Package "linux-kvm"

  linux-kvm (4.4.0-1090.99) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1090.99 -proposed tracker (LP: #1919235)

  [ Ubuntu: 4.4.0-206.238 ]

  * xenial/linux: 4.4.0-206.238 -proposed tracker (LP: #1919242)
  * CVE-2021-27365
    - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
    - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
    - scsi: iscsi: Verify lengths on passthrough PDUs
  * CVE-2021-27363 // CVE-2021-27364
    - scsi: iscsi: Restrict sessions and handles to admin capabilities

 -- Khalid Elmously <email address hidden> Wed, 17 Mar 2021 01:19:00 -0400

  linux-kvm (4.4.0-1089.98) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1089.98 -proposed tracker (LP: #1916215)

  [ Ubuntu: 4.4.0-204.236 ]

  * xenial/linux: 4.4.0-204.236 -proposed tracker (LP: #1916222)
  * Xenial update: v4.4.254 upstream stable release (LP: #1914648)
    - ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
    - ALSA: hda/via: Add minimum mute flag
    - ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
    - dm: avoid filesystem lookup in dm_get_dev_t()
    - ASoC: Intel: haswell: Add missing pm_ops
    - scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
    - drm/nouveau/bios: fix issue shadowing expansion ROMs
    - drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
    - can: dev: can_restart: fix use after free bug
    - iio: ad5504: Fix setting power-down state
    - ehci: fix EHCI host controller initialization sequence
    - usb: bdc: Make bdc pci driver depend on BROKEN
    - [Config] updateconfigs for USB_BDC_PCI
    - xhci: make sure TRB is fully written before giving it to the controller
    - compiler.h: Raise minimum version of GCC to 5.1 for arm64
    - netfilter: rpfilter: mask ecn bits before fib lookup
    - sh: dma: fix kconfig dependency for G2_DMA
    - sh_eth: Fix power down vs. is_opened flag ordering
    - skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
    - ipv6: create multicast route with RTPROT_KERNEL
    - net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
    - Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
    - tracing: Fix race in trace_open and buffer resize call
    - xen-blkback: set ring->xenblkd to NULL after kthread_stop()
    - x86/boot/compressed: Disable relocation relaxation
    - Linux 4.4.254
  * Xenial update: v4.4.253 upstream stable release (LP: #1914647)
    - ASoC: dapm: remove widget from dirty list on free
    - mm/hugetlb: fix potential missing huge page size info
    - ext4: fix bug for rename with RENAME_WHITEOUT
    - ARC: build: add boot_targets to PHONY
    - ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
    - arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
    - misdn: dsp: select CONFIG_BITREVERSE
    - net: ethernet: fs_enet: Add missing MODULE_LICENSE
    - ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
    - ARM: picoxcell: fix missing interrupt-parent properties
    - Input: uinput - avoid FF flush when destroying device
    - dump_common_audit_data(): fix racy accesses to ->d_name
    - NFS: nfs_igrab_and_active must first reference the superblock
    - ext4: fix superblock checksum failure when setting password salt
    - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
    - mm, slub: consider rest of partial list if acquire_slab() fails
    - net: sunrpc: interpret the return value of kstrtou32 correctly
    - usb: ohci: Make distrust_firmware param default to false
    - iio: buffer: Fix demux update
    - nfsd4: readdirplus shouldn't return parent of export
    - net: cdc_ncm: correct overhead in delayed_ndp_size
    - netxen_nic: fix MSI/MSI-x interrupts
    - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
    - net: dcb: Validate netlink message in DCB handler
    - net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
    - net: sit: unregister_netdevice on newlink's error path
    - rxrpc: Fix handling of an unsupported token type in rxrpc_read()
    - net: avoid 32 x truesize under-estimation for tiny skbs
    - spi: cadence: cache reference clock rate during probe
    - Linux 4.4.253
  * Xenial update: v4.4.252 upstream stable release (LP: #1913479)
    - Revert "UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup"
    - target: add XCOPY target/segment desc sense codes
    - target: bounds check XCOPY segment descriptor list
    - target: use XCOPY segment descriptor CSCD IDs
    - xcopy: loop over devices using idr helper
    - scsi: target: Fix XCOPY NAA identifier lookup
    - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
    - net: ip: always refragment ip defragmented packets
    - net: fix pmtu check in nopmtudisc mode
    - vmlinux.lds.h: Add PGO and AutoFDO input sections
    - ubifs: wbuf: Don't leak kernel memory to flash
    - spi: pxa2xx: Fix use-after-free on unbind
    - cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
    - wil6210: select CONFIG_CRC32
    - block: rsxx: select CONFIG_CRC32
    - iommu/intel: Fix memleak in intel_irq_remapping_alloc
    - block: fix use-after-free in disk_part_iter_next
    - net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed
      packet
    - Linux 4.4.252
  * Xenial update: v4.4.251 upstream stable release (LP: #1913478)
    - kbuild: don't hardcode depmod path
    - workqueue: Kick a worker based on the actual activation of delayed works
    - lib/genalloc: fix the overflow when size is too big
    - depmod: handle the case of /sbin/depmod without /sbin in PATH
    - atm: idt77252: call pci_disable_device() on error path
    - ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
    - net: hns: fix return value check in __lb_other_process()
    - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
    - CDC-NCM: remove "connected" log message
    - vhost_net: fix ubuf refcount incorrectly when sendmsg fails
    - net: sched: prevent invalid Scell_log shift count
    - virtio_net: Fix recursive call to cpus_read_lock()
    - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
    - video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
    - usb: gadget: enable super speed plus
    - USB: cdc-acm: blacklist another IR Droid device
    - usb: chipidea: ci_hdrc_imx: add missing put_device() call in
      usbmisc_get_init_data()
    - USB: xhci: fix U1/U2 handling for hardware

