Package "linux-kvm"

  linux-kvm (4.15.0-1052.52) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1052.52 -proposed tracker (LP: #1854805)

  * Bionic update: upstream stable patchset 2019-11-21 (LP: #1853519)
    - kvm: [Config] disable CONFIG_SGL_ALLOC

  * update ENA driver for DIMLIB dynamic interrupt moderation (LP: #1853180)
    - kvm: [Config] disable CONFIG_DIMLIB

  [ Ubuntu: 4.15.0-73.82 ]

  * bionic/linux: 4.15.0-73.82 -proposed tracker (LP: #1854819)
  * CVE-2019-14901
    - SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
  * CVE-2019-14896 // CVE-2019-14897
    - SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor
  * CVE-2019-14895
    - SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
  * CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660
    - powerpc/64s: support nospectre_v2 cmdline option
    - powerpc/book3s64: Fix link stack flush on context switch
    - KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
  * Please add patch fixing RK818 ID detection (LP: #1853192)
    - SAUCE: mfd: rk808: Fix RK818 ID template
  * [SRU][B/OEM-B/OEM-OSP1/D] Enable new Elan touchpads which are not in current
    whitelist (LP: #1853246)
    - HID: quirks: Fix keyboard + touchpad on Lenovo Miix 630
    - Input: elan_i2c - export the device id whitelist
    - HID: quirks: Refactor ELAN 400 and 401 handling
  * Lenovo dock MAC Address pass through doesn't work in Ubuntu (LP: #1827961)
    - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2
  * s390/dasd: reduce the default queue depth and nr of hardware queues
    (LP: #1852257)
    - s390/dasd: reduce the default queue depth and nr of hardware queues
  * External microphone can't work on some dell machines with the codec alc256
    or alc236 (LP: #1853791)
    - SAUCE: ALSA: hda/realtek - Move some alc256 pintbls to fallback table
    - SAUCE: ALSA: hda/realtek - Move some alc236 pintbls to fallback table
  * Memory leak in net/xfrm/xfrm_state.c - 8 pages per ipsec connection
    (LP: #1853197)
    - xfrm: Fix memleak on xfrm state destroy
  * CVE-2019-19083
    - drm/amd/display: memory leak
  * update ENA driver for DIMLIB dynamic interrupt moderation (LP: #1853180)
    - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
    - net: ena: switch to dim algorithm for rx adaptive interrupt moderation
    - net: ena: reimplement set/get_coalesce()
    - net: ena: enable the interrupt_moderation in driver_supported_features
    - net: ena: remove code duplication in
      ena_com_update_nonadaptive_moderation_interval _*()
    - net: ena: remove old adaptive interrupt moderation code from ena_netdev
    - net: ena: remove ena_restore_ethtool_params() and relevant fields
    - net: ena: remove all old adaptive rx interrupt moderation code from ena_com
    - net: ena: fix update of interrupt moderation register
    - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
    - net: ena: fix incorrect update of intr_delay_resolution
    - net: ena: Select DIMLIB for ENA_ETHERNET
    - SAUCE: net: ena: fix issues in setting interrupt moderation params in
      ethtool
    - SAUCE: net: ena: fix too long default tx interrupt moderation interval
  * CONFIG_ARCH_ROCKCHIP is not set in ubuntu 18.04 aarch64,arm64 (LP: #1825222)
    - [Config] Enable ROCKCHIP support for arm64
  * backport DIMLIB (lib/dim/) to pre-5.2 kernels (LP: #1852637)
    - include/linux/bitops.h: introduce BITS_PER_TYPE
    - [Config] enable DIMLIB
    - linux/dim: import DIMLIB (lib/dim/)
    - SAUCE: linux/dim: avoid library object filename clash
  * The alsa hda driver is not loaded due to the missing of PCIID for Comet
    Lake-S [8086:a3f0] (LP: #1852070)
    - SAUCE: ALSA: hda: Add Cometlake-S PCI ID
  * Can't adjust brightness on DELL UHD dGPU AIO (LP: #1813877)
    - SAUCE: platform/x86: dell-uart-backlight: add missing status command
    - SAUCE: platform/x86: dell-uart-backlight: load driver by scalar status
    - SAUCE: platform/x86: dell-uart-backlight: add force parameter
    - SAUCE: platform/x86: dell-uart-backlight: add quirk for old platforms
  * Enable framebuffer fonts auto selection for HighDPI screen (LP: #1851623)
    - fonts: Fix coding style
    - fonts: Prefer a bigger font for high resolution screens
  * Disable unreliable HPET on CFL-H system (LP: #1852216)
    - SAUCE: x86/intel: Disable HPET on Intel Coffe Lake H platforms
  * i40e: Setting VF MAC address causes General Protection Fault (LP: #1852432)
    - i40e: Fix crash caused by stress setting of VF MAC addresses
  * Bionic update: upstream stable patchset 2019-11-27 (LP: #1854216)
    - spi: mediatek: use correct mata->xfer_len when in fifo transfer
    - tee: optee: add missing of_node_put after of_device_is_available
    - net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
    - idr: Fix idr_get_next race with idr_remove
    - mm/memory_hotplug: don't access uninitialized memmaps in shrink_pgdat_span()
    - mm/memory_hotplug: fix updating the node span
    - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault
    - fbdev: Ditch fb_edid_add_monspecs
    - net: ovs: fix return type of ndo_start_xmit function
    - net: xen-netback: fix return type of ndo_start_xmit function
    - ARM: dts: dra7: Enable workaround for errata i870 in PCIe host mode
    - ARM: dts: omap5: enable OTG role for DWC3 controller
    - f2fs: return correct errno in f2fs_gc
    - ARM: dts: sun8i: h3-h5: ir register size should be the whole memory block
    - SUNRPC: Fix priority queue fairness
    - IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
    - kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table
    - arm64/numa: Report correct memblock range for the dummy node
    - ath10k: fix vdev-start timeout on error
    - ata: ahci_brcm: Allow using driver or DSL SoCs
    - ath9k: fix reporting calculated new FFT upper max
    - usb: ga

