Package "linux-aws"

  linux-aws (4.4.0-1108.119) xenial; urgency=medium

  * xenial/linux-aws: 4.4.0-1108.119 -proposed tracker (LP: #1878861)

  [ Ubuntu: 4.4.0-180.210 ]

  * xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)
  * Xenial update: 4.4.223 upstream stable release (LP: #1878232)
    - mwifiex: fix PCIe register information for 8997 chipset
    - drm/qxl: qxl_release use after free
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - staging: rtl8192u: Fix crash due to pointers being "confusing"
    - usb: gadget: f_acm: Fix configfs attr name
    - usb: gadged: pch_udc: get rid of redundant assignments
    - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
    - usb: gadget: udc: core: don't starve DMA resources
    - MIPS: Fix macro typo
    - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
    - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
    - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
    - MIPS: scall: Handle seccomp filters which redirect syscalls
    - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
    - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
    - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
    - MIPS: BMIPS: Pretty print BMIPS5200 processor name
    - MIPS: Fix HTW config on XPA kernel without LPA enabled
    - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
    - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
    - MIPS: Fix BC1{EQ,NE}Z return offset calculation
    - MIPS: perf: Fix I6400 event numbers
    - MIPS: KVM: Fix translation of MFC0 ErrCtl
    - MIPS: SMP: Update cpu_foreign_map on CPU disable
    - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
    - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
    - bpf, mips: fix off-by-one in ctx offset allocation
    - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
    - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
    - mips/panic: replace smp_send_stop() with kdump friendly version in panic
      path
    - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
    - ARM: imx: select SRC for i.MX7
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
    - ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
    - ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
    - ARM: dts: kirkwood: use unique machine name for ds112
    - ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
    - ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
    - perf/x86: Fix filter_events() bug with event mappings
    - x86/LDT: Print the real LDT base address
    - x86/apic/uv: Silence a shift wrapping warning
    - ALSA: fm801: explicitly free IRQ line
    - ALSA: fm801: propagate TUNER_ONLY bit when autodetected
    - ALSA: fm801: detect FM-only card earlier
    - netfilter: nfnetlink: use original skbuff when acking batches
    - xfrm: fix crash in XFRM_MSG_GETSA netlink handler
    - mwifiex: fix IBSS data path issue.
    - mwifiex: add missing check for PCIe8997 chipset
    - iwlwifi: set max firmware version of 7265 to 17
    - Bluetooth: btmrvl: fix hung task warning dump
    - dccp: limit sk_filter trim to payload
    - net/mlx4_core: Do not BUG_ON during reset when PCI is offline
    - mlxsw: pci: Correctly determine if descriptor queue is full
    - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
    - alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not
      IORESOURCE_IO
    - vfio/pci: Allow VPD short read
    - mlxsw: Treat local port 64 as valid
    - IB/mlx4: Initialize hop_limit when creating address handle
    - GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
    - powerpc/pci/of: Parse unassigned resources
    - firmware: actually return NULL on failed request_firmware_nowait()
    - c8sectpfe: Rework firmware loading mechanism
    - net/mlx5: Avoid passing dma address 0 to firmware
    - IB/mlx5: Fix RC transport send queue overhead computation
    - net/mlx5: Make command timeout way shorter
    - IB/mlx5: Fix FW version diaplay in sysfs
    - net/mlx5e: Fix MLX5E_100BASE_T define
    - net/mlx5: Fix the size of modify QP mailbox
    - net/mlx5: Fix masking of reserved bits in XRCD number
    - net/mlx5e: Fix blue flame quota logic
    - net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in
      mlx5_wq_ll_create
    - net/mlx5: Avoid calling sleeping function by the health poll thread
    - net/mlx5: Fix wait_vital for VFs and remove fixed sleep
    - net/mlx5: Fix potential deadlock in command mode change
    - net/mlx5: Add timeout handle to commands with callback
    - net/mlx5: Fix pci error recovery flow
    - net/mlx5e: Copy all L2 headers into inline segment
    - net_sched: keep backlog updated with qlen
    - sch_drr: update backlog as well
    - sch_hfsc: always keep backlog updated
    - sch_prio: update backlog as well
    - sch_qfq: keep backlog updated with qlen
    - sch_sfb: keep backlog updated with qlen
    - sch_tbf: update backlog as well
    - btrfs: cleaner_kthread() doesn't need explicit freeze
    - irda: Free skb on irda_accept error path.
    - phy: fix device reference leaks
    - bonding: prevent out of bound accesses
    - mtd: nand: fix ONFI parameter page layout
    - ath10k: free cached fw bin contents when get board id fails
    - xprtrdma: checking for NULL instead of IS_ERR()
    - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
    - xprtrdma: xprt_rdma_free() must not release backchannel reqs
    - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
    - RDMA/cxgb3: device driver frees DMA memory with different size
    - mlxsw: spectrum: Don't forward packets when STP state is DISABLED
    - mlxsw: spectrum: Di

