Package "linux-kvm"

  linux-kvm (4.4.0-1077.84) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1077.84 -proposed tracker (LP: #1885506)

  * LXD 4.2 broken on linux-kvm due to missing VLAN filtering (LP: #1882955)
    - [Config] VLAN_8021Q=m && BRIDGE_VLAN_FILTERING=y

  [ Ubuntu: 4.4.0-186.216 ]

  * xenial/linux: 4.4.0-186.216 -proposed tracker (LP: #1885514)
  * Xenial update: v4.4.228 upstream stable release (LP: #1884564)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - scsi: return correct blkprep status code in case scsi_init_io() fails.
    - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
    - pwm: fsl-ftm: Use flat regmap cache
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - ath9k_htc: Silence undersized packet warnings
    - x86_64: Fix jiffies ODR violation
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: PM: Avoid using power resources if there are none for D0
    - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: bcm2835aux: Fix controller unregister order
    - ALSA: pcm: disallow linking stream to itself
    - x86/speculation: Change misspelled STIPB to STIBP
    - x86/speculation: Add support for STIBP always-on preferred mode
    - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced
      IBRS.
    - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
    - spi: dw: fix possible race condition
    - spi: dw: Fix controller unregister order
    - spi: No need to assign dummy value in spi_unregister_controller()
    - spi: Fix controller unregister order
    - spi: pxa2xx: Fix controller unregister order
    - spi: bcm2835: Fix controller unregister order
    - ovl: initialize error in ovl_copy_xattr
    - proc: Use new_inode not new_inode_pseudo
    - video: fbdev: w100fb: Fix a potential double free.
    - KVM: nSVM: leave ASID aside in copy_vmcb_control_area
    - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
    - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
    - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
    - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
    - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - Smack: slab-out-of-bounds in vsscanf
    - mm/slub: fix a memory leak in sysfs_slab_add()
    - fat: don't allow to mount if the FAT length == 0
    - can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
    - spi: dw: Zero DMA Tx and Rx configurations on stack
    - Bluetooth: Add SCO fallback for invalid LMP parameters error
    - kgdb: Prevent infinite recursive entries to the debugger
    - spi: dw: Enable interrupts in accordance with DMA xfer mode
    - clocksource: dw_apb_timer_of: Fix missing clockevent timers
    - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
    - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
    - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
      vmxnet3_get_rss()
    - staging: android: ion: use vmap instead of vm_map_ram
    - e1000: Distribute switch variables for initialization
    - media: dvb: return -EREMOTEIO on i2c transfer failure.
    - MIPS: Make sparse_init() using top-down allocation
    - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
    - lib/mpi: Fix 64-bit MIPS build with Clang
    - net: lpc-enet: fix error return code in lpc_mii_init()
    - net: allwinner: Fix use correct return type for ndo_start_xmit()
    - powerpc/spufs: fix copy_to_user while atomic
    - mips: cm: Fix an invalid error code of INTVN_*_ERR
    - kgdb: Fix spurious true from in_dbg_master()
    - md: don't flush workqueue unconditionally in md_open
    - mwifiex: Fix memory corruption in dump_station
    - mips: Add udelay lpj numbers adjustment
    - x86/mm: Stop printing BRK addresses
    - m68k: mac: Don't call via_flush_cache() on Mac IIfx
    - macvlan: Skip loopback packets in RX handler
    - PCI: Don't disable decoding when mmio_always_on is set
    - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
    - ixgbe: fix signed-integer-overflow warning
    - spi: dw: Return any value retrieved from the dma_transfer callback
    - cpuidle: Fix three reference count leaks
    - ima: Fix ima digest hash table key calculation
    - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
    - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
    - btrfs: send: emit file capabilities after chown
    - btrfs: fix error handling when submitting direct I/O bio
    - ima: Directly assign the ima_default_policy pointer to ima_rules
    - PCI: Program MPS for RCiEP devices
    - e1000e: Relax condition to trigger reset for ME workaround
    - carl9170: remove P2P_GO support
    - media: go7007: fix a miss of snd_card_free
    - b43legacy: Fix case where channel status is corrupted
    - b43: Fix connection problem with WPA3
    - b43_legacy: Fix connection problem with WPA3
    - igb: Report speed and duplex as unknown when device is runtime suspended
    - power: vexpress: add suppress_bind_attrs to true
    - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
    - sparc32: fix register window handling in genregs32_[gs]et()
    - kernel/cpu_pm: Fix uninitted local in cpu_pm
    - ARM: tegr

  linux-kvm (4.4.0-1076.83) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1076.83 -proposed tracker (LP: #1882762)

  [ Ubuntu: 4.4.0-185.215 ]

