Package "linux"

  linux (4.4.0-185.215) xenial; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported

  * Xenial update: 4.4.224 upstream stable release (LP: #1881356)
    - USB: serial: qcserial: Add DW5816e support
    - Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
    - dp83640: reverse arguments to list_add_tail
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - sch_sfq: validate silly quantum values
    - sch_choke: avoid potential panic in choke_reset()
    - enic: do not overwrite error code
    - ipv6: fix cleanup ordering for ip6_mr failure
    - binfmt_elf: move brk out of mmap when doing direct loader exec
    - x86/apm: Don't access __preempt_count with zeroed fs
    - Revert "IB/ipoib: Update broadcast object if PKey value was changed in index
      0"
    - USB: uas: add quirk for LaCie 2Big Quadra
    - USB: serial: garmin_gps: add sanity checking for data length
    - batman-adv: fix batadv_nc_random_weight_tq
    - scripts/decodecode: fix trapping instruction formatting
    - phy: micrel: Ensure interrupts are reenabled on resume
    - binfmt_elf: Do not move brk for INTERP-less ET_EXEC
    - ext4: add cond_resched() to ext4_protect_reserved_inode
    - blktrace: Fix potential deadlock between delete & sysfs ops
    - blktrace: fix unlocked access to init/start-stop/teardown
    - blktrace: fix trace mutex deadlock
    - ptp: do not explicitly set drvdata in ptp_clock_register()
    - ptp: use is_visible method to hide unused attributes
    - ptp: create "pins" together with the rest of attributes
    - chardev: add helper function to register char devs with a struct device
    - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
    - ptp: fix the race between the release of ptp_clock and cdev
    - ptp: free ptp device pin descriptors properly
    - net: handle no dst on skb in icmp6_send
    - net/sonic: Fix a resource leak in an error handling path in
      'jazz_sonic_probe()'
    - net: moxa: Fix a potential double 'free_irq()'
    - drop_monitor: work around gcc-10 stringop-overflow warning
    - scsi: sg: add sg_remove_request in sg_write
    - cifs: Check for timeout on Negotiate stage
    - cifs: Fix a race condition with cifs_echo_request
    - dmaengine: pch_dma.c: Avoid data race between probe and irq handler
    - dmaengine: mmp_tdma: Reset channel error on release
    - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
    - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
    - net: openvswitch: fix csum updates for MPLS actions
    - gre: do not keep the GRE header around in collect medata mode
    - mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
    - scsi: qla2xxx: Avoid double completion of abort command
    - i40e: avoid NVM acquire deadlock during NVM update
    - net/mlx5: Fix driver load error flow when firmware is stuck
    - netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
    - IB/mlx4: Test return value of calls to ib_get_cached_pkey
    - pnp: Use list_for_each_entry() instead of open coding
    - gcc-10 warnings: fix low-hanging fruit
    - kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
    - Stop the ad-hoc games with -Wno-maybe-initialized
    - gcc-10: disable 'zero-length-bounds' warning for now
    - gcc-10: disable 'array-bounds' warning for now
    - gcc-10: disable 'stringop-overflow' warning for now
    - gcc-10: disable 'restrict' warning for now
    - blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
    - blk-mq: Allow blocking queue tag iter callbacks
    - x86/paravirt: Remove the unused irq_enable_sysexit pv op
    - gcc-10: avoid shadowing standard library 'free()' in crypto
    - net: fix a potential recursive NETDEV_FEAT_CHANGE
    - net: ipv4: really enforce backoff for redirects
    - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
    - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
    - ALSA: rawmidi: Initialize allocated buffers
    - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
    - x86: Fix early boot crash on gcc-10, third try
    - exec: Move would_dump into flush_old_exec
    - usb: gadget: net2272: Fix a memory leak in an error handling path in
      'net2272_plat_probe()'
    - usb: gadget: audio: Fix a missing error return value in audio_bind()
    - usb: gadget: legacy: fix error return code in gncm_bind()
    - usb: gadget: legacy: fix error return code in cdc_bind()
    - ARM: dts: r8a7740: Add missing extal2 to CPG node
    - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
    - Makefile: disallow data races on gcc-10 as well
    - scsi: iscsi: Fix a potential deadlock in the timeout handler
    - Linux 4.4.224

