UbuntuUpdates.org

Package "linux-kvm"

Name: linux-kvm

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0
  • Header files related to Linux kernel version 4.4.0

Latest version: 4.4.0-1027.32
Release: xenial (16.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "linux-kvm": https://www.ubuntuupdates.org/linux-kvm



Other versions of "linux-kvm" in Xenial

Repository Area Version
security main 4.4.0-1027.32
updates universe 4.4.0-1007.12
proposed main 4.4.0-1029.34
PPA: Canonical Kernel Team 4.4.0-1029.34

Packages in group

Deleted packages are displayed in grey.

linux-kvm-headers-4.4.0-1007 linux-kvm-headers-4.4.0-1008 linux-kvm-headers-4.4.0-1009 linux-kvm-headers-4.4.0-1010 linux-kvm-headers-4.4.0-1012
linux-kvm-headers-4.4.0-1013 linux-kvm-headers-4.4.0-1015 linux-kvm-headers-4.4.0-1017 linux-kvm-headers-4.4.0-1019 linux-kvm-headers-4.4.0-1020
linux-kvm-headers-4.4.0-1021 linux-kvm-headers-4.4.0-1023 linux-kvm-headers-4.4.0-1026 linux-kvm-headers-4.4.0-1027

Changelog

Version: 4.4.0-1027.32 2018-06-11 17:07:06 UTC

  linux-kvm (4.4.0-1027.32) xenial; urgency=medium

  * linux-kvm: 4.4.0-1027.32 -proposed tracker (LP: #1772964)

  * Xenial update to 4.4.129 stable release (LP: #1768429)
    - [Config] Remove ARCH_HWEIGHT_CFLAGS

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

  * test_072_config_debug_set_module_ronx in kernel security test failed with
    4.4 X-kvm (LP: #1760646)
    - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX

  * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

  * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

  * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
    kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760649)
    - kvm: [config] enable DEVMEM

  * test_076_config_security_acl_ext4 in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

  * test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

  * test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm
    (LP: #1760643)
    - [Config] enable CONFIG_DEBUG_RODATA

  [ Ubuntu: 4.4.0-128.154 ]

  * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)
  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.
  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines
  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking
  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation
  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces
  * [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames
  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377
  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC
  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: free buffers after reset
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: hda/realtek - Add some fixes for ALC233
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspe

Source diff to previous version
1768429 Xenial update to 4.4.129 stable release
1766832 test_140_kernel_modules_not_tainted in kernel security test failed with 4.15 kvm kernel
1760646 test_072_config_debug_set_module_ronx in kernel security test failed with 4.4 X-kvm
1760656 test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed with 4.4/4.15 kvm
1760653 test_077_config_security_ipsec in kernel security test failed with 4.4/4.15 kvm
1760648 test_072_config_strict_devmem in kernel security test failed with 4.4/4.15 kvm
1760649 test_072_strict_devmem in kernel security test failed with 4.4/4.15 kvm
1760652 test_076_config_security_acl_ext4 in kernel security test failed with 4.4/4.15 kvm
1760657 test_160_setattr_CVE_2015_1350 in kernel security test failed with 4.4/4.15 kvm
1760650 test_074_config_security_default_mmap_min_addr in kernel security test failed with 4.4/4.15 kvm
1760643 test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm
1770565 [i915_bpo] Fix flickering issue after panel change
1769696 [SRU][Bionic/Artful] fix false positives in W+X checking
1761674 [Ubuntu 16.04] kernel: fix rwlock implementation
1766573 linux \u003c 4.11: unable to use netfilter logging from non-init namespaces
1771439 [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04 guest
1748345 QCA9377 requires more IRAM banks for its new firmware
1752536 i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel 4.4.0-116-generic
1768825 Xenial update to 4.4.131 stable release
1768474 Xenial update to 4.4.130 stable release
1763748 Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in DELL XPS 13 9370 with firmware 1.50
1769671 [Xenial] Kernels OOPS when mwifiex is in AP mode
1750038 user space process hung in 'D' state waiting for disk io to complete
1766054 Acer Swift sf314-52 power button not managed
CVE-2018-3639 Speculative Store Bypass
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-8087 Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to caus

