Package "linux-kvm"

  linux-kvm (4.4.0-1047.53) xenial; urgency=medium

  * linux-kvm: 4.4.0-1047.53 -proposed tracker (LP: #1829195)

  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - [Config]: remove CONFIG_R3964

  [ Ubuntu: 4.4.0-149.175 ]

  * linux: 4.4.0-149.175 -proposed tracker (LP: #1829209)
  * disable a.out support (LP: #1818552)
    - [Config] Disable a.out support
  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.
  * Xenial update: 4.4.179 upstream stable release (LP: #1828420)
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - arm64: debug: Ensure debug handlers check triggering exception level
    - ext4: cleanup bh release code in ext4_ind_remove_space()
    - lib/int_sqrt: optimize initial value compute
    - tty/serial: atmel: Add is_half_duplex helper
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - CIFS: fix POSIX lock leak and invalid ptr deref
    - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
    - tracing: kdb: Fix ftdump to not sleep
    - gpio: gpio-omap: fix level interrupt idling
    - sysctl: handle overflow for file-max
    - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    - mm/cma.c: cma_declare_contiguous: correct err handling
    - mm/page_ext.c: fix an imbalance with kmemleak
    - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    - mm/slab.c: kmemleak no scan alien caches
    - ocfs2: fix a panic problem caused by o2cb_ctl
    - f2fs: do not use mutex lock in atomic context
    - fs/file.c: initialize init_files.resize_wait
    - cifs: use correct format characters
    - dm thin: add sanity checks to thin-pool and external snapshot creation
    - cifs: Fix NULL pointer dereference of devname
    - fs: fix guard_bio_eod to check for real EOD errors
    - tools lib traceevent: Fix buffer overflow in arg_eval
    - usb: chipidea: Grab the (legacy) USB PHY by phandle first
    - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
    - coresight: etm4x: Add support to enable ETMv4.2
    - ARM: 8840/1: use a raw_spinlock_t in unwind
    - mmc: omap: fix the maximum timeout setting
    - e1000e: Fix -Wformat-truncation warnings
    - IB/mlx4: Increase the timeout for CM cache
    - scsi: megaraid_sas: return error when create DMA pool failed
    - perf test: Fix failure of 'evsel-tp-sched' test on s390
    - SoC: imx-sgtl5000: add missing put_device()
    - media: sh_veu: Correct return type for mem2mem buffer helpers
    - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
    - media: s5p-g2d: Correct return type for mem2mem buffer helpers
    - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
    - leds: lp55xx: fix null deref on firmware load failure
    - kprobes: Prohibit probing on bsearch()
    - ARM: 8833/1: Ensure that NEON code always compiles with Clang
    - ALSA: PCM: check if ops are defined before suspending PCM
    - bcache: fix input overflow to cache set sysfs file io_error_halflife
    - bcache: fix input overflow to sequential_cutoff
    - bcache: improve sysfs_strtoul_clamp()
    - fbdev: fbmem: fix memory access if logo is bigger than the screen
    - cdrom: Fix race condition in cdrom_sysctl_register
    - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
    - soc: qcom: gsbi: Fix error handling in gsbi_probe()
    - mt7601u: bump supported EEPROM version
    - ARM: avoid Cortex-A9 livelock on tight dmb loops
    - tty: increase the default flip buffer limit to 2*640K
    - media: mt9m111: set initial frame size other than 0x0
    - hwrng: virtio - Avoid repeated init of completion
    - soc/tegra: fuse: Fix illegal free of IO base address
    - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
    - dmaengine: imx-dma: fix warning comparison of distinct pointer types
    - netfilter: physdev: relax br_netfilter dependency
    - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
    - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
    - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
    - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
    - dmaengine: tegra: avoid overflow of byte tracking
    - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
    - binfmt_elf: switch to new creds when switching to new mm
    - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
    - x86: vdso: Use $LD instead of $CC to link
    - x86/vdso: Drop implicit common-page-size linker flag
    - lib/string.c: implement a basic bcmp
    - tty: mark Siemens R3964 line discipline as BROKEN
    - [Config]: remove CONFIG_R3964
    - [Config]: add CONFIG_LDISC_AUTOLOAD=y
    - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    - ipv6: Fix dangling pointer when ipv6 fragment
    - ipv6: sit: reset ip header pointer in ipip6_rcv
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().
    - qmi_wwan: add Olicard 600
    - sctp: initialize _pad of sockaddr_in before copying to user memory
    - tcp: Ensure DCTCP reacts to losses
    - netns: provide pure entropy for net_hash_mix()
    - net: ethtool: not call vzalloc for zero sized memory request
    - ip6_tunnel: Match to ARPHRD_TUNNEL6

  linux-kvm (4.4.0-1046.52) xenial; urgency=medium

  [ Ubuntu: 4.4.0-148.174 ]