  linux-aws (4.4.0-1107.118) xenial; urgency=medium

  * xenial/linux-aws: 4.4.0-1107.118 -proposed tracker (LP: #1874793)

  * getitimer returns it_value=0 erroneously (LP: #1349028)
    - [Config] CONTEXT_TRACKING_FORCE policy should be unset

  [ Ubuntu: 4.4.0-179.209 ]

  * xenial/linux: 4.4.0-179.209 -proposed tracker (LP: #1874804)
  * Add debian/rules targets to compile/run kernel selftests (LP: #1874286)
    - [Packaging] add support to compile/run selftests
  * getitimer returns it_value=0 erroneously (LP: #1349028)
    - [Config] CONTEXT_TRACKING_FORCE policy should be unset
  * CVE-2020-11608
    - media: ov519: add missing endpoint sanity checks
  * CVE-2019-19060
    - iio: imu: adis16400: release allocated memory on failure
  * Xenial update: 4.4.219 upstream stable release (LP: #1874045)
    - drm/bochs: downgrade pci_request_region failure from error to warning
    - ipv4: fix a RCU-list lock in fib_triestat_seq_show
    - net, ip_tunnel: fix interface lookup with no key
    - sctp: fix possibly using a bad saddr with a given dst
    - l2tp: Correctly return -EBADF from pppol2tp_getname.
    - net: l2tp: Make l2tp_ip6 namespace aware
    - l2tp: fix race in l2tp_recv_common()
    - l2tp: ensure session can't get removed during pppol2tp_session_ioctl()
    - l2tp: fix duplicate session creation
    - l2tp: Refactor the codes with existing macros instead of literal number
    - l2tp: ensure sessions are freed after their PPPOL2TP socket
    - l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
    - usb: gadget: uac2: Drop unused device qualifier descriptor
    - usb: gadget: printer: Drop unused device qualifier descriptor
    - padata: always acquire cpu_hotplug_lock before pinst->lock
    - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
    - net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
    - random: always use batched entropy for get_random_u{32,64}
    - tools/accounting/getdelays.c: fix netlink attribute length
    - power: supply: axp288_charger: Fix unchecked return value
    - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
    - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
    - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
    - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
    - clk: qcom: rcg: Return failure for RCG update
    - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
    - Linux 4.4.219
  * Xenial update: 4.4.218 upstream stable release (LP: #1873852)
    - spi: qup: call spi_qup_pm_resume_runtime before suspending
    - powerpc: Include .BTF section
    - ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
    - spi/zynqmp: remove entry that causes a cs glitch
    - drm/exynos: dsi: propagate error value and silence meaningless warning
    - drm/exynos: dsi: fix workaround for the legacy clock name
    - altera-stapl: altera_get_note: prevent write beyond end of 'key'
    - USB: Disable LPM on WD19's Realtek Hub
    - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
    - USB: serial: option: add ME910G1 ECM composition 0x110b
    - usb: host: xhci-plat: add a shutdown
    - USB: serial: pl2303: add device-id for HP LD381
    - ALSA: line6: Fix endless MIDI read loop
    - ALSA: seq: virmidi: Fix running status after receiving sysex
    - ALSA: seq: oss: Fix running status after receiving sysex
    - ALSA: pcm: oss: Avoid plugin buffer overflow
    - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
    - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
    - staging/speakup: fix get_word non-space look-ahead
    - intel_th: Fix user-visible error codes
    - rtc: max8907: add missing select REGMAP_IRQ
    - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
    - mm: slub: be more careful about the double cmpxchg of freelist
    - mm, slub: prevent kmalloc_node crashes and memory leaks
    - x86/mm: split vmalloc_sync_all()
    - USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
    - USB: cdc-acm: fix rounding error in TIOCSSERIAL
    - kbuild: Disable -Wpointer-to-enum-cast
    - futex: Fix inode life-time issue
    - futex: Unbreak futex hashing
    - arm64: smp: fix smp_send_stop() behaviour
    - Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
    - hsr: fix general protection fault in hsr_addr_is_self()
    - net: dsa: Fix duplicate frames flooded by learning
    - net_sched: cls_route: remove the right filter from hashtable
    - net_sched: keep alloc_hash updated after hash allocation
    - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
    - slcan: not call free_netdev before rtnl_unlock in slcan_open
    - vxlan: check return value of gro_cells_init()
    - hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
    - hsr: add restart routine into hsr_get_node_list()
    - hsr: set .netnsok flag
    - vhost: Check docket sk_family instead of call getname
    - IB/ipoib: Do not warn if IPoIB debugfs doesn't exist
    - uapi glibc compat: fix outer guard of net device flags enum
    - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
    - drivers/hwspinlock: use correct radix tree API
    - net: ipv4: don't let PMTU updates increase route MTU
    - cpupower: avoid multiple definition with gcc -fno-common
    - dt-bindings: net: FMan erratum A050385
    - scsi: ipr: Fix softlockup when rescanning devices in petitboot
    - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
    - sxgbe: Fix off by one in samsung driver strncpy size arg
    - i2c: hix5hd2: add missed clk_disable_unprepare in remove
    - perf probe: Do not depend on dwfl_module_addrsym()
    - scripts/dtc: Remove redundant YYLOC global declaration
    - scsi: sd: Fix optimal I/O size for devices that change reported values
    - mac80211: mark station unauthorized before key removal

