Package "linux-kvm"

  linux-kvm (4.4.0-1088.97) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1088.97 -proposed tracker (LP: #1914132)

  [ Ubuntu: 4.4.0-203.235 ]

  * xenial/linux: 4.4.0-203.235 -proposed tracker (LP: #1914140)
  * Ubuntu 16.04 kernel 4.4.0-202 basic commands hanging (LP: #1913853)
    - SAUCE: Revert "mm: check that mm is still valid in madvise()"

  [ Ubuntu: 4.4.0-202.234 ]

  * xenial/linux: 4.4.0-202.234 -proposed tracker (LP: #1913086)
  * DMI entry syntax fix for Pegatron / ByteSpeed C15B (LP: #1910639)
    - Input: i8042 - unbreak Pegatron C15B
  * CVE-2020-29372
    - mm: check that mm is still valid in madvise()
  * errinjct open fails on IBM POWER LPAR (LP: #1908710)
    - powerpc/rtas: Fix typo of ibm, open-errinjct in RTAS filter
  * 4.4 kernel panics in kvm wake_up() handler (LP: #1908428)
    - kvm: vmx: rename vmx_pre/post_block to pi_pre/post_block
    - KVM: VMX: extract __pi_post_block
    - KVM: VMX: avoid double list add with VT-d posted interrupts
  * restore reverted commit "crypto: arm64/sha - avoid non-standard inline asm
    tricks" (LP: #1907489)
    - crypto: arm64/sha - avoid non-standard inline asm tricks
  * CVE-2020-29374
    - gup: document and work around "COW can break either way" issue
  * Xenial update: v4.4.249 upstream stable release (LP: #1910139)
    - spi: bcm2835aux: Fix use-after-free on unbind
    - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
    - ARC: stack unwinding: don't assume non-current task is sleeping
    - platform/x86: acer-wmi: add automatic keyboard background light toggle key
      as KEY_LIGHTS_TOGGLE
    - Input: cm109 - do not stomp on control URB
    - Input: i8042 - add Acer laptops to the i8042 reset list
    - [Config] updateconfigs for SPI_DYNAMIC
    - spi: Prevent adding devices below an unregistering controller
    - net/mlx4_en: Avoid scheduling restart task if it is already running
    - tcp: fix cwnd-limited bug for TSO deferral where we send nothing
    - net: stmmac: delete the eee_ctrl_timer after napi disabled
    - net: bridge: vlan: fix error return code in __vlan_add()
    - USB: dummy-hcd: Fix uninitialized array use in init()
    - USB: add RESET_RESUME quirk for Snapscan 1212
    - ALSA: usb-audio: Fix potential out-of-bounds shift
    - ALSA: usb-audio: Fix control 'access overflow' errors from chmap
    - xhci: Give USB2 ports time to enter U3 in bus suspend
    - USB: sisusbvga: Make console support depend on BROKEN
    - [Config] updateconfigs for USB_SISUSBVGA_CON
    - ALSA: pcm: oss: Fix potential out-of-bounds shift
    - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
    - USB: serial: cp210x: enable usb generic throttle/unthrottle
    - scsi: bnx2i: Requires MMU
    - can: softing: softing_netdev_open(): fix error handling
    - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
    - dm table: Remove BUG_ON(in_interrupt())
    - soc/tegra: fuse: Fix index bug in get_process_id
    - USB: serial: option: add interface-number sanity check to flag handling
    - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
    - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
    - media: msi2500: assign SPI bus number dynamically
    - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
    - drm/gma500: fix double free of gma_connector
    - ARM: p2v: fix handling of LPAE translation in BE mode
    - crypto: talitos - Fix return type of current_desc_hdr()
    - spi: img-spfi: fix reference leak in img_spfi_resume
    - ASoC: pcm: DRAIN support reactivation
    - Bluetooth: Fix null pointer dereference in hci_event_packet()
    - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
    - spi: tegra20-slink: fix reference leak in slink ops of tegra20
    - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
    - spi: tegra114: fix reference leak in tegra spi ops
    - RDMa/mthca: Work around -Wenum-conversion warning
    - MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
    - media: solo6x10: fix missing snd_card_free in error handling case
    - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
    - Input: ads7846 - fix integer overflow on Rt calculation
    - Input: ads7846 - fix unaligned access on 7845
    - powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
    - soc: ti: knav_qmss: fix reference leak in knav_queue_probe
    - soc: ti: Fix reference imbalance in knav_dma_probe
    - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
    - memstick: fix a double-free bug in memstick_check
    - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
    - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
    - orinoco: Move context allocation after processing the skb
    - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
    - mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
    - NFSv4.2: condition READDIR's mask for security label based on LSM state
    - lockd: don't use interval-based rebinding over TCP
    - NFS: switch nfsiod to be an UNBOUND workqueue.
    - media: saa7146: fix array overflow in vidioc_s_audio()
    - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
    - memstick: r592: Fix error return in r592_probe()
    - ASoC: jz4740-i2s: add missed checks for clk_get()
    - dm ioctl: fix error return code in target_message
    - clocksource/drivers/arm_arch_timer: Correct fault programming of
      CNTKCTL_EL1.EVNTI
    - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
    - cpufreq: loongson1: Add missing MODULE_ALIAS
    - cpufreq: scpi: Add missing MODULE_ALIAS
    - scsi: pm80xx: Fix error return in pm8001_pci_probe()
    - seq_buf: Avoid type mismatch for seq_buf_init
    - scsi: fnic: Fix error return code in fnic_probe()
    - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
    - usb: ehci