  linux-kvm (4.4.0-1088.97) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1088.97 -proposed tracker (LP: #1914132)

  [ Ubuntu: 4.4.0-203.235 ]

  * xenial/linux: 4.4.0-203.235 -proposed tracker (LP: #1914140)
  * Ubuntu 16.04 kernel 4.4.0-202 basic commands hanging (LP: #1913853)
    - SAUCE: Revert "mm: check that mm is still valid in madvise()"

  [ Ubuntu: 4.4.0-202.234 ]

  * xenial/linux: 4.4.0-202.234 -proposed tracker (LP: #1913086)
  * DMI entry syntax fix for Pegatron / ByteSpeed C15B (LP: #1910639)
    - Input: i8042 - unbreak Pegatron C15B
  * CVE-2020-29372
    - mm: check that mm is still valid in madvise()
  * errinjct open fails on IBM POWER LPAR (LP: #1908710)
    - powerpc/rtas: Fix typo of ibm, open-errinjct in RTAS filter
  * 4.4 kernel panics in kvm wake_up() handler (LP: #1908428)
    - kvm: vmx: rename vmx_pre/post_block to pi_pre/post_block
    - KVM: VMX: extract __pi_post_block
    - KVM: VMX: avoid double list add with VT-d posted interrupts
  * restore reverted commit "crypto: arm64/sha - avoid non-standard inline asm
    tricks" (LP: #1907489)
    - crypto: arm64/sha - avoid non-standard inline asm tricks
  * CVE-2020-29374
    - gup: document and work around "COW can break either way" issue
  * Xenial update: v4.4.249 upstream stable release (LP: #1910139)
    - spi: bcm2835aux: Fix use-after-free on unbind
    - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
    - ARC: stack unwinding: don't assume non-current task is sleeping
    - platform/x86: acer-wmi: add automatic keyboard background light toggle key
      as KEY_LIGHTS_TOGGLE
    - Input: cm109 - do not stomp on control URB
    - Input: i8042 - add Acer laptops to the i8042 reset list
    - [Config] updateconfigs for SPI_DYNAMIC
    - spi: Prevent adding devices below an unregistering controller
    - net/mlx4_en: Avoid scheduling restart task if it is already running
    - tcp: fix cwnd-limited bug for TSO deferral where we send nothing
    - net: stmmac: delete the eee_ctrl_timer after napi disabled
    - net: bridge: vlan: fix error return code in __vlan_add()
    - USB: dummy-hcd: Fix uninitialized array use in init()
    - USB: add RESET_RESUME quirk for Snapscan 1212
    - ALSA: usb-audio: Fix potential out-of-bounds shift
    - ALSA: usb-audio: Fix control 'access overflow' errors from chmap
    - xhci: Give USB2 ports time to enter U3 in bus suspend
    - USB: sisusbvga: Make console support depend on BROKEN
    - [Config] updateconfigs for USB_SISUSBVGA_CON
    - ALSA: pcm: oss: Fix potential out-of-bounds shift
    - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
    - USB: serial: cp210x: enable usb generic throttle/unthrottle
    - scsi: bnx2i: Requires MMU
    - can: softing: softing_netdev_open(): fix error handling
    - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
    - dm table: Remove BUG_ON(in_interrupt())
    - soc/tegra: fuse: Fix index bug in get_process_id
    - USB: serial: option: add interface-number sanity check to flag handling
    - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
    - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
    - media: msi2500: assign SPI bus number dynamically
    - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
    - drm/gma500: fix double free of gma_connector
    - ARM: p2v: fix handling of LPAE translation in BE mode
    - crypto: talitos - Fix return type of current_desc_hdr()
    - spi: img-spfi: fix reference leak in img_spfi_resume
    - ASoC: pcm: DRAIN support reactivation
    - Bluetooth: Fix null pointer dereference in hci_event_packet()
    - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
    - spi: tegra20-slink: fix reference leak in slink ops of tegra20
    - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
    - spi: tegra114: fix reference leak in tegra spi ops
    - RDMa/mthca: Work around -Wenum-conversion warning
    - MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
    - media: solo6x10: fix missing snd_card_free in error handling case
    - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
    - Input: ads7846 - fix integer overflow on Rt calculation
    - Input: ads7846 - fix unaligned access on 7845
    - powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
    - soc: ti: knav_qmss: fix reference leak in knav_queue_probe
    - soc: ti: Fix reference imbalance in knav_dma_probe
    - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
    - memstick: fix a double-free bug in memstick_check
    - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
    - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
    - orinoco: Move context allocation after processing the skb
    - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
    - mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
    - NFSv4.2: condition READDIR's mask for security label based on LSM state
    - lockd: don't use interval-based rebinding over TCP
    - NFS: switch nfsiod to be an UNBOUND workqueue.
    - media: saa7146: fix array overflow in vidioc_s_audio()
    - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
    - memstick: r592: Fix error return in r592_probe()
    - ASoC: jz4740-i2s: add missed checks for clk_get()
    - dm ioctl: fix error return code in target_message
    - clocksource/drivers/arm_arch_timer: Correct fault programming of
      CNTKCTL_EL1.EVNTI
    - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
    - cpufreq: loongson1: Add missing MODULE_ALIAS
    - cpufreq: scpi: Add missing MODULE_ALIAS
    - scsi: pm80xx: Fix error return in pm8001_pci_probe()
    - seq_buf: Avoid type mismatch for seq_buf_init
    - scsi: fnic: Fix error return code in fnic_probe()
    - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
    - usb: ehci

  linux-kvm (4.4.0-1087.96) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1087.96 -proposed tracker (LP: #1911257)

  * CONFIG_BASE_SMALL=1 restricts pid space, which conflicts with systemd
    default sysctl (LP: #1866149)
    - [Config]: set CONFIG_BASE_FULL

  [ Ubuntu: 4.4.0-201.233 ]