  * upgrading to 4.15.0-99-generic breaks the sound and the trackpad
    (LP: #1875916) // Xenial update: 4.4.224 upstream stable release
    (LP: #1881356)
    - Revert "ALSA: hda/realtek: Fix pop noise on ALC225"

  * CVE-2020-10711
    - netlabel: cope with NULL catmap

  * CVE-2020-13143
    - USB: gadget: fix illegal array access in binding with UDC

  * ext2 build failure on 4.4.0-180.210 (LP: #1880213)
    - ext2: fix debug reference to ext2_xattr_cache

  * test_bpf of ubuntu_kernel_selftests.net ADT test failure with linux
    4.4.0-180.210 (LP: #1879752)
    - bpf, test: fix ld_abs + vlan push/pop stress test

 -- Marcelo Henrique Cerri <email address hidden> Mon, 08 Jun 2020 14:45:12 -0300

  linux (4.4.0-184.214) xenial; urgency=medium

  * CVE-2020-0543
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

  linux (4.4.0-179.209) xenial; urgency=medium

  * xenial/linux: 4.4.0-179.209 -proposed tracker (LP: #1874804)

  * Add debian/rules targets to compile/run kernel selftests (LP: #1874286)
    - [Packaging] add support to compile/run selftests

  * getitimer returns it_value=0 erroneously (LP: #1349028)
    - [Config] CONTEXT_TRACKING_FORCE policy should be unset

  * CVE-2020-11608
    - media: ov519: add missing endpoint sanity checks

  * CVE-2019-19060
    - iio: imu: adis16400: release allocated memory on failure

  * Xenial update: 4.4.219 upstream stable release (LP: #1874045)
    - drm/bochs: downgrade pci_request_region failure from error to warning
    - ipv4: fix a RCU-list lock in fib_triestat_seq_show
    - net, ip_tunnel: fix interface lookup with no key
    - sctp: fix possibly using a bad saddr with a given dst
    - l2tp: Correctly return -EBADF from pppol2tp_getname.
    - net: l2tp: Make l2tp_ip6 namespace aware
    - l2tp: fix race in l2tp_recv_common()
    - l2tp: ensure session can't get removed during pppol2tp_session_ioctl()
    - l2tp: fix duplicate session creation
    - l2tp: Refactor the codes with existing macros instead of literal number
    - l2tp: ensure sessions are freed after their PPPOL2TP socket
    - l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
    - usb: gadget: uac2: Drop unused device qualifier descriptor
    - usb: gadget: printer: Drop unused device qualifier descriptor
    - padata: always acquire cpu_hotplug_lock before pinst->lock
    - mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
    - net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
    - random: always use batched entropy for get_random_u{32,64}
    - tools/accounting/getdelays.c: fix netlink attribute length
    - power: supply: axp288_charger: Fix unchecked return value
    - ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
    - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
    - Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
    - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
    - clk: qcom: rcg: Return failure for RCG update
    - drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
    - Linux 4.4.219