  linux-kvm (4.4.0-1087.96) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1087.96 -proposed tracker (LP: #1911257)

  * CONFIG_BASE_SMALL=1 restricts pid space, which conflicts with systemd
    default sysctl (LP: #1866149)
    - [Config]: set CONFIG_BASE_FULL

  [ Ubuntu: 4.4.0-201.233 ]

  * xenial/linux: 4.4.0-201.233 -proposed tracker (LP: #1911265)
  * Touchpad not detected on ByteSpeed C15B laptop (LP: #1906128)
    - Input: i8042 - add ByteSpeed touchpad to noloop table
  * stack trace in kernel (LP: #1903596)
    - net: napi: remove useless stack trace
  * CVE-2020-27777
    - powerpc/rtas: Restrict RTAS requests from userspace
    - [Config]: Set CONFIG_PPC_RTAS_FILTER
  * Xenial update: v4.4.247 upstream stable release (LP: #1906703)
    - btrfs: tree-checker: Enhance chunk checker to validate chunk profile
    - btrfs: inode: Verify inode mode to avoid NULL pointer dereference
    - HID: cypress: Support Varmilo Keyboards' media hotkeys
    - Input: i8042 - allow insmod to succeed on devices without an i8042
      controller
    - HID: hid-sensor-hub: Fix issue with devices with no report ID
    - x86/xen: don't unbind uninitialized lock_kicker_irq
    - proc: don't allow async path resolution of /proc/self components
    - dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
    - scsi: libiscsi: Fix NOP race condition
    - scsi: target: iscsi: Fix cmd abort fabric stop race
    - scsi: ufs: Fix race between shutdown and runtime resume flow
    - bnxt_en: fix error return code in bnxt_init_board()
    - video: hyperv_fb: Fix the cache type when mapping the VRAM
    - bnxt_en: Release PCI regions when DMA mask setup fails during probe.
    - IB/mthca: fix return value of error branch in mthca_init_cq()
    - nfc: s3fwrn5: use signed integer for parsing GPIO numbers
    - efivarfs: revert "fix memory leak in efivarfs_create()"
    - perf probe: Fix to die_entrypc() returns error correctly
    - USB: core: Change %pK for __user pointers to %px
    - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
    - USB: core: add endpoint-blacklist quirk
    - USB: core: Fix regression in Hercules audio card
    - btrfs: fix lockdep splat when reading qgroup config on mount
    - Linux 4.4.247
  * Xenial update: v4.4.246 upstream stable release (LP: #1906700)
    - ah6: fix error return code in ah6_input()
    - atm: nicstar: Unmap DMA on send error
    - net: b44: fix error return code in b44_init_one()
    - net: bridge: add missing counters to ndo_get_stats64 callback
    - netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
    - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
    - net/mlx4_core: Fix init_hca fields offset
    - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
    - qlcnic: fix error return code in qlcnic_83xx_restart_hw()
    - sctp: change to hold/put transport for proto_unreach_timer
    - net: usb: qmi_wwan: Set DTR quirk for MR400
    - net: Have netpoll bring-up DSA management interface
    - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
    - arm64: psci: Avoid printing in cpu_psci_cpu_die()
    - MIPS: Fix BUILD_ROLLBACK_PROLOGUE for microMIPS
    - Input: adxl34x - clean up a data type in adxl34x_probe()
    - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
    - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
    - perf lock: Don't free "lock_seq_stat" if read_count isn't zero
    - can: dev: can_restart(): post buffer from the right context
    - can: peak_usb: fix potential integer overflow on shift of a int
    - can: m_can: m_can_handle_state_change(): fix state change
    - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
    - regulator: ti-abb: Fix array out of bound read access on the first
      transition
    - libfs: fix error cast of negative value in simple_attr_write()
    - ALSA: ctl: fix error path at adding user-defined element set
    - ALSA: mixart: Fix mutex deadlock
    - tty: serial: imx: keep console clocks always on
    - efivarfs: fix memory leak in efivarfs_create()
    - ext4: fix bogus warning in ext4_update_dx_flag()
    - xtensa: disable preemption around cache alias management calls
    - mac80211: minstrel: remove deferred sampling code
    - mac80211: minstrel: fix tx status processing corner case
    - mac80211: allow driver to prevent two stations w/ same address
    - mac80211: free sta in sta_info_insert_finish() on errors
    - s390/cpum_sf.c: fix file permission for cpum_sfb_size
    - x86/microcode/intel: Check patch signature before saving microcode for early
      loading
    - Linux 4.4.246
  * Xenial update: v4.4.245 upstream stable release (LP: #1906698)
    - i2c: imx: Fix external abort on interrupt in exit paths
    - xfs: catch inode allocation state mismatch corruption
    - xfs: validate cached inodes are free when allocated
    - powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
    - Input: sunkbd - avoid use-after-free in teardown paths
    - mac80211: always wind down STA state
    - KVM: x86: clflushopt should be treated as a no-op by emulation
    - Linux 4.4.245