  linux-kvm (4.15.0-1051.51) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1051.51 -proposed tracker (LP: #1852273)

  [ Ubuntu: 4.15.0-71.80 ]

  * bionic/linux: 4.15.0-71.80 -proposed tracker (LP: #1852289)
  * Bionic update: upstream stable patchset 2019-10-29 (LP: #1850541)
    - panic: ensure preemption is disabled during panic()
    - f2fs: use EINVAL for superblock with invalid magic
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
    - USB: yurex: Don't retry on unexpected errors
    - USB: yurex: fix NULL-derefs on disconnect
    - USB: usb-skeleton: fix runtime PM after driver unbind
    - USB: usb-skeleton: fix NULL-deref on disconnect
    - xhci: Fix false warning message about wrong bounce buffer write length
    - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
    - xhci: Check all endpoints for LPM timeout
    - usb: xhci: wait for CNR controller not ready bit in xhci resume
    - USB: adutux: fix use-after-free on disconnect
    - USB: adutux: fix NULL-derefs on disconnect
    - USB: adutux: fix use-after-free on release
    - USB: iowarrior: fix use-after-free on disconnect
    - USB: iowarrior: fix use-after-free on release
    - USB: iowarrior: fix use-after-free after driver unbind
    - USB: usblp: fix runtime PM after driver unbind
    - USB: chaoskey: fix use-after-free on release
    - USB: ldusb: fix NULL-derefs on driver unbind
    - serial: uartlite: fix exit path null pointer
    - USB: serial: keyspan: fix NULL-derefs on open() and write()
    - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
    - USB: serial: option: add Telit FN980 compositions
    - USB: serial: option: add support for Cinterion CLS8 devices
    - USB: serial: fix runtime PM after driver unbind
    - USB: usblcd: fix I/O after disconnect
    - USB: microtek: fix info-leak at probe
    - USB: dummy-hcd: fix power budget for SuperSpeed mode
    - usb: renesas_usbhs: gadget: Do not discard queues in
      usb_ep_set_{halt,wedge}()
    - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
    - USB: legousbtower: fix slab info leak at probe
    - USB: legousbtower: fix deadlock on disconnect
    - USB: legousbtower: fix potential NULL-deref on disconnect
    - USB: legousbtower: fix open after failed reset request
    - USB: legousbtower: fix use-after-free on release
    - staging: vt6655: Fix memory leak in vt6655_probe
    - iio: adc: ad799x: fix probe error handling
    - iio: adc: axp288: Override TS pin bias current for some models
    - iio: light: opt3001: fix mutex unlock race
    - efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
    - perf llvm: Don't access out-of-scope array
    - perf inject jit: Fix JIT_CODE_MOVE filename
    - CIFS: Gracefully handle QueryInfo errors during open
    - CIFS: Force revalidate inode when dentry is stale
    - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
    - kernel/sysctl.c: do not override max_threads provided by userspace
    - firmware: google: increment VPD key_len properly
    - gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
    - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
    - iio: hx711: add delay until DOUT is ready
    - iio: adc: hx711: fix bug in sampling of data
    - btrfs: fix incorrect updating of log root tree
    - NFS: Fix O_DIRECT accounting of number of bytes read/written
    - MIPS: Disable Loongson MMI instructions for kernel build
    - Fix the locking in dcache_readdir() and friends
    - media: stkwebcam: fix runtime PM after driver unbind
    - tracing/hwlat: Report total time spent in all NMIs during the sample
    - tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
    - ftrace: Get a reference counter for the trace_array on filter files
    - tracing: Get trace_array reference for available_tracers files
    - x86/asm: Fix MWAITX C-state hint value
    - iio: adc: stm32-adc: fix a race when using several adcs with dma and irq
    - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic
    - btrfs: fix uninitialized ret in ref-verify
    - arm64/sve: Fix wrong free for task->thread.sve_state
    - [Config] updateconfigs for USB_RIO500
  * Bionic update: upstream stable patchset 2019-11-13 (LP: #1852492)
    - zram: fix race between backing_dev_show and backing_dev_store
    - dm snapshot: use mutex instead of rw_semaphore
    - dm snapshot: introduce account_start_copy() and account_end_copy()
    - dm snapshot: rework COW throttling to fix deadlock
    - dm: Use kzalloc for all structs with embedded biosets/mempools
    - f2fs: flush quota blocks after turnning it off
    - scsi: lpfc: Fix a duplicate 0711 log message number.
    - sc16is7xx: Fix for "Unexpected interrupt: 8"
    - powerpc/powernv: hold device_hotplug_lock when calling
      memtrace_offline_pages()
    - HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
    - x86/cpu: Add Atom Tremont (Jacobsville)
    - HID: i2c-hid: Add Odys Winbook 13 to descriptor override
    - clk: boston: unregister clks on failure in clk_boston_setup()
    - scripts/setlocalversion: Improve -dirty check with git-status --no-optional-
      locks
    - HID: Add ASUS T100CHI keyboard dock battery quirks
    - usb: handle warm-reset port requests on hub resume
    - rtc: pcf8523: set xtal load capacitance from DT
    - mlxsw: spectrum: Set LAG port collector only when active
    - ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume
    - media: vimc: Remove unused but set variables
    - exec: load_script: Do not exec truncated interpreter path
    - PCI/PME: Fix possible use-after-free on remove
    - power: supply: max14656: fix potential use-after-free
    - iio: adc: meson_saradc: Fix memory allocation order
    - iio: fix center temperature of bmc150-accel-core
    - libsubcmd: Make _FORTIFY_SOURCE defines dependent o