Version: 4.4.0-1026.31 2018-05-22 03:07:05 UTC

  linux-kvm (4.4.0-1026.31) xenial; urgency=medium

  * Xenial update to 4.4.118 stable release (LP: #1756866)
    - kvm: [config] Add CONFIG_DST_CACHE=y

  * getlogin will fail to open /proc/self/loginuid (LP: #1770245)
    - Config: Enable CONFIG_AUDITSYSCALL

  [ Ubuntu: 4.4.0-127.153 ]

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit
  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
    - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
    - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
    - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
    - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
      requested
    - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
    - SAUCE: prctl: Add speculation control prctls
    - x86/process: Optimize TIF checks in __switch_to_xtra()
    - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
    - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - SAUCE: nospec: Allow getting/setting on non-current task
    - SAUCE: proc: Provide details on speculation flaw mitigations
    - SAUCE: seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - SAUCE: x86/bugs: Make boot modes __ro_after_init
    - SAUCE: prctl: Add force disable speculation
    - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
    - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
    - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
    - SAUCE: seccomp: Move speculation migitation control to arch code
    - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
      Store Bypass
    - SAUCE: x86/bugs: Rename _RDS to _SSBD
    - SAUCE: proc: Use underscores for SSBD in 'status'
    - SAUCE: Documentation/spec_ctrl: Do some minor cleanups
    - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
    - SAUCE: x86/bugs: Make cpu_show_common() static
    - x86/entry: define _TIF_ALLWORK_MASK flags explicitly
    - Revert "x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
      microcodes"
    - SAUCE: kvm/cpuid: Fix CPUID_7_0.EDX handling

Source diff to previous version
1756866 Xenial update to 4.4.118 stable release
1770245 getlogin will fail to open /proc/self/loginuid
CVE-2018-3639 Speculative Store Bypass

Version: 4.4.0-1023.28 2018-05-09 01:07:51 UTC

  linux-kvm (4.4.0-1023.28) xenial; urgency=medium

  [ Ubuntu: 4.4.0-124.148 ]

  * CVE-2018-8897
    - x86/entry/64: Don't use IST entry for #BP stack
  * CVE-2018-1087
    - kvm/x86: fix icebp instruction handling
  * CVE-2018-1000199
    - perf/hwbp: Simplify the perf-hwbp code, fix documentation

  [ Ubuntu: 4.4.0-122.146 ]

  * linux: 4.4.0-122.146 -proposed tracker (LP: #1766264)
  * Redpine: WiFi scan stopping issue observed with BLE (LP: #1757435)
    - SAUCE: Redpine: resolve wifi scan stop issue in stress tests

  [ Ubuntu: 4.4.0-121.145 ]

  * linux: 4.4.0-121.145 -proposed tracker (LP: #1763687)
  * Ubuntu-4.4.0-120.144 fails to boot on arm64* hardware (LP: #1763644)
    - [Config] arm64: disable BPF_JIT_ALWAYS_ON

 -- Stefan Bader <email address hidden> Thu, 03 May 2018 16:01:08 +0200

Source diff to previous version
1757435 Redpine: WiFi scan stopping issue observed with BLE
1763644 Ubuntu-4.4.0-120.144 fails to boot on arm64* hardware
CVE-2018-8897 error in exception handling leads to DoS
CVE-2018-1087 error in exception handling leads to wrong debug stack value
CVE-2018-1000199 ptrace() incorrect error handling leads to corruption and DoS

Version: 4.4.0-1021.26 2018-04-23 14:09:04 UTC

  linux-kvm (4.4.0-1021.26) xenial; urgency=medium

  * linux-kvm: 4.4.0-1021.26 -proposed tracker (LP: #1761445)

  * linux-kvm VFIO support for Kata containers (LP: #1759421)
    - kvm: [config] Enable VFIO

  [ Ubuntu: 4.4.0-120.144 ]

