Package "linux-kvm"

  linux-kvm (4.4.0-1066.73) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1066.73 -proposed tracker (LP: #1861110)

  [ Ubuntu: 4.4.0-174.204 ]

  * xenial/linux: 4.4.0-174.204 -proposed tracker (LP: #1861122)
  * Xenial update: 4.4.211 upstream stable release (LP: #1860681)
    - hidraw: Return EPOLLOUT from hidraw_poll
    - HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
    - HID: hidraw, uhid: Always report EPOLLOUT
    - cfg80211/mac80211: make ieee80211_send_layer2_update a public function
    - mac80211: Do not send Layer 2 Update frame before authorization
    - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
    - p54usb: Fix race between disconnect and firmware loading
    - ALSA: line6: Fix write on zero-sized buffer
    - ALSA: line6: Fix memory leak at line6_init_pcm() error path
    - xen: let alloc_xenballooned_pages() fail if not enough memory free
    - wimax: i2400: fix memory leak
    - wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
    - ext4: fix use-after-free race with debug_want_extra_isize
    - ext4: add more paranoia checking in ext4_expand_extra_isize handling
    - rtc: mt6397: fix alarm register overwrite
    - iommu: Remove device link to group on failure
    - gpio: Fix error message on out-of-range GPIO in lookup table
    - hsr: reset network header when supervision frame is created
    - cifs: Adjust indentation in smb2_open_file
    - RDMA/srpt: Report the SCSI residual to the initiator
    - scsi: enclosure: Fix stale device oops with hot replug
    - scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
    - platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
    - iio: imu: adis16480: assign bias value only if operation succeeded
    - mei: fix modalias documentation
    - clk: samsung: exynos5420: Preserve CPU clocks configuration during
      suspend/resume
    - compat_ioctl: handle SIOCOUTQNSD
    - tty: serial: imx: use the sg count from dma_map_sg
    - tty: serial: pch_uart: correct usage of dma_unmap_sg
    - media: exynos4-is: Fix recursive locking in isp_video_release()
    - spi: atmel: fix handling of cs_change set on non-last xfer
    - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
    - rtc: msm6242: Fix reading of 10-hour digit
    - rseq/selftests: Turn off timeout setting
    - hexagon: work around compiler crash
    - ocfs2: call journal flush to mark journal as empty after journal recovery
      when mount
    - ALSA: seq: Fix racy access for queue timer in proc read
    - Fix built-in early-load Intel microcode alignment
    - block: fix an integer overflow in logical block size
    - USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
    - USB: serial: opticon: fix control-message timeouts
    - USB: serial: suppress driver bind attributes
    - USB: serial: ch341: handle unbound port at reset_resume
    - USB: serial: io_edgeport: add missing active-port sanity check
    - USB: serial: quatech2: handle unbound ports
    - scsi: mptfusion: Fix double fetch bug in ioctl
    - usb: core: hub: Improved device recognition on remote wakeup
    - x86/efistub: Disable paging at mixed mode entry
    - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
    - net: stmmac: 16KB buffer must be 16 byte aligned
    - net: stmmac: Enable 16KB buffer size
    - USB: serial: io_edgeport: use irqsave() in USB's complete callback
    - USB: serial: io_edgeport: handle unbound ports on URB completion
    - USB: serial: keyspan: handle unbound ports
    - scsi: fnic: use kernel's '%pM' format option to print MAC
    - scsi: fnic: fix invalid stack access
    - arm64: dts: agilex/stratix10: fix pmu interrupt numbers
    - netfilter: fix a use-after-free in mtype_destroy()
    - batman-adv: Fix DAT candidate selection on little endian systems
    - macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
    - r8152: add missing endpoint sanity check
    - tcp: fix marked lost packets not being retransmitted
    - net: usb: lan78xx: limit size of local TSO packets
    - xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
    - cw1200: Fix a signedness bug in cw1200_load_firmware()
    - cfg80211: check for set_wiphy_params
    - scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
    - scsi: qla4xxx: fix double free bug
    - scsi: bnx2i: fix potential use after free
    - scsi: target: core: Fix a pr_debug() argument
    - scsi: core: scsi_trace: Use get_unaligned_be*()
    - perf probe: Fix wrong address verification
    - regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
    - Linux 4.4.211
  * Xenial update: 4.4.210 upstream stable release (LP: #1859865)
    - chardev: Avoid potential use-after-free in 'chrdev_open()'
    - usb: chipidea: host: Disable port power only if previously enabled
    - ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
    - kernel/trace: Fix do not unregister tracepoints when register
      sched_migrate_task fail
    - tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
    - HID: Fix slab-out-of-bounds read in hid_field_extract
    - HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
    - HID: hid-input: clear unmapped usages
    - Input: add safety guards to input_set_keycode()
    - drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
    - can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
    - can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling
      to irq mode
    - can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing
      CAN sk_buffs
    - staging: vt6656: set usb_set_intfdata on driver fail.
    - USB: serial: option: add ZLP support for 0x1bc7/0x9010
    - usb: musb: Disable pullup at init
    - usb: musb: dma: Correct parameter passed to IRQ handler
    - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
    - tty: lin