  [ Ubuntu: 4.4.0-200.232 ]

  * xenial/linux: 4.4.0-200.232 -proposed tracker (LP: #1911151)
  * CVE-2020-28374
    - target: simplify XCOPY wwn->se_dev lookup helper
    - SAUCE: target: fix XCOPY NAA identifier lookup

 -- Kelsey Skunberg <email address hidden> Thu, 14 Jan 2021 16:58:05 -0700

  linux-kvm (4.4.0-1085.94) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1085.94 -proposed tracker (LP: #1906044)

  [ Ubuntu: 4.4.0-198.230 ]

  * xenial/linux: 4.4.0-198.230 -proposed tracker (LP: #1906052)
  * Xenial update: v4.4.244 upstream stable release (LP: #1904914)
    - ring-buffer: Fix recursion protection transitions between interrupt context
    - gfs2: Wake up when sd_glock_disposal becomes zero
    - mm: mempolicy: fix potential pte_unmap_unlock pte error
    - time: Prevent undefined behaviour in timespec64_to_ns()
    - btrfs: reschedule when cloning lots of extents
    - net: xfrm: fix a race condition during allocing spi
    - perf tools: Add missing swap for ino_generation
    - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
    - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ
      context
    - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR
      frames
    - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
    - can: peak_usb: add range checking in decode operations
    - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
    - Btrfs: fix missing error return if writeback for extent buffer never started
    - i40e: Wrong truncation from u16 to u8
    - i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
    - ath9k_htc: Use appropriate rs_datalen type
    - usb: gadget: goku_udc: fix potential crashes in probe
    - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
    - gfs2: check for live vs. read-only file system in gfs2_fitrim
    - drm/amdgpu: perform srbm soft reset always on SDMA resume
    - mac80211: fix use of skb payload instead of header
    - cfg80211: regulatory: Fix inconsistent format argument
    - iommu/amd: Increase interrupt remapping table limit to 512 entries
    - xfs: fix a missing unlock on error in xfs_fs_map_blocks
    - of/address: Fix of_node memory leak in of_dma_is_coherent
    - cosa: Add missing kfree in error path of cosa_write
    - perf: Fix get_recursion_context()
    - ext4: correctly report "not supported" for {usr,grp}jquota when
      !CONFIG_QUOTA
    - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
    - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
    - mei: protect mei_cl_mtu from null dereference
    - ocfs2: initialize ip_next_orphan
    - don't dump the threads that had been already exiting when zapped.
    - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
    - pinctrl: amd: use higher precision for 512 RtcClk
    - pinctrl: amd: fix incorrect way to disable debounce filter
    - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
    - IPv6: Set SIT tunnel hard_header_len to zero
    - net/af_iucv: fix null pointer dereference on shutdown
    - net/x25: Fix null-ptr-deref in x25_connect
    - net: Update window_clamp if SOCK_RCVBUF is set
    - random32: make prandom_u32() output unpredictable
    - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-
      on STIBP
    - xen/events: avoid removing an event channel while handling it
    - xen/events: add a proper barrier to 2-level uevent unmasking
    - xen/events: fix race in evtchn_fifo_unmask()
    - xen/events: add a new "late EOI" evtchn framework
