link issue when using marvell
      phy driver"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: separate roce from nic when
      resetting"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: correct reset event status
      register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent to request reset
      frequently"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: reset net device with rtnl_lock"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: modify the order of initializeing
      command queue register"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: prevent sending command during
      global or core reset"
    - Revert "UBUNTU: SAUCE: {topost} net: hns3: remove the warning when clear
      reset cause"
    - Revert "