  * linux: 4.4.0-120.144 -proposed tracker (LP: #1761438)
  * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
    image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread"
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
  * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
    install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
    - [Packaging] include the retpoline extractor in the headers
  * retpoline hints: primary infrastructure and initial hints (LP: #1758856)
    - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool
    - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit
    - x86/paravirt, objtool: Annotate indirect calls
    - x86/asm: Stop depending on ptrace.h in alternative.h
    - [Packaging] retpoline -- add safe usage hint support
    - [Packaging] retpoline-check -- only report additions
    - [Packaging] retpoline -- widen indirect call/jmp detection
    - [Packaging] retpoline -- elide %rip relative indirections
    - [Packaging] retpoline -- clear hint information from packages
    - SAUCE: modpost: add discard to non-allocatable whitelist
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
    - SAUCE: early/late -- annotate indirect calls in early/late initialisation
      code
    - SAUCE: vga_set_mode -- avoid jump tables
    - [Config] retpoline -- switch to new format
    - [Packaging] final-checks -- remove check for empty retpoline files
  * Xenial update to 4.4.117 stable release (LP: #1756860)
    - IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
    - PM / devfreq: Propagate error from devfreq_add_device()
    - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
    - ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
    - arm: spear600: Add missing interrupt-parent of rtc
    - arm: spear13xx: Fix dmas cells
    - arm: spear13xx: Fix spics gpio controller's warning
    - ALSA: seq: Fix regression by incorrect ioctl_mutex usages
    - KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(),
      by always inlining iterator helper methods
    - x86/cpu: Change type of x86_cache_size variable to unsigned int
    - drm/radeon: adjust tested variable
    - rtc-opal: Fix handling of firmware error codes, prevent busy loops
    - ext4: save error to disk in __ext4_grp_locked_error()
    - ext4: correct documentation for grpid mount option
    - mm: hide a #warning for COMPILE_TEST
    - video: fbdev: atmel_lcdfb: fix display-timings lookup
    - console/dummy: leave .con_font_get set to NULL
    - rtlwifi: rtl8821ae: Fix connection lost problem correctly
    - Btrfs: fix deadlock in run_delalloc_nocow
    - Btrfs: fix crash due to not cleaning up tree log block's dirty bits
    - Btrfs: fix unexpected -EEXIST when creating new inode
    - ALSA: hda - Fix headset mic detection problem for two Dell machines
    - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
    - ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
    - ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
    - ALSA: seq: Fix racy pool initializations
    - mvpp2: fix multicast address filter
    - dm: correctly handle chained bios in dec_pending()
    - x86: fix build warnign with 32-bit PAE
    - vfs: don't do RCU lookup of empty pathnames
    - ARM: pxa/tosa-bt: add MODULE_LICENSE tag
    - ARM: dts: s5pv210: add interrupt-parent for ohci
    - media: r820t: fix r820t_write_reg for KASAN
    - Linux 4.4.117
  * zfs system process hung on container stop/delete (LP: #1754584)
    - SAUCE: (noup) zfs to 0.6.5.6-0ubuntu19
    - SAUCE: Fix non-prefaulted page deadlock (LP: #1754584)
  * apparmor: fix bad __initdata tagging on, apparmor_initialized (LP: #1758471)
    - SAUCE: apparmor: fix bad __initdata tagging on, apparmor_initialized
  * Xenial update to 4.4.116 stable release (LP: #1756121)
    - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
    - powerpc/64: Fix flush_(d|i)cache_range() called from modules
    - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
    - powerpc: Simplify module TOC handling
    - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
    - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
    - net: cdc_ncm: initialize drvflags before usage
    - ASoC: simple-card: Fix misleading error message
    - ASoC: rsnd: don't call free_irq() on Parent SSI
    - ASoC: rsnd: avoid duplicate free_irq()
    - drm: rcar-du: Use the VBK interrupt for vblank events
    - drm: rcar-du: Fix race condition when disabling planes at CRTC stop
    - x86/asm: Fix inline asm call constraints for GCC 4.4
    - ip6mr: fix stale iterator
    - net: igmp: add a missing rcu locking section
    - qlcnic: fix deadlock bug
    - r8169: fix RTL8168EP take too long to complete driver initialization.
    - tcp: release sk_frag.page in tcp_disconnect
    - vhost_net: stop device during reset owner
    - media: soc_camera: soc_scale_crop: add missing
      MODULE_DESCRIPTION/AUTHOR/LICENSE
    - KEYS: encrypted: fix buffer overread in valid_master_desc()
    - don't put symlink bodies in pagecache into highmem
    - crypto: tcrypt - fix S/G table for test_aead_speed()
    - x86/microcode: Do the family check first
    - powerpc/ps