    - xen/blkback: use lateeoi irq binding
    - xen/netback: use lateeoi irq binding
    - xen/scsiback: use lateeoi irq binding
    - xen/pciback: use lateeoi irq binding
    - xen/events: switch user event channels to lateeoi model
    - xen/events: use a common cpu hotplug hook for event channels
    - xen/events: defer eoi in case of excessive number of events
    - xen/events: block rogue events for some time
    - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
    - reboot: fix overflow parsing reboot cpu number
    - ext4: fix leaking sysfs kobject after failed mount
    - Convert trailing spaces and periods in path components
    - Linux 4.4.244
  * Xenial update: v4.4.243 upstream stable release (LP: #1904904)
    - Linux 4.4.243
  * Xenial update: v4.4.242 upstream stable release (LP: #1903750)
    - SUNRPC: ECONNREFUSED should cause a rebind.
    - scripts/setlocalversion: make git describe output more reliable
    - ravb: Fix bit fields checking in ravb_hwtstamp_get()
    - tipc: fix memory leak caused by tipc_buf_append()
    - mtd: lpddr: Fix bad logic in print_drs_error
    - ata: sata_rcar: Fix DMA boundary mask
    - fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
    - f2fs crypto: avoid unneeded memory allocation in ->readdir
    - powerpc/powernv/smp: Fix spurious DBG() warning
    - sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
    - f2fs: fix to check segment boundary during SIT page readahead
    - um: change sigio_spinlock to a mutex
    - xfs: fix realtime bitmap/summary file truncation when growing rt volume
    - video: fbdev: pvr2fb: initialize variables
    - ath10k: fix VHT NSS calculation when STBC is enabled
    - mmc: via-sdmmc: Fix data race bug
    - printk: reduce LOG_BUF_SHIFT range for H8300
    - kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
    - USB: adutux: fix debugging
    - drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
    - power: supply: test_power: add missing newlines when printing parameters by
      sysfs
    - md/bitmap: md_bitmap_get_counter returns wrong blocks
    - clk: ti: clockdomain: fix static checker warning
    - net: 9p: initialize sun_server.sun_path to have addr's value only when addr
      is valid
    - drivers: watchdog: rdc321x_wdt: Fix race condition bugs
    - ext4: Detect already used quota file early
    - gfs2: add validation checks for size of superblock
    - memory: emif: Remove bogus debugfs error handling
    - ARM: dts: s5pv210: move PMU node out of clock controller
    - ARM: dts: s5pv210: remove dedic

  linux-kvm (4.4.0-1084.93) xenial; urgency=medium

  * xenial/linux-kvm: 4.4.0-1084.93 -proposed tracker (LP: #1905657)

  * CONFIG options for (ipip, sit) should not be built-in to the KVM kernels
    (LP: #1899832)
    - [config] Set CONFIG_NET_IPIP and CONIG_IPV6_SIT =m

  linux-kvm (4.4.0-1082.91) xenial; urgency=medium

  [ Ubuntu: 4.4.0-193.224 ]

  * CVE-2020-16119
    - SAUCE: dccp: avoid double free of ccid on child socket

  [ Ubuntu: 4.4.0-192.222 ]

  * xenial/linux: 4.4.0-192.222 -proposed tracker (LP: #1897734)
  * mwifiex stops working after kernel upgrade (LP: #1897299)
    - mwifiex: Increase AES key storage size to 256 bits
  * xenial 4.4.0-191-generic in -proposed has a regression (LP: #1896725)
    - Revert "XEN uses irqdesc::irq_data_common::handler_data to store a per
      interrupt XEN data pointer which contains XEN specific information."