  linux-kvm (4.4.0-1065.72) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1065.72 -proposed tracker (LP: #1858584)

  [ Ubuntu: 4.4.0-172.202 ]

  * xenial/linux: 4.4.0-172.202 -proposed tracker (LP: #1858594)
  * tools/perf fails to build after Xenial update to 4.4.208 upstream stable
    release (LP: #1858798)
    - Revert "perf report: Add warning when libunwind not compiled in"
  * CVE-2019-18885
    - btrfs: refactor btrfs_find_device() take fs_devices as argument
    - btrfs: merge btrfs_find_device and find_device
  * Integrate Intel SGX driver into linux-azure (LP: #1844245)
    - [Packaging] Add systemd service to load intel_sgx
  * Xenial update: 4.4.208 upstream stable release (LP: #1858462)
    - btrfs: do not leak reloc root if we fail to read the fs root
    - btrfs: handle ENOENT in btrfs_uuid_tree_iterate
    - ALSA: hda/ca0132 - Keep power on during processing DSP response
    - ALSA: hda/ca0132 - Avoid endless loop
    - drm: mst: Fix query_payload ack reply struct
    - iio: light: bh1750: Resolve compiler warning and make code more readable
    - spi: Add call to spi_slave_abort() function when spidev driver is released
    - staging: rtl8188eu: fix possible null dereference
    - rtlwifi: prevent memory leak in rtl_usb_probe
    - IB/iser: bound protection_sg size by data_sg size
    - media: am437x-vpfe: Setting STD to current value is not an error
    - media: i2c: ov2659: fix s_stream return value
    - media: i2c: ov2659: Fix missing 720p register config
    - media: ov6650: Fix stored frame format not in sync with hardware
    - tools/power/cpupower: Fix initializer override in hsw_ext_cstates
    - usb: renesas_usbhs: add suspend event support in gadget mode
    - hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
    - regulator: max8907: Fix the usage of uninitialized variable in
      max8907_regulator_probe()
    - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
    - samples: pktgen: fix proc_cmd command result check logic
    - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
    - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
    - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence
      number
    - media: ti-vpe: vpe: Make sure YUYV is set as default format
    - extcon: sm5502: Reset registers during initialization
    - x86/mm: Use the correct function type for native_set_fixmap()
    - perf report: Add warning when libunwind not compiled in
    - iio: adc: max1027: Reset the device at probe time
    - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
    - drm/gma500: fix memory disclosures due to uninitialized bytes
    - x86/ioapic: Prevent inconsistent state when moving an interrupt
    - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
    - libata: Ensure ata_port probe has completed before detach
    - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
    - bnx2x: Fix PF-VF communication over multi-cos queues.
    - spi: img-spfi: fix potential double release
    - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