Source diff to previous version
1759421 linux-kvm VFIO support for Kata containers
1759920 intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-image-4.13.0-37-generic)
1760876 DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel
1758856 retpoline hints: primary infrastructure and initial hints
1756860 Xenial update to 4.4.117 stable release
1754584 zfs system process hung on container stop/delete
1758471 apparmor: fix bad __initdata tagging on, apparmor_initialized
1756121 Xenial update to 4.4.116 stable release
1723127 Intel i40e PF reset due to incorrect MDD detection (continues...)
1755509 Xenial update to 4.4.115 stable release
1752655 retpoline: ignore %cs:0xNNN constant indirections
1759821 Dell XPS 13 9360 bluetooth scan can not detect any device
1758869 Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty)
CVE-2017-5715 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2017-5754 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an at
CVE-2018-8043 The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availabilit

Version: 4.4.0-1020.25 2018-04-04 13:08:06 UTC

  linux-kvm (4.4.0-1020.25) xenial; urgency=medium

  * linux-kvm: 4.4.0-1020.25 -proposed tracker (LP: #1755219)

  * linux-kvm standard configs for Ubuntu Server workloads (LP: #1736561)
    - kvm: [config] enable NO_HZ_IDLE, HIGH_RES_TIMERS
    - kvm: [config] enable NUMA
    - kvm: [config] enable all CGROUPs
    - kvm: [config] enable all CONFIG_RD decompressors
    - kvm: [config] enable COREDUMP
    - kvm: [config] enable X86_X2APIC
    - kvm: [config] enable PREEMPT_VOLUNTARY
    - kvm: [config] enable HOTPLUG_CPU
    - kvm: [config] enable BLK_DEV_SD
    - kvm: [config] enable ATA, PATA, SATA
    - kvm: [config] enable BONDING, MACVLAN, TUN, VETH
    - kvm: [config] enable HW_RANDOM_{AMD,INTEL,TIMERIOMEM}
    - kvm: [config] enable EFI_VARS
    - kvm: [config] enable SQUASHFS
    - kvm: [retpoline] add new retpoline call sites

  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - kvm: [config] enable X86_VSYSCALL_EMULATION

  * Xenial update to 4.4.110 stable release (LP: #1745071)
    - [config] updateconfigs for master changes

  * linux-kvm configs for Kata containers (LP: #1752147)
    - kvm: [config] Enable PCI Hotplug
    - kvm: [config] Add support for DPDK
    - kvm: [config] Enable DAX
    - kvm: [config] Enable 9P fs

  [ Ubuntu: 4.4.0-117.141 ]

  * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)
  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - reiserfs: don't preallocate blocks for extended attributes
    - reiserfs: Don't clear SGID when inheriting ACLs
    - fs/fcntl: f_setown, avoid undefined behaviour
    - scsi: libiscsi: fix shifting of DID_REQUEUE host byte
    - Input: trackpoint - force 3 buttons if 0 button is reported
    - usb: usbip: Fix possible deadlocks reported by lockdep
    - usbip: fix stub_rx: get_pipe() to validate endpoint number
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
    - usbip: prevent leaking socket pointer address in messages
    - um: link vmlinux with -no-pie
    - vsyscall: Fix permissions for emulate mode with KAISER/PTI
    - eventpoll.h: add missing epoll event masks
    - x86/microcode/intel: Extend BDW late-loading further with LLC size check
    - hrtimer: Reset hrtimer cpu base proper on CPU hotplug
    - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
    - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
    - ipv6: fix udpv6 sendmsg crash caused by too small MTU
    - ipv6: ip6_make_skb() needs to clear cork.base.dst
    - lan78xx: Fix failure in USB Full Speed
    - net: igmp: fix source address check for IGMPv3 reports
    - tcp: __tcp_hdrlen() helper
    - net: qdisc_pkt_len_init() should be more robust
    - pppoe: take ->needed_headroom of lower device into account on xmit
    - r8169: fix memory corruption on retrieval of hardware statistics.
    - sctp: do not allow the v4 socket to bind a v4mapped v6 address
    - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
    - vmxnet3: repair memory leak
    - net: Allow neigh contructor functions ability to modify the primary_key
    - ipv4: Make neigh lookup keys for loopback/point-to-point devices be
      INADDR_ANY
    - flow_dissector: properly cap thoff field
    - net: tcp: close sock if net namespace is exiting
    - nfsd: auth: Fix gid sorting when rootsquash enabled
    - Linux 4.4.114
  * Xenial update to 4.4.113 stable release (LP: #1754375)
    - gcov: disable for COMPILE_TEST
    - scsi: sg: disable SET_FORCE_LOW_DMA
    - futex: Prevent overflow by strengthen input validation
    - ALSA: pcm: Remove yet superfluous WARN_O