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Xenial update: 4.4.224 upstream stable release (LP: #1881356)
    - USB: serial: qcserial: Add DW5816e support
    - Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
    - dp83640: reverse arguments to list_add_tail
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - sch_sfq: validate silly quantum values
    - sch_choke: avoid potential panic in choke_reset()
    - enic: do not overwrite error code
    - ipv6: fix cleanup ordering for ip6_mr failure
    - binfmt_elf: move brk out of mmap when doing direct loader exec
    - x86/apm: Don't access __preempt_count with zeroed fs
    - Revert "IB/ipoib: Update broadcast object if PKey value was changed in index
      0"
    - USB: uas: add quirk for LaCie 2Big Quadra
    - USB: serial: garmin_gps: add sanity checking for data length
    - batman-adv: fix batadv_nc_random_weight_tq
    - scripts/decodecode: fix trapping instruction formatting
    - phy: micrel: Ensure interrupts are reenabled on resume
    - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
    - ext4: add cond_resched() to ext4_protect_reserved_inode
    - blktrace: Fix potential deadlock between delete & sysfs ops
    - blktrace: fix unlocked access to init/start-stop/teardown
    - blktrace: fix trace mutex deadlock
    - ptp: do not explicitly set drvdata in ptp_clock_register()
    - ptp: use is_visible method to hide unused attributes
    - ptp: create "pins" together with the rest of attributes
    - chardev: add helper function to register char devs with a struct device
    - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
    - ptp: fix the race between the release of ptp_clock and cdev
    - ptp: free ptp device pin descriptors properly
    - net: handle no dst on skb in icmp6_send
    - net/sonic: Fix a resource leak in an error handling path in
      'jazz_sonic_probe()'
    - net: moxa: Fix a potential double 'free_irq()'
    - drop_monitor: work around gcc-10 stringop-overflow warning
    - scsi: sg: add sg_remove_request in sg_write
    - cifs: Check for timeout on Negotiate stage
    - cifs: Fix a race condition with cifs_echo_request
    - dmaengine: pch_dma.c: Avoid data race between probe and irq handler
    - dmaengine: mmp_tdma: Reset channel error on release
    - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
    - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
    - net: openvswitch: fix csum updates for MPLS actions
    - gre: do not keep the GRE header around in collect medata mode
    - mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
    - scsi: qla2xxx: Avoid double completion of abort command
    - i40e: avoid NVM acquire deadlock during NVM update
    - net/mlx5: Fix driver load error flow when firmware is stuck
    - netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
    - IB/mlx4: Test return value of calls to ib_get_cached_pkey
    - pnp: Use list_for_each_entry() instead of open coding
    - gcc-10 warnings: fix low-hanging fruit
    - kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
    - Stop the ad-hoc games with -Wno-maybe-initialized
    - gcc-10: disable 'zero-length-bounds' warning for now
    - gcc-10: disable 'array-bounds' warning for now
    - gcc-10: disable 'stringop-overflow' warning for now
    - gcc-10: disable 'restrict' warning for now
    - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
    - blk-mq: Allow blocking queue tag iter callbacks
    - x86/paravirt: Remove the unused irq_enable_sysexit pv op
    - gcc-10: avoid shadowing standard library 'free()' in crypto
    - net: fix a potential recursive NETDEV_FEAT_CHANGE
    - net: ipv4: really enforce backoff for redirects
    - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
    - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
    - ALSA: rawmidi: Initialize allocated buffers
    - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
    - x86: Fix early boot crash on gcc-10, third try
    - exec: Move would_dump into flush_old_exec
    - usb: gadget: net2272: Fix a memory leak in an error handling path in
      'net2272_plat_probe()'
    - usb: gadget: audio: Fix a missing error return value in audio_bind()
    - usb: gadget: legacy: fix error return code in gncm_bind()
    - usb: gadget: legacy: fix error return code in cdc_bind()
    - ARM: dts: r8a7740: Add missing extal2 to CPG node
    - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
    - Makefile: disallow data races on gcc-10 as well
    - scsi: iscsi: Fix a potential deadlock in the timeout handler
    - Linux 4.4.224
  * upgrading to 4.15.0-99-generic breaks the sound and the trackpad
    (LP: #1875916) // Xenial update: 4.4.224 upstream stable release
    (LP: #1881356)
    - Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
  * CVE-2020-10711
    - netlabel: cope with NULL catmap
  * CVE-2020-13143
    - USB: gadget: fix illegal array access in binding with UDC
  * ext2 build failure on 4.4.0-180.210 (LP: #1880213)
    - ext2: fix debug reference to ext2_xattr_cache
  * test_bpf of ubuntu_kernel_selftests.net ADT test failure with linux
    4.4.0-180.210 (LP: #1879752)
    - bpf, test: fix ld_abs + vlan push/pop stress test

 -- Sultan Alsawaf <email address hidden> Fri, 12 Jun 2020 11:01:55 -0700

  linux-kvm (4.4.0-1075.82) xenial; urgency=medium

  [ Ubuntu: 4.4.0-184.214 ]

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

  [ Ubuntu: 4.4.0-181.211 ]

  * xenial/linux: 4.4.0-181.211 -proposed tracker (LP: #1881170)
  * CVE-2020-12769
    - spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
  * I2C bus on Dell Edge Gateway stops working after upgrading to
    Ubuntu-4.4.0-180.210 (LP: #1881124)
    - SAUCE: Revert: Revert "ACPI / LPSS: allow to use specific PM domain during
      ->probe()"

  linux-kvm (4.4.0-1072.79) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1072.79 -proposed tracker (LP: #1878865)