  * Xenial update: 4.4.218 upstream stable release (LP: #1873852)
    - spi: qup: call spi_qup_pm_resume_runtime before suspending
    - powerpc: Include .BTF section
    - ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
    - spi/zynqmp: remove entry that causes a cs glitch
    - drm/exynos: dsi: propagate error value and silence meaningless warning
    - drm/exynos: dsi: fix workaround for the legacy clock name
    - altera-stapl: altera_get_note: prevent write beyond end of 'key'
    - USB: Disable LPM on WD19's Realtek Hub
    - usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
    - USB: serial: option: add ME910G1 ECM composition 0x110b
    - usb: host: xhci-plat: add a shutdown
    - USB: serial: pl2303: add device-id for HP LD381
    - ALSA: line6: Fix endless MIDI read loop
    - ALSA: seq: virmidi: Fix running status after receiving sysex
    - ALSA: seq: oss: Fix running status after receiving sysex
    - ALSA: pcm: oss: Avoid plugin buffer overflow
    - ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
    - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
    - staging/speakup: fix get_word non-space look-ahead
    - intel_th: Fix user-visible error codes
    - rtc: max8907: add missing select REGMAP_IRQ
    - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
    - mm: slub: be more careful about the double cmpxchg of freelist
    - mm, slub: prevent kmalloc_node crashes and memory leaks
    - x86/mm: split vmalloc_sync_all()
    - USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
    - USB: cdc-acm: fix rounding error in TIOCSSERIAL
    - kbuild: Disable -Wpointer-to-enum-cast
    - futex: Fix inode life-time issue
    - futex: Unbreak futex hashing
    - arm64: smp: fix smp_send_stop() behaviour
    - Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
    - hsr: fix general protection fault in hsr_addr_is_self()
    - net: dsa: Fix duplicate frames flooded by learning
    - net_sched: cls_route: remove the right filter from hashtable
    - net_sched: keep alloc_hash updated after hash allocation
    - NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
    - slcan: not call free_netdev before rtnl_unlock in slcan_open
    - vxlan: check return value of gro_cells_init()
    - hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
    - hsr: add restart routine into hsr_get_node_list()
    - hsr: set .netnsok flag
    - vhost: Check docket sk_family instead of call getname
    - IB/ipoib: Do not warn if IPoIB debugfs doesn't exist
    - uapi glibc compat: fix outer guard of net device flags enum
    - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
    - drivers/hwspinlock: use correct radix tree API
    - net: ipv4: don't let PMTU updates increase route MTU
    - cpupower: avoid multiple definition with gcc -fno-common
    - dt-bindings: net: FMan erratum A050385
    - scsi: ipr: Fix softlockup when rescanning devices in petitboot
    - mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
    - sxgbe: Fix off by one in samsung driver strncpy size arg
    - i2c: hix5hd2: add missed clk_disable_unprepare in remove
    - perf probe: Do not depend on dwfl_module_addrsym()
    - scripts/dtc: Remove redundant YYLOC global declaration
    - scsi: sd: Fix optimal I/O size for devices that change reported values
    - mac80211: mark station unauthorized before key removal
    - genirq: Fix reference leaks on irq affinity notifiers
    - vti[6]: fix packet tx through bpf_redirect() in XinY cases
    - xfrm: fix uctx len check in verify_sec_ctx_len
    - xfrm: add the missing verify_sec_ctx

  linux (4.4.0-178.208) xenial; urgency=medium

  * xenial/linux: 4.4.0-178.208 -proposed tracker (LP: #1870660)

  * CVE-2019-19768
    - blktrace: Protect q->blk_trace with RCU
    - blktrace: fix dereference after null check

  * Multiple Kexec in AWS Nitro instances fail (LP: #1869948)
    - net: ena: Add PCI shutdown handler to allow safe kexec

  * Insert test_bpf module will report 4 failures for ubuntu_bpf_jit on X s390x
    (LP: #1768452)
    - test_bpf: flag tests that cannot be jited on s390

  * Mounting LVM snapshots with xfs can hit kernel BUG in nvme driver
    (LP: #1869229)
    - block: fix bio_will_gap() for first bvec with offset

