Package "linux-aws"

  linux-aws (4.4.0-1099.110) xenial; urgency=medium

  * xenial/linux-aws: 4.4.0-1099.110 -proposed tracker (LP: #1852296)

  [ Ubuntu: 4.4.0-170.199 ]

  * xenial/linux: 4.4.0-170.199 -proposed tracker (LP: #1852306)
  * update ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: fix: set freed objects to NULL to avoid failing future allocations
    - net: ena: fix swapped parameters when calling
      ena_com_indirect_table_fill_entry
    - net: ena: fix: Free napi resources when ena_up() fails
    - net: ena: fix incorrect test of supported hash function
    - net: ena: fix return value of ena_com_config_llq_info()
    - net: ena: improve latency by disabling adaptive interrupt moderation by
      default
    - net: ena: fix ena_com_fill_hash_function() implementation
    - net: ena: add handling of llq max tx burst size
    - net: ena: ethtool: add extra properties retrieval via get_priv_flags
    - net: ena: replace free_tx/rx_ids union with single free_ids field in
      ena_ring
    - net: ena: arrange ena_probe() function variables in reverse christmas tree
    - net: ena: add newline at the end of pr_err prints
    - net: ena: allow automatic fallback to polling mode
    - net: ena: add support for changing max_header_size in LLQ mode
    - net: ena: optimise calculations for CQ doorbell
    - net: ena: add good checksum counter
    - net: ena: use dev_info_once instead of static variable
    - net: ena: add MAX_QUEUES_EXT get feature admin command
    - net: ena: enable negotiating larger Rx ring size
    - net: ena: make ethtool show correct current and max queue sizes
    - net: ena: allow queue allocation backoff when low on memory
    - net: ena: add ethtool function for changing io queue sizes
    - net: ena: remove inline keyword from functions in *.c
    - net: ena: update driver version from 2.0.3 to 2.1.0
    - net: ena: Fix bug where ring allocation backoff stopped too late
    - Revert "net: ena: ethtool: add extra properties retrieval via
      get_priv_flags"
    - net: ena: don't wake up tx queue when down
    - net: ena: clean up indentation issue
  * Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700) // update
    ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: gcc 8: fix compilation warning
  * Skip frame when buffer overflow on UVC camera (LP: #1849871)
    - media: uvcvideo: Mark buffer error where overflow
  * CVE-2018-20784
    - sched/fair: Fix infinite loop in update_blocked_averages() by reverting
      a9e7f6544b9c
    - sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list
    - sched/fair: Add tmp_alone_branch assertion
    - sched/fair: Fix insertion in rq->leaf_cfs_rq_list
    - sched/fair: Optimize update_blocked_averages()
    - sched/fair: Fix O(nr_cgroups) in the load balancing path
  * Xenial update: 4.4.200 upstream stable release (LP: #1852110)
    - kbuild: add -fcf-protection=none when using retpoline flags
    - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
    - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
      could be uninitialized
    - ASoc: rockchip: i2s: Fix RPM imbalance
    - ARM: dts: logicpd-torpedo-som: Remove twl_keypad
    - ARM: mm: fix alignment handler faults under memory pressure
    - scsi: sni_53c710: fix compilation error
    - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
    - perf kmem: Fix memory leak in compact_gfp_flags()
    - scsi: target: core: Do not overwrite CDB byte 1
    - of: unittest: fix memory leak in unittest_data_add
    - MIPS: bmips: mark exception vectors as char arrays
    - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
    - dccp: do not leak jiffies on the wire
    - net: fix sk_page_frag() recursion from memory reclaim
    - net: hisilicon: Fix ping latency when deal with high throughput
    - SAUCE: Revert "net: Zeroing the structure ethtool_wolinfo in
      ethtool_get_wol()"
    - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
    - net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
    - vxlan: check tun_info options_len properly
    - net/mlx4_core: Dynamically set guaranteed amount of counters per VF
    - inet: stop leaking jiffies on the wire
    - net/flow_dissector: switch to siphash
    - dmaengine: qcom: bam_dma: Fix resource leak
    - ARM: 8051/1: put_user: fix possible data corruption in put_user
    - ARM: 8478/2: arm/arm64: add arm-smccc
    - ARM: 8479/2: add implementation for arm-smccc
    - ARM: 8480/2: arm64: add implementation for arm-smccc
    - ARM: 8481/2: drivers: psci: replace psci firmware calls
    - ARM: uaccess: remove put_user() code duplication
    - ARM: Move system register accessors to asm/cp15.h
    - arm/arm64: KVM: Advertise SMCCC v1.1
    - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
    - firmware/psci: Expose PSCI conduit
    - firmware/psci: Expose SMCCC version through psci_ops
    - arm/arm64: smccc: Make function identifiers an unsigned quantity
    - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
    - arm/arm64: smccc: Add SMCCC-specific return codes
    - arm/arm64: smccc-1.1: Make return values unsigned long
    - arm/arm64: smccc-1.1: Handle function result as parameters
    - ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
    - ARM: bugs: prepare processor bug infrastructure
    - ARM: bugs: hook processor bug checking into SMP and suspend paths
    - ARM: bugs: add support for per-processor bug checking
    - ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
    - ARM: spectre-v2: harden branch predictor on context switches
    - ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
    - ARM: spectre-v2: harden user aborts in kernel space
    - ARM: spectre-v2: add firmware based hardening
    - ARM: spectre-v2: warn about incorrect context switching functions
    - ARM: spectre-v1: add speculation ba