  [ Ubuntu: 4.4.0-180.210 ]

  * xenial/linux: 4.4.0-180.210 -proposed tracker (LP: #1878873)
  * Xenial update: 4.4.223 upstream stable release (LP: #1878232)
    - mwifiex: fix PCIe register information for 8997 chipset
    - drm/qxl: qxl_release use after free
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - staging: rtl8192u: Fix crash due to pointers being "confusing"
    - usb: gadget: f_acm: Fix configfs attr name
    - usb: gadged: pch_udc: get rid of redundant assignments
    - usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
    - usb: gadget: udc: core: don't starve DMA resources
    - MIPS: Fix macro typo
    - MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
    - MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
    - MIPS: smp-cps: Stop printing EJTAG exceptions to UART
    - MIPS: scall: Handle seccomp filters which redirect syscalls
    - MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
    - MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
    - MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
    - MIPS: BMIPS: Pretty print BMIPS5200 processor name
    - MIPS: Fix HTW config on XPA kernel without LPA enabled
    - MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
    - MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
    - MIPS: Fix BC1{EQ,NE}Z return offset calculation
    - MIPS: perf: Fix I6400 event numbers
    - MIPS: KVM: Fix translation of MFC0 ErrCtl
    - MIPS: SMP: Update cpu_foreign_map on CPU disable
    - MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
    - MIPS: Octeon: Off by one in octeon_irq_gpio_map()
    - bpf, mips: fix off-by-one in ctx offset allocation
    - MIPS: RM7000: Double locking bug in rm7k_tc_disable()
    - MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
    - mips/panic: replace smp_send_stop() with kdump friendly version in panic
      path
    - ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
    - ARM: imx: select SRC for i.MX7
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
    - ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
    - ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
    - ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
    - ARM: dts: kirkwood: use unique machine name for ds112
    - ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
    - ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
    - perf/x86: Fix filter_events() bug with event mappings
    - x86/LDT: Print the real LDT base address
    - x86/apic/uv: Silence a shift wrapping warning
    - ALSA: fm801: explicitly free IRQ line
    - ALSA: fm801: propagate TUNER_ONLY bit when autodetected
    - ALSA: fm801: detect FM-only card earlier
    - netfilter: nfnetlink: use original skbuff when acking batches
    - xfrm: fix crash in XFRM_MSG_GETSA netlink handler
    - mwifiex: fix IBSS data path issue.
    - mwifiex: add missing check for PCIe8997 chipset
    - iwlwifi: set max firmware version of 7265 to 17
    - Bluetooth: btmrvl: fix hung task warning dump
    - dccp: limit sk_filter trim to payload
    - net/mlx4_core: Do not BUG_ON during reset when PCI is offline
    - mlxsw: pci: Correctly determine if descriptor queue is full
    - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
    - alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not
      IORESOURCE_IO
    - vfio/pci: Allow VPD short read
    - mlxsw: Treat local port 64 as valid
    - IB/mlx4: Initialize hop_limit when creating address handle
    - GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
    - powerpc/pci/of: Parse unassigned resources
    - firmware: actually return NULL on failed request_firmware_nowait()
    - c8sectpfe: Rework firmware loading mechanism
    - net/mlx5: Avoid passing dma address 0 to firmware
    - IB/mlx5: Fix RC transport send queue overhead computation
    - net/mlx5: Make command timeout way shorter
    - IB/mlx5: Fix FW version diaplay in sysfs
    - net/mlx5e: Fix MLX5E_100BASE_T define
    - net/mlx5: Fix the size of modify QP mailbox
    - net/mlx5: Fix masking of reserved bits in XRCD number
    - net/mlx5e: Fix blue flame quota logic
    - net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in
      mlx5_wq_ll_create
    - net/mlx5: Avoid calling sleeping function by the health poll thread
    - net/mlx5: Fix wait_vital for VFs and remove fixed sleep
    - net/mlx5: Fix potential deadlock in command mode change
    - net/mlx5: Add timeout handle to commands with callback
    - net/mlx5: Fix pci error recovery flow
    - net/mlx5e: Copy all L2 headers into inline segment
    - net_sched: keep backlog updated with qlen
    - sch_drr: update backlog as well
    - sch_hfsc: always keep backlog updated
    - sch_prio: update backlog as well
    - sch_qfq: keep backlog updated with qlen
    - sch_sfb: keep backlog updated with qlen
    - sch_tbf: update backlog as well
    - btrfs: cleaner_kthread() doesn't need explicit freeze
    - irda: Free skb on irda_accept error path.
    - phy: fix device reference leaks
    - bonding: prevent out of bound accesses
    - mtd: nand: fix ONFI parameter page layout
    - ath10k: free cached fw bin contents when get board id fails
    - xprtrdma: checking for NULL instead of IS_ERR()
    - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
    - xprtrdma: xprt_rdma_free() must not release backchannel reqs
    - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
    - RDMA/cxgb3: device driver frees DMA memory with different size
    - mlxsw: spectrum: Don't forward packets when STP state is DISABLED
    - mlxsw: spectrum: Disa