  * Xenial update: 4.4.217 upstream stable release (LP: #1868629)
    - NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
    - r8152: check disconnect status after long sleep
    - net: nfc: fix bounds checking bugs on "pipe"
    - bnxt_en: reinitialize IRQs when MTU is modified
    - fib: add missing attribute validation for tun_id
    - nl802154: add missing attribute validation
    - nl802154: add missing attribute validation for dev_type
    - team: add missing attribute validation for port ifindex
    - team: add missing attribute validation for array index
    - nfc: add missing attribute validation for SE API
    - nfc: add missing attribute validation for vendor subcommand
    - ipvlan: add cond_resched_rcu() while processing muticast backlog
    - ipvlan: do not add hardware address of master to its unicast filter list
    - ipvlan: egress mcast packets are not exceptional
    - ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
    - ipvlan: don't deref eth hdr before checking it's set
    - macvlan: add cond_resched() during multicast processing
    - net: fec: validate the new settings in fec_enet_set_coalesce()
    - slip: make slhc_compress() more robust against malicious packets
    - bonding/alb: make sure arp header is pulled before accessing it
    - net: fq: add missing attribute validation for orphan mask
    - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn +
      add_taint
    - drm/amd/display: remove duplicated assignment to grph_obj_type
    - gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
    - KVM: x86: clear stale x86_emulate_ctxt->intercept value
    - ARC: define __ALIGN_STR and __ALIGN symbols for ARC
    - efi: Fix a race and a buffer overflow while reading efivars via sysfs
    - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
    - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
    - nl80211: add missing attribute validation for critical protocol indication
    - nl80211: add missing attribute validation for channel switch
    - netfilter: cthelper: add missing attribute validation for cthelper
    - iommu/vt-d: Fix the wrong printing in RHSA parsing
    - iommu/vt-d: Ignore devices with out-of-spec domain number
    - ipv6: restrict IPV6_ADDRFORM operation
    - efi: Add a sanity check to efivar_store_raw()
    - batman-adv: Fix invalid read while copying bat_iv.bcast_own
    - batman-adv: Only put gw_node list reference when removed
    - batman-adv: Only put orig_node_vlan list reference when removed
    - batman-adv: Avoid endless loop in bat-on-bat netdevice check
    - batman-adv: Fix unexpected free of bcast_own on add_if error
    - batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
    - batman-adv: init neigh node last seen field
    - batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown
    - batman-adv: Drop reference to netdevice on last reference
    - batman-adv: Fix reference counting of vlan object for tt_local_entry
    - batman-adv: Avoid duplicate neigh_node additions
    - batman-adv: fix skb deref after free
    - batman-adv: Fix use-after-free/double-free of tt_req_node
    - batman-adv: Fix ICMP RR ethernet access after skb_linearize
    - batman-adv: Clean up untagged vlan when destroying via rtnl-link
    - batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag
    - batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag
    - batman-adv: Fix orig_node_vlan leak on orig_node_release
    - batman-adv: lock crc access in bridge loop avoidance
    - batman-adv: Fix non-atomic bla_claim::backbone_gw access
    - batman-adv: Fix reference leak in batadv_find_router
    - batman-adv: Free last_bonding_candidate on release of orig_node
    - batman-adv: Fix speedy join in gateway client mode
    - batman-adv: Add missing refcnt for last_candidate
    - batman-adv: Fix double free during fragment merge error
    - batman-adv: Fix transmission of final, 16th fragment
    - batman-adv: Fix rx packet/bytes stats on local ARP reply
    - batman-adv: fix TT sync flag inconsistencies
    - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
    - batman-adv: Fix internal interface indices types
    - batman-adv: update data pointers after skb_cow()
    - batman-adv: Fix skbuff rcsum on packet reroute
    - batman-adv: Avoid race in TT TVLV allocator helper
    - batman-adv: Fix TT sync flags for intermediate TT responses
    - batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
    - batman-adv: Fix debugfs path for renamed hardif
    - batman-adv: Fix debugfs path for renamed softif
    - batman-adv: Avoid storing non-TT-sync flags on singular entries too
    - batman-adv: Prevent duplicated gateway_node entry
    - batman-adv: Prevent duplicated nc_node entry
    - batman-adv: Prevent duplicated global TT entry
    - batman-adv: Prevent duplicated tvlv handler
    - batman-adv: Reduce claim hash refcnt only for removed entry
    - batman-adv: Reduce tt_local hash refcnt only for removed entry
    - batman-adv: Reduce tt_global hash refcnt only for removed entry
    - batman-adv: Only read OGM tvlv_len after buffer len check
    - batman-adv: Avoid free/alloc race when handling OGM buffer
    - batman-adv: Don't schedule O