  linux-kvm (4.15.0-1050.50) bionic; urgency=medium

  * CVE-2019-11135
    - [Config] Disable TSX by default when possible

  [ Ubuntu: 4.15.0-69.78 ]

  * KVM NULL pointer deref (LP: #1851205)
    - KVM: nVMX: handle page fault in vmread fix
  * CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

  [ Ubuntu: 4.15.0-68.77 ]

  * bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."

  linux-kvm (4.15.0-1048.48) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1048.48 -proposed tracker (LP: #1846115)

  * ubuntu_sysdig fails on kvm kernels (LP: #1841956)
    - [Config] linux-kvm: CONFIG_FTRACE=y

  * ubuntu_quota_smoke_test failed with KVM kernel (LP: #1784535)
    - [Config] Enable quota module support

  * please include kernel module CONFIG_NETFILTER_XT_SET (LP: #1843051)
    - [Config] Enable NETFILTER_XT_SET module

  [ Ubuntu: 4.15.0-66.75 ]

  * bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2018-21008
    - rsi: add fix for crash during assertions
  * ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket
  * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c
  * No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family
  * Add -fcf-protection=none when using retpoline flags (LP: #1843291)
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags
  * Enhanced Hardware Support - Finalize Naming (LP: #1842774)
    - s390: add support for IBM z15 machines
  * Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - btrfs: compression: add helper for type to string conversion
    - btrfs: correctly validate compression type
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - gpio: fix line flag validation in lineevent_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - ubifs: Correctly use tnc_next() in search_dh_cookie()
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - fix CTR alg blocksize
    - crypto: talitos - check data blocksize in ablkcipher.
    - crypto: talitos - fix ECB algs ivsize
    - crypto: talitos - Do not modify req->cryptlen on decryption.
    - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
    - firmware: ti_sci: Always request response from firmware
    - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to
      critclk_systems DMI table
    - nvmem: Use the same permissions for eeprom as for nvmem
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us
    - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large
      to fix kexec relocation errors
    - modules: fix BUG when load module with rodata=n
    - modules: fix compile error if don't have strict module rwx
    - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
    - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
    - powerpc/mm/radix: Use the right page size for vmemmap mapping
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
    - media: tm6000: double free if usb disconnect while streaming
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - net_sched: let qdisc_put() accept NULL pointer
    - KVM: coalesced_mmio: add bounds checking
    - firmware: google: check if size is valid when decoding VPD data
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
    - ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - ARM: dts: dra74x: Fix iodelay configuration for mmc3
    - s390/bpf: use 32-bit index for tail calls
    - f

  linux-kvm (4.15.0-1047.47) bionic; urgency=medium

  * bionic/linux-kvm: 4.15.0-1047.47 -proposed tracker (LP: #1844383)

