[ubuntu/artful-updates] linux-snapdragon 4.4.0-1088.93 (Accepted)

Andy Whitcroft apw at canonical.com
Thu Apr 5 08:35:44 UTC 2018


linux-snapdragon (4.4.0-1088.93) xenial; urgency=medium

  * linux-snapdragon: 4.4.0-1088.93 -proposed tracker (LP: #1755215)


  [ Ubuntu: 4.4.0-117.141 ]

  * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208)
  * Xenial update to 4.4.114 stable release (LP: #1754592)
    - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address
    - usbip: Fix implicit fallthrough warning
    - usbip: Fix potential format overflow in userspace tools
    - x86/microcode/intel: Fix BDW late-loading revision check
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - sched/deadline: Use the revised wakeup rule for suspending constrained dl
      tasks
    - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
    - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
    - PM / sleep: declare __tracedata symbols as char[] rather than char
    - time: Avoid undefined behaviour in ktime_add_safe()
    - timers: Plug locking race vs. timer migration
    - Prevent timer value 0 for MWAITX
    - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
    - drivers: base: cacheinfo: fix boot error message when acpi is enabled
    - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
    - PCI: layerscape: Fix MSG TLP drop setting
    - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
    - fs/select: add vmalloc fallback for select(2)
    - hwpoison, memcg: forcibly uncharge LRU pages
    - cma: fix calculation of aligned offset
    - mm, page_alloc: fix potential false positive in __zone_watermark_ok
    - ipc: msg, make msgrcv work with LONG_MIN
    - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
    - ACPI / processor: Avoid reserving IO regions too early
    - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
    - ACPICA: Namespace: fix operand cache leak
    - netfilter: x_tables: speed up jump target validation
    - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed
      in 64bit kernel
    - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
    - netfilter: nf_ct_expect: remove the redundant slash when policy name is
      empty
    - netfilter: nfnetlink_queue: reject verdict request from different portid
    - netfilter: restart search if moved to other chain
    - netfilter: nf_conntrack_sip: extend request line validation
    - netfilter: use fwmark_reflect in nf_send_reset
    - ext2: Don't clear SGID when inheriting ACLs
    - reiserfs: fix race in prealloc discard
    - reiserfs: don't preallocate blocks for extended attributes
    - reiserfs: Don't clear SGID when inheriting ACLs
    - fs/fcntl: f_setown, avoid undefined behaviour
    - scsi: libiscsi: fix shifting of DID_REQUEUE host byte
    - Input: trackpoint - force 3 buttons if 0 button is reported
    - usb: usbip: Fix possible deadlocks reported by lockdep
    - usbip: fix stub_rx: get_pipe() to validate endpoint number
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
    - usbip: prevent leaking socket pointer address in messages
    - um: link vmlinux with -no-pie
    - vsyscall: Fix permissions for emulate mode with KAISER/PTI
    - eventpoll.h: add missing epoll event masks
    - x86/microcode/intel: Extend BDW late-loading further with LLC size check
    - hrtimer: Reset hrtimer cpu base proper on CPU hotplug
    - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
    - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
    - ipv6: fix udpv6 sendmsg crash caused by too small MTU
    - ipv6: ip6_make_skb() needs to clear cork.base.dst
    - lan78xx: Fix failure in USB Full Speed
    - net: igmp: fix source address check for IGMPv3 reports
    - tcp: __tcp_hdrlen() helper
    - net: qdisc_pkt_len_init() should be more robust
    - pppoe: take ->needed_headroom of lower device into account on xmit
    - r8169: fix memory corruption on retrieval of hardware statistics.