    - perf probe: Fix to find range-only function instance
    - perf probe: Fix to list probe event with correct line number
    - perf probe: Walk function lines in lexical blocks
    - perf probe: Fix to probe an inline function which has no entry pc
    - perf probe: Fix to show ranges of variables in functions without entry_pc
    - perf probe: Fix to show inlined function callsite without entry_pc
    - perf probe: Skip overlapped location on searching variables
    - perf probe: Return a better scope DIE if there is no best scope
    - perf probe: Fix to show calling lines of inlined functions
    - perf probe: Skip end-of-sequence and non statement lines
    - perf probe: Filter out instances except for inlined subroutine and
      subprogram
    - ath10k: fix get invalid tx rate for Mesh metric
    - media: pvrusb2: Fix oops on tear-down when radio support is not present
    - media: si470x-i2c: add missed operations in remove
    - EDAC/ghes: Fix grain calculation
    - spi: pxa2xx: Add missed security checks
    - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
    - parport: load lowlevel driver if ports not found
    - cpufreq: Register drivers only after CPU devices have been registered
    - x86/crash: Add a forward declaration of struct kimage
    - spi: tegra20-slink: add missed clk_unprepare
    - btrfs: don't prematurely free work in end_workqueue_fn()
    - iwlwifi: check kasprintf() return value
    - fbtft: Make sure string is NULL terminated
    - crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
    - crypto: vmx - Avoid weird build failures
    - libtraceevent: Fix memory leakage in copy_filter_type
    - net: phy: initialise phydev speed and duplex sanely
    - Revert "mmc: sdhci: Fix incorrect switch to HS mode"
    - usb: xhci: Fix build warning seen with CONFIG_PM=n
    - btrfs: do not call synchronize_srcu() in inode_tree_del
    - btrfs: return error pointer from alloc_test_extent_buffer
    - btrfs: abort transaction after failed inode updates in create_subvol
    - Btrfs: fix removal logic of the tree mod log that leads to use-after-free
      issues
    - ALSA: pcm: Avoid possible info leaks from PCM stream buffers
    - af_packet: set defaule value for tmo
    - fjes: fix missed check in fjes_acpi_add
    - mod_devicetable: fix PHY module format
    - net: hisilicon: Fix a BUG trigered by wrong bytes_compl
    - net: nfc: nci: fix a possible sleep-in-atomic-context bug in
      nci_uart_tty_receive()
    - net: qlogic: Fix error paths in ql_alloc_large_buffers()
    - net: usb: lan78xx: Fix suspend/resume PHY register access error
    - sctp: fully initialize v4 addr in some functions
    - net: dst: Force 4-byte alignment of dst_metrics
    - usbip: Fix error path of vhci_recv_ret_submit()
    - USB: EHCI: Do not return -EPIPE when hub is disconnected

  linux-kvm (4.4.0-1064.71) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1064.71 -proposed tracker (LP: #1854826)

  * backport DIMLIB (lib/dim/) to pre-5.2 kernels (LP: #1852637)
    - kvm: [CONFIG] updateconfigs for DIMLIB

  [ Ubuntu: 4.4.0-171.200 ]