  * Bionic update: upstream stable patchset 2019-09-09 (LP: #1843338)
    - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n

  * please include the kernel module VXLAN (LP: #1811819)
    - [Config] Enable VXLAN module support

  [ Ubuntu: 4.15.0-65.74 ]

  * bionic/linux: 4.15.0-65.74 -proposed tracker (LP: #1844403)
  * arm64: large modules fail to load (LP: #1841109)
    - arm64/kernel: kaslr: reduce module randomization range to 4 GB
    - arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419
    - arm64: fix undefined reference to 'printk'
    - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp
    - [config] Remove CONFIG_ARM64_MODULE_CMODEL_LARGE
  * CVE-2018-20976
    - xfs: clear sb->s_fs_info on mount failure
  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - net: bridge: add bitfield for options and convert vlan opts
    - net: bridge: convert nf call options to bits
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()
  * tuntap: correctly set SOCKWQ_ASYNC_NOSPACE (LP: #1830756)
    - tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
  * Bionic update: upstream stable patchset 2019-08-30 (LP: #1842114)
    - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    - MIPS: kernel: only use i8253 clocksource with periodic clockevent
    - mips: fix cacheinfo
    - netfilter: ebtables: fix a memory leak bug in compat
    - ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
    - bonding: Force slave speed check after link state recovery for 802.3ad
    - can: dev: call netif_carrier_off() in register_candev()
    - ASoC: Fail card instantiation if DAI format setup fails
    - st21nfca_connectivity_event_received: null check the allocation
    - st_nci_hci_connectivity_event_received: null check the allocation
    - ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
    - net: usb: qmi_wwan: Add the BroadMobi BM818 card
    - qed: RDMA - Fix the hw_ver returned in device attributes
    - isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
      start_isoc_chain()
    - netfilter: ipset: Fix rename concurrency with listing
    - isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
    - perf bench numa: Fix cpu0 binding
    - can: sja1000: force the string buffer NULL-terminated
    - can: peak_usb: force the string buffer NULL-terminated
    - net/ethernet/qlogic/qed: force the string buffer NULL-terminated
    - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
    - HID: input: fix a4tech horizontal wheel custom usage
    - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
    - net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
    - net: hisilicon: make hip04_tx_reclaim non-reentrant
    - net: hisilicon: fix hip04-xmit never return TX_BUSY
    - net: hisilicon: Fix dma_map_single failed on arm64
    - libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
    - libata: add SG safety checks in SFF pio transfers
    - x86/lib/cpu: Address missing prototypes warning
    - drm/vmwgfx: fix memory leak when too many retries have occurred
    - perf ftrace: Fix failure to set cpumask when only one cpu is present
    - perf cpumap: Fix writing to illegal memory in handling cpumap mask
    - perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
    - selftests: kvm: Adding config fragments
    - HID: wacom: correct misreported EKR ring values
    - HID: wacom: Correct distance scale for 2nd-gen Intuos devices
    - Revert "dm bufio: fix deadlock with loop device"
    - ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
    - libceph: fix PG split vs OSD (re)connect race
    - drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
    - gpiolib: never report open-drain/source lines as 'input' to user-space
    - userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
    - x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
    - x86/apic: Handle missing global clockevent gracefully
    - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
    - x86/boot: Save fields explicitly, zero out everything else
    - x86/boot: Fix boot regression caused by bootparam sanitizing
    - dm kcopyd: always complete failed jobs
    - dm btree: fix order of block initialization in btree_split_beneath
    - dm space map metadata: fix missing store of apply_bops() return value
    - dm table: fix invalid memory accesses with too high sector number
    - dm zoned: improve error handling in reclaim
    - dm zoned: improve error handling in i/o map code
    - dm zoned: properly handle backing device failure
    - genirq: Properly pair kobject_del() with kobject_add()
    - mm, page_owner: handle THP splits correctly
    - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
    - mm/zsmalloc.c: fix race condition in zs_destroy_pool
    - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
    - dm zoned: fix potential NULL dereference in dmz_do_reclaim()
    - powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
    - can: mcp251x: add error check when wq alloc failed
    - netfilter: ipset: Actually allow destination MAC address for hash:ip,mac
      sets too
    - netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and
      hash:ip,mac sets
    - rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
    - net: phy: phy_led_triggers: Fix a possible null-pointer dereference in
      phy_led_trigger_change_speed()
    - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
    - net: stmmac: Fix issues when numbe