    - sctp: do not allow the v4 socket to bind a v4mapped v6 address
    - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
    - vmxnet3: repair memory leak
    - net: Allow neigh contructor functions ability to modify the primary_key
    - ipv4: Make neigh lookup keys for loopback/point-to-point devices be
      INADDR_ANY
    - flow_dissector: properly cap thoff field
    - net: tcp: close sock if net namespace is exiting
    - nfsd: auth: Fix gid sorting when rootsquash enabled
    - Linux 4.4.114
  * Xenial update to 4.4.113 stable release (LP: #1754375)
    - gcov: disable for COMPILE_TEST
    - scsi: sg: disable SET_FORCE_LOW_DMA
    - futex: Prevent overflow by strengthen input validation
    - ALSA: pcm: Remove yet superfluous WARN_ON()
    - ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
    - ALSA: hda - Apply the existing quirk to iMac 14,1
    - af_key: fix buffer overread in verify_address_len()
    - af_key: fix buffer overread in parse_exthdrs()
    - scsi: hpsa: fix volume offline state
    - sched/deadline: Zero out positive runtime after throttling constrained tasks
    - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
    - x86/apic/vector: Fix off by one in error path
    - Input: 88pm860x-ts - fix child-node lookup
    - Input: twl6040-vibra - fix DT node memory management
    - Input: twl6040-vibra - fix child-node lookup
    - Input: twl4030-vibra - fix sibling-node lookup
    - tracing: Fix converting enum's from the map in trace_event_eval_update()
    - phy: work around 'phys' references to usb-nop-xceiv devices
    - ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
    - can: peak: fix potential bug in packet fragmentation
    - dm btree: fix serious bug in btree_split_beneath()
    - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
    - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
    - kbuild: modversions for EXPORT_SYMBOL() for asm
    - x86/pti: Document fix wrong index
    - MIPS: AR7: ensure the port type's FCR value is used
    - Linux 4.4.113
  * Xenial update to 4.4.113 stable release (LP: #1754375) // CVE-2017-5753
    (Spectre v1 Intel -> upstream)
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
  * i2c-thunderx: erroneous error message "unhandled state: 0" (LP: #1754076)
    - i2c: octeon: Prevent error message on bus error
  * qeth: fix calculation of required buffer elements for skb (LP: #1750810)
    - s390/qeth: fix underestimated count of buffer elements
  * Support rfkill-any led trigger for Fujitsu u727 (LP: #1745130)
    - rfkill: Add rfkill-any LED trigger
  * Redpine: Sometimes Wi-Fi connection shows "unavailable" after resume from
    WoWLAN S4. WLAN can be recover after reboot or reloading WIFI driver.
    (LP: #1753438) // Redpine: BLE scanning for nearby beacons per second is too
    low and result high loss rate. (LP: #1753439)
    - SAUCE: Redpine: resolve race while resuming from S4
    - SAUCE: Redpine: Fix card write failure issue at S4 restore
    - SAUCE: Redpine: Add deep sleep enable before connection
    - SAUCE: Redpine: resolve power save issue after S4 resume
  * qeth: check not more than 16 SBALEs on the completion queue (LP: #1750568)
    - qeth: check not more than 16 SBALEs on the completion queue
  * qeth: fix L3 next-hop im xmit qeth hdr (LP: #1750813)
    - s390/qeth: fix L3 next-hop in xmit qeth hdr
  * qemu-efi-aarch64 in >= artful can't boot xenial cloud images (LP: #1744754)
    - irqchip/gic-v3: Refactor gic_of_init() for GICv3 driver
    - irqchip/gic-v3: Add ACPI support for GICv3/4 initialization
    - irqchip/gic-v3: ACPI: Add redistributor support via GICC structures
    - irqchip/gic-v3: Remove gic_root_node variable from the ITS code
    - irqchip/gic-v3-its: Mark its_init() and its children as __init
    - ACPICA: Headers: Add new constants for the DBG2 ACPI table
    - of/serial: move earlycon early_param handling to serial
    - ACPI: parse SPCR and enable matching console
    - [Config] CONFIG_ACPI_SPCR_TABLE=y
    - ARM64: ACPI: enable ACPI_SPCR_TABLE
    - serial: pl011: add console matching function
  * OOM and High CPU utilization in update_blocked_averages because of too many
    cfs_rqs in rq->leaf_cfs_rq_list (LP: #1747896)
    - sched/fair: Fix O(nr_cgroups) in load balance path
  * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
    - SAUCE: tools -- add ability to disable libbfd
    - [Packaging] correct disablement of libbfd
  * retpoline abi files are empty on i386 (LP: #1751021)
    - [Packaging] retpoline-extract -- instantiate retpoline files for i386
    - [Packaging] final-checks -- sanity checking ABI contents
    - [Packaging] final-checks -- check for empty retpoline files