  linux-aws (4.4.0-1106.117) xenial; urgency=medium

  * xenial/linux-aws: 4.4.0-1106.117 -proposed tracker (LP: #1870649)

  [ Ubuntu: 4.4.0-178.208 ]

  * xenial/linux: 4.4.0-178.208 -proposed tracker (LP: #1870660)
  * CVE-2019-19768
    - blktrace: Protect q->blk_trace with RCU
    - blktrace: fix dereference after null check
  * Multiple Kexec in AWS Nitro instances fail (LP: #1869948)
    - net: ena: Add PCI shutdown handler to allow safe kexec
  * Insert test_bpf module will report 4 failures for ubuntu_bpf_jit on X s390x
    (LP: #1768452)
    - test_bpf: flag tests that cannot be jited on s390
  * Mounting LVM snapshots with xfs can hit kernel BUG in nvme driver
    (LP: #1869229)
    - block: fix bio_will_gap() for first bvec with offset
  * Xenial update: 4.4.217 upstream stable release (LP: #1868629)
    - NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
    - r8152: check disconnect status after long sleep
    - net: nfc: fix bounds checking bugs on "pipe"
    - bnxt_en: reinitialize IRQs when MTU is modified
    - fib: add missing attribute validation for tun_id
    - nl802154: add missing attribute validation
    - nl802154: add missing attribute validation for dev_type
    - team: add missing attribute validation for port ifindex
    - team: add missing attribute validation for array index
    - nfc: add missing attribute validation for SE API
    - nfc: add missing attribute validation for vendor subcommand
    - ipvlan: add cond_resched_rcu() while processing muticast backlog
    - ipvlan: do not add hardware address of master to its unicast filter list
    - ipvlan: egress mcast packets are not exceptional
    - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
    - ipvlan: don't deref eth hdr before checking it's set
    - macvlan: add cond_resched() during multicast processing
    - net: fec: validate the new settings in fec_enet_set_coalesce()
    - slip: make slhc_compress() more robust against malicious packets
    - bonding/alb: make sure arp header is pulled before accessing it
    - net: fq: add missing attribute validation for orphan mask
    - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn +
      add_taint
    - drm/amd/display: remove duplicated assignment to grph_obj_type
    - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
    - KVM: x86: clear stale x86_emulate_ctxt->intercept value
    - ARC: define __ALIGN_STR and __ALIGN symbols for ARC
    - efi: Fix a race and a buffer overflow while reading efivars via sysfs
    - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
    - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
    - nl80211: add missing attribute validation for critical protocol indication
    - nl80211: add missing attribute validation for channel switch
    - netfilter: cthelper: add missing attribute validation for cthelper
    - iommu/vt-d: Fix the wrong printing in RHSA parsing