1736561 linux-kvm standard configs for Ubuntu Server workloads
1754592 Xenial update to 4.4.114 stable release
1745071 Xenial update to 4.4.110 stable release
1752147 linux-kvm configs for Kata containers
1754375 Xenial update to 4.4.113 stable release
1754076 i2c-thunderx: erroneous error message \
1750810 qeth: fix calculation of required buffer elements for skb
1745130 Support rfkill-any led trigger for Fujitsu u727
1753438 Redpine: Sometimes Wi-Fi connection shows \
1753439 Redpine: BLE scanning for nearby beacons per second is too low and result high loss rate.
1750568 qeth: check not more than 16 SBALEs on the completion queue
1750813 qeth: fix L3 next-hop im xmit qeth hdr
1744754 qemu-efi-aarch64 in \u003e= artful can't boot xenial cloud images
1747896 OOM and High CPU utilization in update_blocked_averages because of too many cfs_rqs in rq-\u003eleaf_cfs_rq_list
1748922 linux-tools: perf incorrectly linking libbfd
1751021 retpoline abi files are empty on i386
1715519 bnx2x_attn_int_deasserted3:4323 MC assert!
1729674 TB16 dock ethernet corrupts data with hw checksum silently failing
1744078 linux \u003c 4.8: x-netns vti is broken
1745266 Xenial update to 4.4.112 stable release
1745263 Xenial update to 4.4.111 stable release
1745364 x86/net/bpf: return statement missing value
1744736 Ubuntu 16.04 - s390/cpuinfo: show facilities as reported by stfle
1745069 Xenial update to 4.4.109 stable release
1745054 Xenial update to 4.4.108 stable release
1745052 Xenial update to 4.4.107 stable release
1745047 Xenial update to 4.4.106 stable release
1745046 Xenial update to 4.4.105 stable release
1745043 Xenial update to 4.4.104 stable release
1744873 Xenial update to 4.4.103 stable release
1736954 ppc64el: Do not call ibm,os-term on panic
1744870 Xenial update to 4.4.102 stable release
1744794 Xenial update to 4.4.101 stable release
1744639 Xenial update to 4.4.100 stable release
1744636 Xenial update to 4.4.99 stable release
1733605 elantech touchpad of Lenovo L480/580 failed to detect hw_version
1737176 Disabling zfs does not always disable module checks for the zfs modules
1735977 Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
1724614 [KVM] Lower the default for halt_poll_ns to 200000 ns
1744077 $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted
1742090 Redpine: Wifi/BT not functioning after s3 resume
1742094 [16.04][classic] Redpine: wowlan feature doesn't work
1664602 Using an NVMe drive causes huge power drain
1705748 Samsung SSD 960 EVO 500GB refused to change power state
1738219 the kernel is blackholing IPv6 packets to linkdown nexthops
1729145 /dev/bcache/by-uuid links not created after reboot
1730550 e1000e in 4.4.0-97-generic breaks 82574L under heavy load.
1736317 ath10k: enhance rf signal strength
1720228 User reports excessive ALUA retry messages
1734757 Add installer support for new Broadcom network drivers.
1703742 Transparent hugepages should default to enabled=madvise
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi



About   -   Send Feedback to @ubuntu_updates