  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware
  * CVE-2017-17448
    - netfilter: nfnetlink_cthelper: Add missing permission checks
  * TB16 dock ethernet corrupts data with hw checksum silently failing
    (LP: #1729674)
    - r8152: disable RX aggregation on Dell TB16 dock
  * linux < 4.8: x-netns vti is broken (LP: #1744078)
    - net: l3mdev: Add master device lookup by index
    - xfrm: Only add l3mdev oif to dst lookups
  * Xenial update to 4.4.112 stable release (LP: #1745266)
    - dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
    - can: gs_usb: fix return value of the "set_bittiming" callback
    - IB/srpt: Disable RDMA access by the initiator
    - MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
    - MIPS: Factor out NT_PRFPREG regset access helpers
    - MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
    - MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
    - MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
    - MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
    - MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
    - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
    - x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
    - x86/acpi: Handle SCI interrupts above legacy space gracefully
    - iommu/arm-smmu-v3: Don't free page table ops twice
    - ALSA: pcm: Remove incorrect snd_BUG_ON() usages
    - ALSA: pcm: Add missing error checks in OSS emulation plugin builder
    - ALSA: pcm: Abort properly at pending signal in OSS read/write loops
    - ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
    - ALSA: aloop: Release cable upon open error path
    - ALSA: aloop: Fix inconsistent format due to incomplete rule
    - ALSA: aloop: Fix racy hw constraints adjustment
    - x86/acpi: Reduce code duplication in mp_override_legacy_irq()
    - mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
    - mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
    - mm/page-writeback: fix dirty_ratelimit calculation
    - mm/zswap: use workqueue to destroy pool
    - zswap: don't param_set_charp while holding spinlock
    - locks: don't check for race with close when setting OFD lock
    - futex: Replace barrier() in unqueue_me() with READ_ONCE()
    - locking/mutex: Allow next waiter lockless wakeup
    - usbvision fix overflow of interfaces array
    - usb: musb: ux500: Fix NULL pointer dereference at system PM
    - r8152: fix the wake event
    - r8152: use test_and_clear_bit
    - r8152: adjust ALDPS function
    - lan78xx: use skb_cow_head() to deal with cloned skbs
    - sr9700: use skb_cow_head() to deal with cloned skbs
    - smsc75xx: use skb_cow_head() to deal with cloned skbs
    - cx82310_eth: use skb_cow_head() to deal with cloned skbs
    - x86/mm/pat, /dev/mem: Remove superfluous error message
    - hwrng: core - sleep interruptible in read
    - sysrq: Fix warning in sysrq generated crash.
    - xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
    - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
    - x86/pti/efi: broken conversion from efi to kernel page table
    - 8021q: fix a memory leak for VLAN 0 device
    - ip6_tunnel: disable dst caching if tunnel is dual-stack
    - net: core: fix module type in sock_diag_bind
    - RDS: Heap OOB write in rds_message_alloc_sgs()
    - sh_eth: fix TSU resource handling
    - sh_eth: fix SH7757 GEther initialization
    - net: stmmac: enable EEE in MII, GMII or RGMII only
    - ipv6: fix possible mem leaks in ipv6_make_skb()
    - crypto: algapi - fix NULL dereference in crypto_remove_spawns()
    - rbd: set max_segments to USHRT_MAX
    - x86/microcode/intel: Extend BDW late-loading with a revision check
    - KVM: x86: Add memory barrier on vmcs field lookup
    - drm/vmwgfx: Potential off by one in vmw_view_add()
    - kaiser: Set _PAGE_NX only if supported
    - bpf: don't (ab)use instructions to store state
    - bpf: move fixup_bpf_calls() function
    - bpf: refactor fixup_bpf_calls()
    - bpf: adjust insn_aux_data when patching insns
    - bpf: prevent out-of-bounds speculation
    - bpf, array: fix overflow in max_entries and undefined behavior in index_mask
    - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
    - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
    - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
    - USB: serial: cp210x: add new device ID ELV ALC 8xxx
    - usb: misc: usb3503: make sure reset is low for at least 100us
    - USB: fix usbmon BUG trigger
    - usbip: remove kernel addresses from usb device and urb debug msgs
    - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
    - Bluetooth: Prevent stack info leak from the EFS element.