    - iommu/vt-d: Ignore devices with out-of-spec domain number
    - ipv6: restrict IPV6_ADDRFORM operation
    - efi: Add a sanity check to efivar_store_raw()
    - batman-adv: Fix invalid read while copying bat_iv.bcast_own
    - batman-adv: Only put gw_node list reference when removed
    - batman-adv: Only put orig_node_vlan list reference when removed
    - batman-adv: Avoid endless loop in bat-on-bat netdevice check
    - batman-adv: Fix unexpected free of bcast_own on add_if error
    - batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
    - batman-adv: init neigh node last seen field
    - batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown
    - batman-adv: Drop reference to netdevice on last reference
    - batman-adv: Fix reference counting of vlan object for tt_local_entry
    - batman-adv: Avoid duplicate neigh_node additions
    - batman-adv: fix skb deref after free
    - batman-adv: Fix use-after-free/double-free of tt_req_node
    - batman-adv: Fix ICMP RR ethernet access after skb_linearize
    - batman-adv: Clean up untagged vlan when destroying via rtnl-link
    - batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag
    - batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag
    - batman-adv: Fix orig_node_vlan leak on orig_node_release
    - batman-adv: lock crc access in bridge loop avoidance
    - batman-adv: Fix non-atomic bla_claim::backbone_gw access
    - batman-adv: Fix reference leak in batadv_find_router
    - batman-adv: Free last_bonding_candidate on release of orig_node
    - batman-adv: Fix speedy join in gateway client mode
    - batman-adv: Add missing refcnt for last_candidate
    - batman-adv: Fix double free during fragment merge error
    - batman-adv: Fix transmission of final, 16th fragment
    - batman-adv: Fix rx packet/bytes stats on local ARP reply
    - batman-adv: fix TT sync flag inconsistencies
    - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
    - batman-adv: Fix internal interface indices types
    - batman-adv: update data pointers after skb_cow()
    - batman-adv: Fix skbuff rcsum on packet reroute
    - batman-adv: Avoid race in TT TVLV allocator helper
    - batman-adv: Fix TT sync flags for intermediate TT responses
    - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
    - batman-adv: Fix debugfs path for renamed hardif
    - batman-adv: Fix debugfs path for renamed softif
    - batman-adv: Avoid storing non-TT-sync flags on singular entries too
    - batman-adv: Prevent duplicated gateway_node entry
    - batman-adv: Prevent duplicated nc_node entry
    - batman-adv: Prevent duplicated global TT entry
    - batman-adv: Prevent duplicated tvlv handler
    - batman-adv: Reduce claim hash refcnt only for removed entry
    - batman-adv: Reduce tt_local hash refcnt only for removed entry
    - batman-adv: Reduce tt_global hash refcnt only for removed entry
    - batman-adv: Only read OGM tvlv_len after buffer len check