  * xenial/linux: 4.4.0-171.200 -proposed tracker (LP: #1854835)
  * CVE-2019-14901
    - SAUCE: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
  * CVE-2019-14896 // CVE-2019-14897
    - SAUCE: libertas: Fix two buffer overflows at parsing bss descriptor
  * CVE-2019-14895
    - SAUCE: mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
  * CVE-2019-18660: patches for Ubuntu (LP: #1853142) // CVE-2019-18660
    - powerpc/64s: support nospectre_v2 cmdline option
    - powerpc/book3s64: Fix link stack flush on context switch
    - KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
  * cloudimg: no iavf/i40evf module so no network available with SR-IOV enabled
    cloud (LP: #1848481)
    - [Packaging]: include i40evf in generic
  * update ENA driver for DIMLIB dynamic interrupt moderation (LP: #1853180)
    - net: ena: fix bug that might cause hang after consecutive open/close
      interface.
    - net: ena: add intr_moder_rx_interval to struct ena_com_dev and use it
    - net: ena: switch to dim algorithm for rx adaptive interrupt moderation
    - net: ena: reimplement set/get_coalesce()
    - net: ena: enable the interrupt_moderation in driver_supported_features
    - net: ena: remove code duplication in
      ena_com_update_nonadaptive_moderation_interval _*()
    - net: ena: remove old adaptive interrupt moderation code from ena_netdev
    - net: ena: remove ena_restore_ethtool_params() and relevant fields
    - net: ena: remove all old adaptive rx interrupt moderation code from ena_com
    - net: ena: fix update of interrupt moderation register
    - net: ena: fix retrieval of nonadaptive interrupt moderation intervals
    - net: ena: fix incorrect update of intr_delay_resolution
    - net: ena: Select DIMLIB for ENA_ETHERNET
    - SAUCE: net: ena: fix issues in setting interrupt moderation params in
      ethtool
    - SAUCE: net: ena: fix too long default tx interrupt moderation interval
  * backport DIMLIB (lib/dim/) to pre-5.2 kernels (LP: #1852637)
    - include/linux/bitops.h: introduce BITS_PER_TYPE
    - linux/kernel.h: move DIV_ROUND_DOWN_ULL() macro
    - [Config] enable DIMLIB
    - linux/dim: import DIMLIB (lib/dim/)
    - SAUCE: linux/dim: avoid library object filename clash
  * Enable framebuffer fonts auto selection for HighDPI screen (LP: #1851623)
    - fonts: Fix coding style
    - fonts: Prefer a bigger font for high resolution screens
  * Xenial update: 4.4.203 upstream stable release (LP: #1853881)
    - slip: Fix memory leak in slip_open error path
    - ax88172a: fix information leak on short answers
    - ALSA: usb-audio: Fix missing error check at mixer resolution test
    - ALSA: usb-audio: not submit urb for stopped endpoint
    - Input: ff-memless - kill timer in destroy()
    - ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
    - ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
    - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
    - mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
    - mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
    - mmc: sdhci-of-at91: fix quirk2 overwrite
    - iio: dac: mcp4922: fix error handling in mcp4922_write_raw
    - ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
    - ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45
    - ALSA: seq: Do error checks at creating system ports
    - gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
    - ASoC: dpcm: Properly initialise hw->rate_max
    - MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3
    - ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook
    - i40e: use correct length for strncpy
    - i40e: hold the rtnl lock on clearing interrupt scheme
    - i40e: Prevent deleting MAC address from VF when set by PF
    - ARM: dts: pxa: fix power i2c base address
    - rtl8187: Fix warning generated when strncpy() destination length matches the
      sixe argument
    - net: lan78xx: Bail out if lan78xx_get_endpoints fails
    - ASoC: sgtl5000: avoid division by zero if lo_vag is zero
    - ath10k: wmi: disable softirq's while calling ieee80211_rx
    - mips: txx9: fix iounmap related issue
    - of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC
    - ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in
      other DTS files
    - ARM: dts: omap3-gta04: tvout: enable as display1 alias
    - ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot
    - ARM: dts: omap3-gta04: keep vpll2 always on
    - dmaengine: dma-jz4780: Further residue status fix
    - signal: Always ignore SIGKILL and SIGSTOP sent to the global init
    - signal: Properly deliver SIGILL from uprobes
    - signal: Properly deliver SIGSEGV from x86 uprobes
    - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
    - ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set
    - scsi: pm80xx: Corrected dma_unmap_sg() parameter
    - scsi: pm80xx: Fixed system hang issue during kexec boot
    - kprobes: Don't call BUG_ON() if there is a kprobe in use on free list
    - nvmem: core: return error code instead of NULL from nvmem_device_get
    - media: fix: media: pci: meye: validate offset to avoid arbitrary access
    - ALSA: intel8x0m: Register irq handler after register initializations
    - pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map()
    - llc: avoid blocking in llc_sap_close()
    - powerpc/vdso: Correct call frame information
    - ARM: dts: socfpga: Fix I2C bus unit-address error
    - pinctrl: at91: don't use the same irqchip with multiple gpio