    - uas: ignore UAS for Norelsys NS1068(X) chips
    - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
    - x86/Documentation: Add PTI description
    - sysfs/cpu: Fix typos in vulnerability documentation
    - x86/alternatives: Fix optimize_nops() checking
    - selftests/x86: Add test_vsyscall
    - Linux 4.4.112
  * Xenial update to 4.4.111 stable release (LP: #1745263)
    - x86/kasan: Write protect kasan zero shadow
    - kernel/acct.c: fix the acct->needcheck check in check_free_space()
    - crypto: n2 - cure use after free
    - crypto: chacha20poly1305 - validate the digest size
    - crypto: pcrypt - fix freeing pcrypt instances
    - sunxi-rsb: Include OF based modalias in device uevent
    - fscache: Fix the default for fscache_maybe_release_page()
    - kernel: make groups_sort calling a responsibility group_info allocators
    - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
    - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only()
      signals
    - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in
      complete_signal()
    - ARC: uaccess: dont use "l" gcc inline asm constraint modifier
    - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
    - genksyms: Handle string literals with spaces in reference files
    - module: Issue warnings when tainting kernel
    - proc: much faster /proc/vmstat
    - Fix build error in vma.c
    - Linux 4.4.111
  * x86/net/bpf: return statement missing value (LP: #1745364)
    - SAUCE: (no-up) arch/x86/bpf: Fix missed return statement
  * Ubuntu 16.04 - s390/cpuinfo: show facilities as reported by stfle
    (LP: #1744736)
    - s390/bitops: add for_each_set_bit_inv helper
    - s390/cpuinfo: show facilities as reported by stfle
  * Xenial update to 4.4.110 stable release (LP: #1745071)
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - SAUCE: Replace CONFIG_KAISER with CONFIG_PAGE_TABLE_ISOLATION
    - Linux 4.4.110
  * Xenial update to 4.4.109 stable release (LP: #1745069)
    - ACPI: APEI / ERST: Fix missing error handling in erst_reader()
    - crypto: mcryptd - protect the per-CPU queue with a lock
    - mfd: cros ec: spi: Don't send first message too soon
    - mfd: twl4030-audio: Fix sibling-node lookup
    - mfd: twl6040: Fix child-node lookup
    - ALSA: rawmidi: Avoid racy info ioctl via ctl device
    - ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
    - PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
    - parisc: Hide Diva-built-in serial aux and graphics card
    - spi: xilinx: Detect stall with Unknown commands
    - KVM: X86: Fix load RFLAGS w/o the fixed bit
    - powerpc/perf: Dereference BHRB entries safely
    - net: mvneta: clear interface link status on port disable
    - tracing: Remove extra zeroing out of the ring buffer page
    - tracing: Fix possible double free on failure of allocating trace buffer
    - tracing: Fix crash when it fails to alloc ring buffer
    - ring-buffer: Mask out the info bits when returning buffer page length
    - iw_cxgb4: Only validate the MSN for successful completions
    - ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
    - ASoC: twl4030: fix child-node lookup
    - ALSA: hda: Drop useless WARN_ON()
    - ALSA: hda - fix headset mic detection issue on a Dell machine
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - kbuild: add '-fno-stack-check' to kernel build options
    - ipv4: igmp: guard against silly MTU values
    - ipv6: mcast: better catch silly mtu values
    - net: igmp: Use correct source address on IGMPv3 reports
    - netlink: Add netns check on taps
    - net: qmi_wwan: add Sierra EM7565 1199:9091
    - net: reevalulate autoflowlabel setting after sysctl setting
    - tcp md5sig: Use skb's saddr when replying to an incoming segment
    - tg3: Fix rx hang on MTU change with 5717/5719
    - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
    - sctp: Replace use of sockets_allocated with specified macro.