  * xenial/linux: 4.4.0-201.233 -proposed tracker (LP: #1911265)
  * Touchpad not detected on ByteSpeed C15B laptop (LP: #1906128)
    - Input: i8042 - add ByteSpeed touchpad to noloop table
  * stack trace in kernel (LP: #1903596)
    - net: napi: remove useless stack trace
  * CVE-2020-27777
    - powerpc/rtas: Restrict RTAS requests from userspace
    - [Config]: Set CONFIG_PPC_RTAS_FILTER
  * Xenial update: v4.4.247 upstream stable release (LP: #1906703)
    - btrfs: tree-checker: Enhance chunk checker to validate chunk profile
    - btrfs: inode: Verify inode mode to avoid NULL pointer dereference
    - HID: cypress: Support Varmilo Keyboards' media hotkeys
    - Input: i8042 - allow insmod to succeed on devices without an i8042
      controller
    - HID: hid-sensor-hub: Fix issue with devices with no report ID
    - x86/xen: don't unbind uninitialized lock_kicker_irq
    - proc: don't allow async path resolution of /proc/self components
    - dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
    - scsi: libiscsi: Fix NOP race condition
    - scsi: target: iscsi: Fix cmd abort fabric stop race
    - scsi: ufs: Fix race between shutdown and runtime resume flow
    - bnxt_en: fix error return code in bnxt_init_board()
    - video: hyperv_fb: Fix the cache type when mapping the VRAM
    - bnxt_en: Release PCI regions when DMA mask setup fails during probe.
    - IB/mthca: fix return value of error branch in mthca_init_cq()
    - nfc: s3fwrn5: use signed integer for parsing GPIO numbers
    - efivarfs: revert "fix memory leak in efivarfs_create()"
    - perf probe: Fix to die_entrypc() returns error correctly
    - USB: core: Change %pK for __user pointers to %px
    - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
    - USB: core: add endpoint-blacklist quirk
    - USB: core: Fix regression in Hercules audio card
    - btrfs: fix lockdep splat when reading qgroup config on mount
    - Linux 4.4.247
  * Xenial update: v4.4.246 upstream stable release (LP: #1906700)
    - ah6: fix error return code in ah6_input()
    - atm: nicstar: Unmap DMA on send error
    - net: b44: fix error return code in b44_init_one()
    - net: bridge: add missing counters to ndo_get_stats64 callback
    - netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
    - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
    - net/mlx4_core: Fix init_hca fields offset
    - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
    - qlcnic: fix error return code in qlcnic_83xx_restart_hw()
    - sctp: change to hold/put transport for proto_unreach_timer
    - net: usb: qmi_wwan: Set DTR quirk for MR400
    - net: Have netpoll bring-up DSA management interface
    - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
    - arm64: psci: Avoid printing in cpu_psci_cpu_die()
    - MIPS: Fix BUILD_ROLLBACK_PROLOGUE for microMIPS
    - Input: adxl34x - clean up a data type in adxl34x_probe()
    - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
    - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
    - perf lock: Don't free "lock_seq_stat" if read_count isn't zero
    - can: dev: can_restart(): post buffer from the right context
    - can: peak_usb: fix potential integer overflow on shift of a int
    - can: m_can: m_can_handle_state_change(): fix state change
    - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
    - regulator: ti-abb: Fix array out of bound read access on the first
      transition
    - libfs: fix error cast of negative value in simple_attr_write()
    - ALSA: ctl: fix error path at adding user-defined element set
    - ALSA: mixart: Fix mutex deadlock
    - tty: serial: imx: keep console clocks always on
    - efivarfs: fix memory leak in efivarfs_create()
    - ext4: fix bogus warning in ext4_update_dx_flag()
    - xtensa: disable preemption around cache alias management calls
    - mac80211: minstrel: remove deferred sampling code
    - mac80211: minstrel: fix tx status processing corner case
    - mac80211: allow driver to prevent two stations w/ same address
    - mac80211: free sta in sta_info_insert_finish() on errors
    - s390/cpum_sf.c: fix file permission for cpum_sfb_size
    - x86/microcode/intel: Check patch signature before saving microcode for early
      loading
    - Linux 4.4.246
  * Xenial update: v4.4.245 upstream stable release (LP: #1906698)
    - i2c: imx: Fix external abort on interrupt in exit paths
    - xfs: catch inode allocation state mismatch corruption
    - xfs: validate cached inodes are free when allocated
    - powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
    - Input: sunkbd - avoid use-after-free in teardown paths
    - mac80211: always wind down STA state
    - KVM: x86: clflushopt should be treated as a no-op by emulation
    - Linux 4.4.245

  [ Ubuntu: 4.4.0-200.232 ]

  * xenial/linux: 4.4.0-200.232 -proposed tracker (LP: #1911151)
  * CVE-2020-28374
    - target: simplify XCOPY wwn->se_dev lookup helper
    - SAUCE: target: fix XCOPY NAA identifier lookup

 -- Kelsey Skunberg <email address hidden> Thu, 14 Jan 2021 16:58:05 -0700