  linux-aws (4.4.0-1098.109) xenial; urgency=medium

  * CVE-2019-11135
    - [Config] Disable TSX by default when possible

  [ Ubuntu: 4.4.0-168.197 ]

  * CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-only support under GVT
    - SAUCE: i915_bpo: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: i915_bpo: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: i915_bpo: drm/i915/cmdparser: Use binary search for faster register
      lookup
    - SAUCE: i915_bpo: drm/i915/cmdparser: Check reg_table_count before
      derefencing.
    - SAUCE: i915_bpo: drm/i915: Remove Master tables from cmdparser
    - SAUCE: i915_bpo: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: i915_bpo: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches
    - SAUCE: i915_bpo: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: i915_bpo: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command
      matching

  linux-aws (4.4.0-1097.108) xenial; urgency=medium

  * xenial/linux-aws: 4.4.0-1097.108 -proposed tracker (LP: #1849041)

  * Xenial update: 4.4.197 upstream stable release (LP: #1848780)
    - [Config] aws: updateconfigs for USB_RIO500

  [ Ubuntu: 4.4.0-167.196 ]

  * xenial/linux: 4.4.0-167.196 -proposed tracker (LP: #1849051)
  * Xenial update: 4.4.197 upstream stable release (LP: #1848780)
    - KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
    - s390/topology: avoid firing events before kobjs are created
    - s390/cio: avoid calling strlen on null pointer
    - s390/cio: exclude subchannels with no parent from pseudo check
    - KVM: nVMX: handle page fault in vmread fix
    - ASoC: Define a set of DAPM pre/post-up events
    - powerpc/powernv: Restrict OPAL symbol map to only be readable by root
    - can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
    - crypto: qat - Silence smp_processor_id() warning
    - ieee802154: atusb: fix use-after-free at disconnect
    - cfg80211: initialize on-stack chandefs
    - ima: always return negative code for error
    - fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
    - 9p: avoid attaching writeback_fid on mmap with type PRIVATE
    - xen/pci: reserve MCFG areas earlier
    - ceph: fix directories inode i_blkbits initialization
    - drm/amdgpu: Check for valid number of registers to read
    - thermal: Fix use-after-free when unregistering thermal zone device
    - fuse: fix memleak in cuse_channel_open
    - kernel/elfcore.c: include proper prototypes
    - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
    - perf stat: Fix a segmentation fault when using repeat forever
    - crypto: caam - fix concurrency issue in givencrypt descriptor
    - cfg80211: add and use strongly typed element iteration macros
    - cfg80211: Use const more consistently in for_each_element macros
    - nl80211: validate beacon head
    - ASoC: sgtl5000: Improve VAG power and mute control
    - panic: ensure preemption is disabled during panic()
    - [Config] updateconfigs for USB_RIO500
    - USB: rio500: Remove Rio 500 kernel driver
    - USB: yurex: Don't retry on unexpected errors
    - USB: yurex: fix NULL-derefs on disconnect
    - USB: usb-skeleton: fix runtime PM after driver unbind
    - USB: usb-skeleton: fix NULL-deref on disconnect
    - xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
    - xhci: Check all endpoints for LPM timeout
    - usb: xhci: wait for CNR controller not ready bit in xhci resume