    - ipv4: Fix use-after-free when flushing FIB tables
    - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink
      leaks
    - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
    - sock: free skb in skb_complete_tx_timestamp on error
    - usbip: fix usbip bind writing random string after command in match_busid
    - usbip: stub: stop printing kernel pointer addresses in messages
    - usbip: vhci: stop printing kernel pointer addresses in messages
    - USB: serial: ftdi_sio: add id for Airbus DS P8GR
    - USB: serial: qcserial: add Sierra Wireless EM7565
    - USB: serial: option: add support for Telit ME910 PID 0x1101
    - USB: serial: option: adding support for YUGA CLM920-NC5
    - usb: Add device quirk for Logitech HD Pro Webcam C925e
    - usb: add RESET_RESUME for ELSA MicroLink 56K
    - USB: Fix off by one in type-specific length check of BOS SSP capability
    - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
    - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
    - x86/smpboot: Remove stale TLB flush invocations
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
    - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
    - Linux 4.4.109
  * Xenial update to 4.4.108 stable release (LP: #1745054)
    - arm64: Initialise high_memory global variable earlier
    - cxl: Check if vphb exists before iterating over AFU devices
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - mm/rmap: batched invalidations should use existing api
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - ARM: Hide finish_arch_post_lock_switch() from modules
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - ALSA: hda - add support for docking station for HP 820 G2
    - ALSA: hda - add support for docking station for HP 840 G3
    - arm: kprobes: Fix the return address of multiple kretprobes
    - arm: kprobes: Align stack to 8-bytes in test code
    - cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
    - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
    - sch_dsmark: fix invalid skb_cow() usage
    - bna: integer overflow bug in debugfs
    - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4
    - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
    - usb: gadget: udc: remove pointer dereference after free
    - netfilter: nfnl_cthelper: fix runtime expectation policy updates
    - netfilter: nfnl_cthelper: Fix memory leak
    - inet: frag: release spinlock before calling icmp_send()
    - pinctrl: st: add irq_request/release_resources callbacks
    - scsi: lpfc: Fix PT2PT PRLI reject
    - KVM: x86: correct async page present tracepoint
    - KVM: VMX: Fix enable VPID conditions
    - ARM: dts: ti: fix PCI bus dtc warnings
    - hwmon: (asus_atk0110) fix uninitialized data access
    - HID: xinmo: fix for out of range for THT 2P arcade controller.
    - r8152: prevent the driver from transmitting packets with carrier off
    - s390/qeth: no ETH header for outbound AF_IUCV
    - bna: avoid writing uninitialized data into hw registers
    - net: Do not allow negative values for busy_read and busy_poll sysctl
      interfaces
    - i40e: Do not enable NAPI on q_vectors that have no rings
    - RDMA/iser: Fix possible mr leak on device removal event
    - irda: vlsi_ir: fix check for DMA mapping errors
    - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
    - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
    - ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend
    - KVM: pci-assign: do not map smm memory slot pages in vt-d page tables
    - isdn: kcapi: avoid uninitialized data
    - xhci: plat: Register shutdown for xhci_plat
    - netfilter: nfnetlink_queue: fix secctx memory leak
    - ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
    - cpuidle: powernv: Pass correct drv->cpumask for registration
    - bnxt_en: Fix NULL pointer dereference in reopen failure path
    - backlight: pwm_bl: Fix overflow condition
    - crypto: crypto4xx - increase context and scatter ring buffer elements
    - rtc: pl031: make interrupt optional
    - net: phy: at803x: Change error to EINVAL for invalid MAC
    - PCI: Avoid bus reset if bridge itself is broken
    - scsi: cxgb4i: fix Tx skb leak
    - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume
      created on two SATA drive
    - PCI: Create SR-IOV virtfn/physfn links before attaching driver
    - igb: check memory allocation failure
    - ixgbe: fix use of uninitialized padding
    - PCI/AER: Report non-fatal errors only to the affected endpoint
    - scsi: lpfc: Fix secure firmware updates
    - scsi: lpfc: PLOGI failures during NPIV testing
    - fm10k: ensure we process SM mbx when processing VF mbx
    - tcp: fix under-evaluated ssthresh in TCP Vegas