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - perf/x86/intel: Add model number for Skylake Server to perf
    - perf/x86: Add model numbers for Kabylake CPUs
    - perf/x86/intel: Use Intel family macros for core perf events
    - perf/x86/msr: Use Intel family macros for MSR events code
    - perf/x86/msr: Add missing Intel models
    - SAUCE: perf/x86/{cstate,rapl,uncore}: Use Intel Model name macros
    - perf/x86/msr: Add missing CPU IDs
    - x86/speculation: Simplify the CPU bug detection logic
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - bitops: avoid integer overflow in GENMASK(_ULL)
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - locking/static_keys: Provide DECLARE and well as DEFINE macros
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - SAUCE: sched/smt: Introduce sched_smt_{active,present}
    - SAUCE: Rename the Ubuntu-only spec_ctrl_mutex mutex
    - SAUCE: x86/speculation: Introduce arch_smt_update()
    - x86/speculation: Rework SMT state change
    - x86/speculation: Reorder the spec_v2 code
    - x86/speculation: Unify conditional spectre v2 print functions
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS
  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option
  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  linux-kvm (4.4.0-1045.51) xenial; urgency=medium

  * linux-kvm: 4.4.0-1045.51 -proposed tracker (LP: #1826028)

  [ Ubuntu: 4.4.0-147.173 ]

  * linux: 4.4.0-147.173 -proposed tracker (LP: #1826036)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * Xenial: Sync to upstream v4.9 (Spectre) (LP: #1820872)
    - SAUCE: cpu/hotplug: Fix Documentation/kernel-parameters.txt
    - SAUCE: Fix typo in Documentation/kernel-parameters.txt
    - SAUCE: x86: Move hunks and sync to upstream stable 4.9
    - Revert "module: Add retpoline tag to VERMAGIC"
  * CVE-2017-5753
    - posix-timers: Protect posix clock array access against speculation
    - arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
    - sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[]
    - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
    - s390/keyboard: sanitize array index in do_kdsk_ioctl
    - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
    - pktcdvd: Fix possible Spectre-v1 for pkt_devs
    - net: socket: Fix potential spectre v1 gadget in sock_is_registered
    - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
    - hwmon: (nct6775) Fix potential Spectre v1
    - mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
    - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
    - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
    - powerpc/ptrace: Mitigate potential Spectre v1
    - cfg80211: prevent speculation on cfg80211_classify8021d() return
    - ALSA: rawmidi: Fix potential Spectre v1 vulnerability
    - ALSA: seq: oss: Fix Spectre v1 vulnerability
  * CVE-2019-3874
    - sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege
    - sctp: use sk_wmem_queued to check for writable space
    - sctp: implement memory accounting on tx path
    - sctp: implement memory accounting on rx path
  * Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
    on B PowerPC (LP: #1812809)
    - selftests/ftrace: Add ppc support for kprobe args tests
  * CVE-2019-3882
    - vfio/type1: Limit DMA mappings per container
  * Intel I210 Ethernet card not working after hotplug [8086:1533]
    (LP: #1818490)
    - igb: Fix WARN_ONCE on runtime suspend
  * TSC clocksource not available in nested guests (LP: #1822821)
    - x86/tsc: Add X86_FEATURE_TSC_KNOWN_FREQ flag
    - kvmclock: fix TSC calibration for nested guests
  * Remove btrfs module after a failed fallocate attempt will cause error on 4.4
    i386 (LP: #1822579)
    - Btrfs: fix extent map leak during fallocate error path
  * systemd cause kernel trace "BUG: unable to handle kernel paging request at
    6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
    unable to handle kernel paging request at 6db23a14" on Cosmic i386
    (LP: #1813244)
    - openvswitch: fix flow actions reallocation

 -- Andrea Righi <email address hidden> Wed, 24 Apr 2019 17:08:40 +0200

  linux-kvm (4.4.0-1044.50) xenial; urgency=medium

  * linux-kvm: 4.4.0-1044.50 -proposed tracker (LP: #1822826)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  [ Ubuntu: 4.4.0-146.172 ]