    - USB: adutux: remove redundant variable minor
    - USB: adutux: fix use-after-free on disconnect
    - USB: adutux: fix NULL-derefs on disconnect
    - USB: adutux: fix use-after-free on release
    - USB: iowarrior: fix use-after-free on disconnect
    - USB: iowarrior: fix use-after-free on release
    - USB: iowarrior: fix use-after-free after driver unbind
    - USB: usblp: fix runtime PM after driver unbind
    - USB: chaoskey: fix use-after-free on release
    - USB: ldusb: fix NULL-derefs on driver unbind
    - serial: uartlite: fix exit path null pointer
    - USB: serial: keyspan: fix NULL-derefs on open() and write()
    - USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
    - USB: serial: option: add Telit FN980 compositions
    - USB: serial: option: add support for Cinterion CLS8 devices
    - USB: serial: fix runtime PM after driver unbind
    - USB: usblcd: fix I/O after disconnect
    - USB: microtek: fix info-leak at probe
    - USB: dummy-hcd: fix power budget for SuperSpeed mode
    - usb: renesas_usbhs: gadget: Do not discard queues in
      usb_ep_set_{halt,wedge}()
    - usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
    - USB: legousbtower: fix slab info leak at probe
    - USB: legousbtower: fix deadlock on disconnect
    - USB: legousbtower: fix potential NULL-deref on disconnect
    - USB: legousbtower: fix open after failed reset request
    - USB: legousbtower: fix use-after-free on release
    - staging: vt6655: Fix memory leak in vt6655_probe
    - iio: adc: ad799x: fix probe error handling
    - iio: light: opt3001: fix mutex unlock race
    - perf llvm: Don't access out-of-scope array
    - CIFS: Gracefully handle QueryInfo errors during open
    - CIFS: Force reval dentry if LOOKUP_REVAL flag is set
    - kernel/sysctl.c: do not override max_threads provided by userspace
    - arm64: capabilities: Handle sign of the feature bit
    - arm64: Rename cpuid_feature field extract routines
    - Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
    - cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
    - CIFS: Force revalidate inode when dentry is stale
    - media: stkwebcam: fix runtime PM after driver unbind
    - tracing: Get trace_array reference for available_tracers files
    - x86/asm: Fix MWAITX C-state hint value
    - Linux 4.4.197
    - [Config] updateconfigs for USB_RIO500
  * CVE-2019-17666
    - SAUCE: rtlwifi: Fix potential overflow on P2P code
  * Suspend stopped working from 4.4.0-157 onwards (LP: #1844021) // Xenial
    update: 4.4.197 upstream stable release (LP: #1848780)
    - xhci: Increase STS_SAVE timeout in xhci_suspend()
  * Ubuntu 16.04.6 - Shared CEX7C cards defined in z/VM guest not established by
    zcrypt device driver (LP: #1848173)
    - SAUCE: s390/zcrypt: CEX7 toleration support
  * Xenial update: 4.4.196 upstream stable release (LP: #1848598)
    - video: ssd1307fb: Start page range at page_offset
    - gpu: drm: radeon: Fix a possible null-pointer dereference in
      radeon_connector_set_property()
    - ipmi_si: Only schedule continuously in the thread in maintenance mode
    - clk: qoriq: Fix -Wunused-const-variable
    - clk: sirf: Don't reference clk_init_data after registration
    - powerpc/rtas: use device model APIs and serialization during LPM
    - powerpc/futex: Fix warning: 'oldval' may

  linux-aws (4.4.0-1096.107) xenial; urgency=medium

  * xenial/linux-aws: 4.4.0-1096.107 -proposed tracker (LP: #1846059)