  linux (4.4.0-177.207) xenial; urgency=medium

  * xenial/linux: 4.4.0-177.207 -proposed tracker (LP: #1867243)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * Xenial update: 4.4.214 upstream stable release (LP: #1864775)
    - media: iguanair: fix endpoint sanity check
    - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
    - sparc32: fix struct ipc64_perm type definition
    - ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
    - cls_rsvp: fix rsvp_policy
    - net: hsr: fix possible NULL deref in hsr_handle_frame()
    - net_sched: fix an OOB access in cls_tcindex
    - tcp: clear tp->total_retrans in tcp_disconnect()
    - tcp: clear tp->segs_{in|out} in tcp_disconnect()
    - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
    - mfd: dln2: More sanity checking for endpoints
    - brcmfmac: Fix memory leak in brcmf_usbdev_qinit
    - usb: gadget: legacy: set max_speed to super-speed
    - usb: gadget: f_ncm: Use atomic_t to track in-flight request
    - usb: gadget: f_ecm: Use atomic_t to track in-flight request
    - ALSA: dummy: Fix PCM format loop in proc output
    - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
    - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
    - mmc: spi: Toggle SPI polarity, do not hardcode it
    - PCI: keystone: Fix link training retries initiation
    - crypto: api - Check spawn->alg under lock in crypto_drop_spawn
    - scsi: qla2xxx: Fix mtcp dump collection failure
    - power: supply: ltc2941-battery-gauge: fix use-after-free
    - of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
    - dm space map common: fix to ensure new block isn't already in use
    - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
    - crypto: api - Fix race condition in crypto_spawn_alg
    - crypto: picoxcell - adjust the position of tasklet_init and fix missed
      tasklet_kill
    - btrfs: set trans->drity in btrfs_commit_transaction
    - ARM: tegra: Enable PLLP bypass during Tegra124 LP1
    - mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
    - sunrpc: expiry_time should be seconds not timeval
    - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
    - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
    - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF
      attacks
    - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
    - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF
      attacks
    - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
    - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks
      in x86.c
    - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
    - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit()
      from Spectre-v1/L1TF attacks
    - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
    - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
    - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
    - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
    - scsi: csiostor: Adjust indentation in csio_device_reset
    - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
    - ext2: Adjust indentation in ext2_fill_super
    - powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
    - NFC: pn544: Adjust indentation in pn544_hci_check_presence
    - ppp: Adjust indentation into ppp_async_input
    - net: smc911x: Adjust indentation in smc911x_phy_configure
    - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
    - mfd: da9062: Fix watchdog compatible string
    - mfd: rn5t618: Mark ADC control register volatile
    - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
    - bonding/alb: properly access headers in bond_alb_xmit()
    - NFS: Fix memory leaks and corruption in readdir
    - NFS: Fix bool initialization/comparison
    - NFS: Directory page cache pages need to be locked when read
    - Btrfs: fix assertion failure on fsync with NO_HOLES enabled
    - btrfs: remove trivial locking wrappers of tree mod log
    - Btrfs: fix race between adding and putting tree mod seq elements and nodes
    - drm: atmel-hlcdc: enable clock before configuring timing engine
    - KVM: x86: drop picdev_in_range()
    - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
    - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
    - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
    - btrfs: flush write bio if we loop in extent_write_cache_pages
    - KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
    - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
    - KVM: nVMX: vmread should not set rflags to specify success in case of #PF
    - cifs: fail i/o on soft mounts if sessionsetup errors out
    - clocksource: Prevent double add_timer_on() for watchdog_timer
    - perf/core: Fix mlock accounting in perf_mmap()
    - ASoC: pcm: update FE/BE trigger order based on the command
    - scsi: ufs: Fix ufshcd_probe_hba() reture value in case
      ufshcd_scsi_add_wlus() fails
    - rtc: hym8563: Return -EINVAL if the time is known to be invalid
    - ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
    - ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
    - ARM: dts: at91: sama5d3: define clock rate range for tcb1
    - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce
      for DDW
    - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
    - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
    - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
    - l