  * linux: 4.4.0-146.172 -proposed tracker (LP: #1822834)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction
  * 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
    triggers system hang on i386 (LP: #1812845)
    - btrfs: raid56: properly unmap parity page in finish_parity_scrub()
  * Xenial update: 4.4.177 upstream stable release (LP: #1822271)
    - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
    - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
    - KEYS: allow reaching the keys quotas exactly
    - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
    - mfd: twl-core: Fix section annotations on {,un}protect_pm_master
    - mfd: db8500-prcmu: Fix some section annotations
    - mfd: ab8500-core: Return zero in get_register_interruptible()
    - mfd: qcom_rpm: write fw_version to CTRL_REG
    - mfd: wm5110: Add missing ASRC rate register
    - mfd: mc13xxx: Fix a missing check of a register-read failure
    - net: hns: Fix use after free identified by SLUB debug
    - MIPS: ath79: Enable OF serial ports in the default config
    - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
    - scsi: isci: initialize shost fully before calling scsi_add_host()
    - MIPS: jazz: fix 64bit build
    - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
    - atm: he: fix sign-extension overflow on large shift
    - leds: lp5523: fix a missing check of return value of lp55xx_read
    - isdn: avm: Fix string plus integer warning from Clang
    - RDMA/srp: Rework SCSI device reset handling
    - KEYS: user: Align the payload buffer
    - KEYS: always initialize keyring_index_key::desc_len
    - batman-adv: fix uninit-value in batadv_interface_tx()
    - net/packet: fix 4gb buffer limit due to overflow check
    - team: avoid complex list operations in team_nl_cmd_options_set()
    - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
    - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
    - ARCv2: Enable unaligned access in early ASM code
    - Revert "bridge: do not add port to router list when receives query with
      source 0.0.0.0"
    - libceph: handle an empty authorize reply
    - drm/msm: Unblock writer if reader closes file
    - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
    - ALSA: compress: prevent potential divide by zero bugs
    - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
    - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
    - usb: gadget: Potential NULL dereference on allocation error
    - ASoC: dapm: change snprintf to scnprintf for possible overflow
    - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
    - ARC: fix __ffs return value to avoid build warnings
    - mac80211: fix miscounting of ttl-dropped frames
    - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
    - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
    - net: altera_tse: fix connect_local_phy error path
    - ibmveth: Do not process frames after calling napi_reschedule
    - mac80211: don't initiate TDLS connection if station is not associated to AP
    - cfg80211: extend range deviation for DMG
    - KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting
      to L1
    - arm/arm64: KVM: Feed initialized memory to MMIO accesses
    - KVM: arm/arm64: Fix MMIO emulation data handling
    - powerpc: Always initialize input array when calling epapr_hypercall()
    - mmc: spi: Fix card detection during probe
    - x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
    - USB: serial: option: add Telit ME910 ECM composition
    - USB: serial: cp210x: add ID for Ingenico 3070
    - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
    - cpufreq: Use struct kobj_attribute instead of struct global_attr
    - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
    - ncpfs: fix build warning of strncpy
    - isdn: isdn_tty: fix build warning of strncpy
    - staging: lustre: fix buffer overflow of string buffer
    - net-sysfs: Fix mem leak in netdev_register_kobject
    - team: Free BPF filter when unregistering netdev
    - bnxt_en: Drop oversize TX packets to prevent errors.
    - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
    - xen-netback: fix occasional leak of grant ref mappings under memory pressure
    - net: Add __icmp_send helper.
    - net: avoid use IPCB in cipso_v4_error
    - net: phy: Micrel KSZ8061: link failure after cable connect
    - x86/CPU/AMD: Set the CPB bit unconditionally on F17h
    - applicom: Fix potential Spectre v1 vulnerabilities
    - MIPS: irq: Allocate accurate order pages for irq stack
    - hugetlbfs: fix races and page leaks during migration
    - netlabel: fix out-of-bounds memory accesses
    - net: dsa: mv88e6xxx: Fix u64 statistics
    - ip6mr: Do not call __IP6_INC_STATS() from preemptible context
    - media: uvcvideo: Fix 'type' check leading to overflow
    - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
    - perf tools: Handle TOPOLOGY headers with no CPU
    - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
    - ipvs: Fix signed integer overflow when setsockopt timeout
    - iommu/amd: Fix IOMMU page flush when detach device from a domain
    - xtensa: SMP: fix ccount_timer_shutdown
    - xtensa: SMP: fix secondary CPU initialization
    - xtensa: smp_lx200_defconfig: fix vectors clash
    - xtensa: SMP: mark each possible CPU as present
    - xtensa: SMP: limit number of possible CPUs by NR_CPUS