  [ Ubuntu: 4.4.0-166.195 ]

  * xenial/linux: 4.4.0-166.195 -proposed tracker (LP: #1846069)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2017-18232
    - scsi: libsas: direct call probe and destruct
  * CVE-2018-21008
    - rsi: add fix for crash during assertions
  * Xenial update: 4.4.194 upstream stable release (LP: #1845405)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - driver core: Fix use-after-free and double free on glue directory
    - crypto: talitos - check AES key size
    - crypto: talitos - check data blocksize in ablkcipher.
    - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence
      GCC9 build warning
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - USB: usbcore: Fix slab-out-of-bounds bug during device reset
    - media: tm6000: double free if usb disconnect while streaming
    - x86/boot: Add missing bootparam that breaks boot on some platforms
    - xen-netfront: do not assume sk_buff_head list is empty in error handling
    - serial: sprd: correct the wrong sequence of arguments
    - tty/serial: atmel: reschedule TX after RX was started
    - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
    - s390/bpf: fix lcgr instruction encoding
    - ARM: OMAP2+: Fix omap4 errata warning on other SoCs
    - s390/bpf: use 32-bit index for tail calls
    - NFSv4: Fix return values for nfs4_file_open()
    - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
    - Kconfig: Fix the reference to the IDT77105 Phy driver in the description of
      ATM_NICSTAR_USE_IDT77105
    - ARM: 8874/1: mm: only adjust sections of valid mm structures
    - r8152: Set memory to all 0xFFs on failed reg reads
    - x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
    - netfilter: nf_conntrack_ftp: Fix debug output
    - NFSv2: Fix eof handling
    - NFSv2: Fix write regression
    - cifs: set domainName when a domain-key is used in multiuser
    - cifs: Use kzfree() to zero out the password
    - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
    - tools/power turbostat: fix buffer overrun
    - net: seeq: Fix the function used to release some memory in an error handling
      path
    - dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
    - keys: Fix missing null pointer check in request_key_auth_describe()
    - floppy: fix usercopy direction
    - media: technisat-usb2: break out of loop at end of buffer
    - ARC: export "abort" for modules
    - net_sched: let qdisc_put() accept NULL pointer
    - Linux 4.4.194
  * CVE-2019-14821
    - KVM: coalesced_mmio: add bounds checking
  * Xenial update: 4.4.193 upstream stable release (LP: #1845395)
    - ALSA: hda - Fix potential endless loop at applying quirks
    - ALSA: hda/realtek - Fix overridden device-specific initialization
    - xfrm: clean up xfrm protocol checks
    - vhost/test: fix build for vhost test
    - scripts/decode_stacktrace: match basepath using shell prefix operator, not
      regex
    - clk: s2mps11: Add used attribute to s2mps11_dt_match
    - x86, boot: Remove multiple copy of static function sanitize_boot_params()
    - af_packet: tone down the Tx-ring unsupported spew.
    - Linux 4.4.193
  * Xenial update: 4.4.192 upstream stable release (LP: #1845374)
    - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ
      context
    - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
    - Bluetooth: btqca: Add a short delay before downloading the NVM
    - ibmveth: Convert multicast list size for little-endian system
    - gpio: Fix build error of function redefinition
    - cxgb4: fix a memory leak bug
    - net: myri10ge: fix memory leaks
    - cx82310_eth: fix a memory leak bug
    - net: kalmia: fix memory leaks
    - wimax/i2400m: fix a memory leak bug
    - ravb: Fix use-after-free ravb_tstamp_skb
    - Tools: hv: kvp: eliminate 'may be used uninitialized' warning
    - IB/mlx4: Fix memory leaks
    - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
    - KVM: arm/arm64: Only skip MMIO insn once
    - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
    - spi: bcm2835aux: ensure interrupts are enabled for shared handler
    - spi: bcm2835aux: unifying code between polling and interrupt driven code
    - spi: bcm2835aux: remove dangerous uncontrolled read of fifo
    - spi: bcm2835aux: fix corruptions for longer spi transfers
    - Revert "x86/apic: Include the LDR when clearing out APIC regis