  linux-kvm (4.4.0-1063.70) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1063.70 -proposed tracker (LP: #1852298)

  [ Ubuntu: 4.4.0-170.199 ]

  * xenial/linux: 4.4.0-170.199 -proposed tracker (LP: #1852306)
  * update ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: fix: set freed objects to NULL to avoid failing future allocations
    - net: ena: fix swapped parameters when calling
      ena_com_indirect_table_fill_entry
    - net: ena: fix: Free napi resources when ena_up() fails
    - net: ena: fix incorrect test of supported hash function
    - net: ena: fix return value of ena_com_config_llq_info()
    - net: ena: improve latency by disabling adaptive interrupt moderation by
      default
    - net: ena: fix ena_com_fill_hash_function() implementation
    - net: ena: add handling of llq max tx burst size
    - net: ena: ethtool: add extra properties retrieval via get_priv_flags
    - net: ena: replace free_tx/rx_ids union with single free_ids field in
      ena_ring
    - net: ena: arrange ena_probe() function variables in reverse christmas tree
    - net: ena: add newline at the end of pr_err prints
    - net: ena: allow automatic fallback to polling mode
    - net: ena: add support for changing max_header_size in LLQ mode
    - net: ena: optimise calculations for CQ doorbell
    - net: ena: add good checksum counter
    - net: ena: use dev_info_once instead of static variable
    - net: ena: add MAX_QUEUES_EXT get feature admin command
    - net: ena: enable negotiating larger Rx ring size
    - net: ena: make ethtool show correct current and max queue sizes
    - net: ena: allow queue allocation backoff when low on memory
    - net: ena: add ethtool function for changing io queue sizes
    - net: ena: remove inline keyword from functions in *.c
    - net: ena: update driver version from 2.0.3 to 2.1.0
    - net: ena: Fix bug where ring allocation backoff stopped too late
    - Revert "net: ena: ethtool: add extra properties retrieval via
      get_priv_flags"
    - net: ena: don't wake up tx queue when down
    - net: ena: clean up indentation issue
  * Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700) // update
    ENA driver to version 2.1.0 (LP: #1850175)
    - net: ena: gcc 8: fix compilation warning
  * Skip frame when buffer overflow on UVC camera (LP: #1849871)
    - media: uvcvideo: Mark buffer error where overflow
  * CVE-2018-20784
    - sched/fair: Fix infinite loop in update_blocked_averages() by reverting
      a9e7f6544b9c
    - sched/fair: Fix hierarchical order in rq->leaf_cfs_rq_list
    - sched/fair: Add tmp_alone_branch assertion
    - sched/fair: Fix insertion in rq->leaf_cfs_rq_list
    - sched/fair: Optimize update_blocked_averages()
    - sched/fair: Fix O(nr_cgroups) in the load balancing path
  * Xenial update: 4.4.200 upstream stable release (LP: #1852110)
    - kbuild: add -fcf-protection=none when using retpoline flags
    - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
    - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe()
      could be uninitialized
    - ASoc: rockchip: i2s: Fix RPM imbalance
    - ARM: dts: logicpd-torpedo-som: Remove twl_keypad
    - ARM: mm: fix alignment handler faults under memory pressure
    - scsi: sni_53c710: fix compilation error
    - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
    - perf kmem: Fix memory leak in compact_gfp_flags()
    - scsi: target: core: Do not overwrite CDB byte 1
    - of: unittest: fix memory leak in unittest_data_add
    - MIPS: bmips: mark exception vectors as char arrays
    - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
    - dccp: do not leak jiffies on the wire
    - net: fix sk_page_frag() recursion from memory reclaim
    - net: hisilicon: Fix ping latency when deal with high throughput
    - SAUCE: Revert "net: Zeroing the structure ethtool_wolinfo in
      ethtool_get_wol()"
    - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
    - net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
    - vxlan: check tun_info options_len properly
    - net/mlx4_core: Dynamically set guaranteed amount of counters per VF
    - inet: stop leaking jiffies on the wire
    - net/flow_dissector: switch to siphash
    - dmaengine: qcom: bam_dma: Fix resource leak
    - ARM: 8051/1: put_user: fix possible data corruption in put_user
    - ARM: 8478/2: arm/arm64: add arm-smccc
    - ARM: 8479/2: add implementation for arm-smccc
    - ARM: 8480/2: arm64: add implementation for arm-smccc
    - ARM: 8481/2: drivers: psci: replace psci firmware calls
    - ARM: uaccess: remove put_user() code duplication
    - ARM: Move system register accessors to asm/cp15.h
    - arm/arm64: KVM: Advertise SMCCC v1.1
    - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
    - firmware/psci: Expose PSCI conduit
    - firmware/psci: Expose SMCCC version through psci_ops
    - arm/arm64: smccc: Make function identifiers an unsigned quantity
    - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
    - arm/arm64: smccc: Add SMCCC-specific return codes
    - arm/arm64: smccc-1.1: Make return values unsigned long
    - arm/arm64: smccc-1.1: Handle function result as parameters
    - ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
    - ARM: bugs: prepare processor bug infrastructure
    - ARM: bugs: hook processor bug checking into SMP and suspend paths
    - ARM: bugs: add support for per-processor bug checking
    - ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
    - ARM: spectre-v2: harden branch predictor on context switches
    - ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
    - ARM: spectre-v2: harden user aborts in kernel space
    - ARM: spectre-v2: add firmware based hardening
    - ARM: spectre-v2: warn about incorrect context switching functions
    - ARM: spectre-v1: add speculation barr

  linux-kvm (4.4.0-1062.69) xenial; urgency=medium

  * CVE-2019-11135
    - [Config] Disable TSX by default when possible

  [ Ubuntu: 4.4.0-168.197 ]

  * CVE-2018-12207
    - KVM: x86: MMU: Encapsulate the type of rmap-chain head in a new struct
    - KVM: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault()
    - KVM: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault()
    - KVM: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed
    - KVM: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value
    - KVM: x86: MMU: Move initialization of parent_ptes out from
      kvm_mmu_alloc_page()
    - KVM: x86: MMU: always set accessed bit in shadow PTEs
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
      link_shadow_page()
    - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page()
    - KVM: x86: simplify ept_misconfig
    - KVM: x86: extend usage of RET_MMIO_PF_* constants
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: i915_bpo: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: i915_bpo: drm/i915/gen8+: Add RC6 CTX corruption WA
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - SAUCE: i915_bpo: drm/i915/gtt: Add read only pages to gen8_pte_encode
    - SAUCE: i915_bpo: drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - SAUCE: i915_bpo: drm/i915/gtt: Disable read-only support under GVT
    - SAUCE: i915_bpo: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: i915_bpo: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: i915_bpo: drm/i915/cmdparser: Use binary search for faster register
      lookup
    - SAUCE: i915_bpo: drm/i915/cmdparser: Check reg_table_count before
      derefencing.
    - SAUCE: i915_bpo: drm/i915: Remove Master tables from cmdparser
    - SAUCE: i915_bpo: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: i915_bpo: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: i915_bpo: drm/i915: Allow parsing of unsized batches
    - SAUCE: i915_bpo: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: i915_bpo: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: i915_bpo: drm/i915/cmdparser: Ignore Length operands during command
      matching