    - rtc: set the alarm to the next expiring timer
    - cpuidle: fix broadcast control when broadcast can not be entered
    - thermal: hisilicon: Handle return value of clk_prepare_enable
    - MIPS: math-emu: Fix final emulation phase for certain instructions
    - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
    - ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit()
    - ALSA: hda - Degrade i915 binding failure message
    - ALSA: hda - Fix yet another i915 pointer leftover in error path
    - alpha: fix build failures
    - Linux 4.4.108
  * Xenial update to 4.4.107 stable release (LP: #1745052)
    - crypto: hmac - require that the underlying hash algorithm is unkeyed
    - crypto: salsa20 - fix blkcipher_walk API usage
    - autofs: fix careless error in recent commit
    - tracing: Allocate mask_str buffer dynamically
    - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
    - USB: core: prevent malicious bNumInterfaces overflow
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
    - ceph: drop negative child dentries before try pruning inode's alias
    - Bluetooth: btusb: driver to enable the usb-wakeup feature
    - xhci: Don't add a virt_dev to the devs array before it's fully allocated
    - sched/rt: Do not pull from current CPU if only one CPU to pull
    - dmaengine: dmatest: move callback wait queue to thread context
    - ext4: fix fdatasync(2) after fallocate(2) operation
    - ext4: fix crash when a directory's i_size is too small
    - KEYS: add missing permission check for request_key() destination
    - mac80211: Fix addition of mesh configuration element
    - usb: phy: isp1301: Add OF device ID table
    - md-cluster: free md_cluster_info if node leave cluster
    - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
    - userfaultfd: selftest: vm: allow to build in vm/ directory
    - net: initialize msg.msg_flags in recvfrom
    - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
    - net: bcmgenet: correct MIB access of UniMAC RUNT counters
    - net: bcmgenet: reserved phy revisions must be checked first
    - net: bcmgenet: power down internal phy if open or resume fails
    - net: bcmgenet: Power up the internal PHY before probing the MII
    - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
    - NFSD: fix nfsd_reset_versions for NFSv4.
    - Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
    - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
    - netfilter: bridge: honor frag_max_size when refragmenting
    - writeback: fix memory leak in wb_queue_work()
    - net: wimax/i2400m: fix NULL-deref at probe
    - dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
    - net: Resend IGMP memberships upon peer notification.
    - mlxsw: reg: Fix SPVM max record count
    - mlxsw: reg: Fix SPVMLR max record count
    - intel_th: pci: Add Gemini Lake support
    - openrisc: fix issue handling 8 byte get_user calls
    - scsi: hpsa: update check for logical volume status
    - scsi: hpsa: limit outstanding rescans
    - fjes: Fix wrong netdevice feature flags
    - drm/radeon/si: add dpm quirk for Oland
    - sched/deadline: Make sure the replenishment timer fires in the next period
    - sched/deadline: Throttle a constrained deadline task activated after the
      deadline
    - sched/deadline: Use deadline instead of period when calculating overflow
    - mmc: mediatek: Fixed bug where clock frequency could be set wrong
    - drm/radeon: reinstate oland workaround for sclk
    - afs: Fix missing put_page()
    - afs: Populate group ID from vnode status
    - afs: Adjust mode bits processing
    - afs: Flush outstanding writes when an fd is closed
    - afs: Migrate vlocation fields to 64-bit
    - afs: Prevent callback expiry timer overflow
    - afs: Fix the maths in afs_fs_store_data()
    - afs: Populate and use client modification time
    - afs: Fix page leak in afs_write_begin()
    - afs: Fix afs_kill_pages()
    - perf symbols: Fix symbols__fixup_end heuristic for corner cases
    - efi/esrt: Cleanup bad memory map log messages
    - NFSv4.1 respect server's max size in CREATE_SESSION
    - btrfs: add missing memset while reading compressed inline extents
    - target: Use system workqueue for ALUA transitions
    - target: fix ALUA transition timeout handling
    - target: fix race during implicit transition work flushes
    - sfc: don't warn on successful change of MAC
    - fbdev: controlfb: Add missing modes to fix out of bounds access
    - video: udlfb: Fix read EDID timeout
    - video: fbdev: au1200fb: Release some resources if a memory allocation fails
    - video: fbdev: au1200fb: Return an error code if a memory allocation fails
    - rtc: pcf8563: fix output clock rate
    - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
    - PCI/PME: Handle invalid data when reading Root Status
    - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
    - netfilter: ipvs: Fix inappropriate output of procfs
    - powerpc/opal: Fix EBUSY bug in acquiring tokens
    - powerpc/ipic: Fix status get and status clear
    - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
    - iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
    - target:fix condition return in core_pr_dump_initiator_port()
    - target/file: Do not return error for UNMAP if length is zero
    - arm-ccn: perf: Prevent module unload while PMU is in use
    - crypto: tcrypt - fix buffer lengths in test_aead_speed()
    - mm: Handle 0 flags in _calc_vm_trans() macro
    - clk: mediatek: add the option for determining PLL source clock
    - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
    - clk: tegra: Fix cclk_lp divisor register
    - ppp: Destroy the mutex when cleanup
    - thermal/drivers/step_wise: Fix temperature regulation misbehavior
    - GFS2: Take inode off order_write list when setting jdata flag
    - bcache: explicitly destroy mutex while exiting
    - bcache: fix wrong cache_misses statistics
    - l2tp: cleanup l2tp_tunnel_delete calls
    - xfs: fix log block underflow during recovery cycle verification
    - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
    - PCI: Detach driver before procfs & sysfs teardown on device remove
    - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
    - scsi: hpsa: destroy sas transport properties before scsi_host
    - powerpc/perf/hv-24x7: Fix incorrect comparison in memord
    - tty fix oops when rmmod 8250
    - usb: musb: da8xx: fix babble condition handling
    - pinctrl: adi2: Fix Kconfig build problem
    - raid5: Set R5_Expanded on parity devices as well as data.
    - scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
    - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
    - scsi: sd: change manage_start_stop to bool in sysfs interface
    - scsi: sd: change allow_restart to bool in sysfs interface
    - scsi: bfa: integer overflow in debugfs
    - udf: Avoid overflow when session starts at large offset
    - macvlan: Only deliver one copy of the frame to the macvlan interface
    - RDMA/cma: Avoid triggering undefined behavior
    - IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
    - ath9k: fix tx99 potential info leak
    - Linux 4.4.107
  * Xenial update to 4.4.106 stable release (LP: #1745047)
    - can: ti_hecc: Fix napi poll return value for repoll
    - can: kvaser_usb: free buf in error paths
    - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
    - can: kvaser_usb: ratelimit errors if incomplete messages are received
    - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
    - can: ems_usb: cancel urb on -EPIPE and -EPROTO
    - can: esd_usb2: cancel urb on -EPIPE and -EPROTO
    - can: usb_8dev: cancel urb on -EPIPE and -EPROTO
    - virtio: release virtio index when fail to device_register
    - hv: kvp: Avoid reading past allocated blocks from KVP file
    - isa: Prevent NULL dereference in isa_bus driver callbacks
    - scsi: libsas: align sata_device's rps_resp on a cacheline
    - efi: Move some sysfs files to be read-only by root
    - ASN.1: fix out-of-bounds read when parsing indefinite length item
    - ASN.1: check for error from ASN1_OP_END__ACT actions
    - X.509: reject invalid BIT STRING for subjectPublicKey
    - x86/PCI: Make broadcom_postcore_init() check acpi_disabled
    - ALSA: pcm: prevent UAF in snd_pcm_info
    - ALSA: seq: Remove spurious WARN_ON() at timer check
    - ALSA: usb-audio: Fix out-of-bound error
    - ALSA: usb-audio: Add check return value for usb_string()
    - iommu/vt-d: Fix scatterlist offset handling
    - s390: fix compat system call table
    - kdb: Fix handling of kallsyms_symbol_next() return value
    - drm: extra printk() wrapper macros
    - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
    - media: dvb: i2c transfers over usb cannot be done from stack
    - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
    - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
    - arm64: fpsimd: Prevent registers leaking from dead tasks
    - ARM: BUG if jumping to usermode address in kernel mode
    - ARM: avoid faulting on qemu
    - thp: reduce indentation level in change_huge_pmd()
    - thp: fix MADV_DONTNEED vs. numa balancing race
    - mm: drop unused pmdp_huge_get_and_clear_notify()
    - Revert "drm/armada: Fix compile fail"
    - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
    - Revert "s390/kbuild: enable modversions for symbols exported from asm"
    - vti6: Don't report path MTU below IPV6_MIN_MTU.
    - ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
    - x86/hpet: Prevent might sleep splat on resume
    - selftest/powerpc: Fix false failures for skipped tests
    - module: set __jump_table alignment to 8
    - ARM: OMAP2+: Fix device node reference counts
    - ARM: OMAP2+: Release device node after it is no longer needed.
    - gpio: altera: Use handle_level_irq when configured as a level_high
    - HID: chicony: Add support for another ASUS Zen AiO keyboard
    - usb: gadget: configs: plug memory leak
    - USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
    - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
    - libata: drop WARN from protocol error in ata_sff_qc_issue()
    - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
    - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
    - irqchip/crossbar: Fix incorrect type of register size
    - KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
    - arm: KVM: Survive unknown traps from guests
    - arm64: KVM: Survive unknown traps from guests
    - spi_ks8995: fix "BUG: key accdaa28 not in .data!"
    - bnx2x: prevent crash when accessing PTP with interface down
    - bnx2x: fix possible overrun of VFPF multicast addresses array
    - bnx2x: do not rollback VF MAC/VLAN filters we did not configure
    - ipv6: reorder icmpv6_init() and ip6_mr_init()
    - crypto: s5p-sss - Fix completing crypto request in IRQ handler
    - i2c: riic: fix restart condition
    - zram: set physical queue limits to avoid array out of bounds accesses
    - netfilter: don't track fragmented packets
    - axonram: Fix gendisk handling
    - drm/amd/amdgpu: fix console deadlock if late init failed
    - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
    - EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
    - EDAC, i5000, i5400: Fix definition of NRECMEMB register
    - kbuild: pkg: use --transform option to prefix paths in tar
    - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
    - route: also update fnhe_genid when updating a route cache
    - route: update fnhe_expires for redirect when the fnhe exists
    - lib/genalloc.c: make the avail variable an atomic_long_t
    - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE
      instead of 0
    - NFS: Fix a typo in nfs_rename()
    - sunrpc: Fix rpc_task_begin trace point
    - block: wake up all tasks blocked in get_request()
    - sparc64/mm: set fields in deferred pages
    - sctp: do not free asoc when it is already dead in sctp_sendmsg
    - sctp: use the right sk after waking up from wait_buf sleep
    - atm: horizon: Fix irq release error
    - jump_label: Invoke jump_label_test() via early_initcall()
    - xfrm: Copy policy family in clone_policy
    - IB/mlx4: Increase maximal message size under UD QP
    - IB/mlx5: Assign send CQ and recv CQ of UMR QP
    - afs: Connect up the CB.ProbeUuid
    - ipvlan: fix ipv6 outbound device
    - audit: ensure that 'audit=1' actually enables audit for PID 1
    - ipmi: Stop timers before cleaning up the module
    - s390: always save and restore all registers on context switch
    - tipc: fix memory leak in tipc_accept_from_sock()
    - rds: Fix NULL pointer dereference in __rds_rdma_map
    - sit: update frag_off info
    - packet: fix crash in fanout_demux_rollover()
    - net/packet: fix a race in packet_bind() and packet_notifier()
    - Revert "x86/efi: Build our own page table structures"
    - Revert "x86/efi: Hoist page table switching code into efi_call_virt()"
    - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
    - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
    - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
    - Linux 4.4.106
  * Xenial update to 4.4.105 stable release (LP: #1745046)
    - bcache: only permit to recovery read error when cache device is clean
    - bcache: recover data from backing when data is clean
    - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
    - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
    - serial: 8250_pci: Add Amazon PCI serial device ID
    - s390/runtime instrumentation: simplify task exit handling
    - USB: serial: option: add Quectel BG96 id
    - ima: fix hash algorithm initialization
    - s390/pci: do not require AIS facility
    - selftests/x86/ldt_get: Add a few additional tests for limits
    - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
    - spi: sh-msiof: Fix DMA transfer size check
    - usb: phy: tahvo: fix error handling in tahvo_usb_probe()
    - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
    - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
    - EDAC, sb_edac: Fix missing break in switch
    - sysrq : fix Show Regs call trace on ARM
    - perf test attr: Fix ignored test case result
    - kprobes/x86: Disable preemption in ftrace-based jprobes
    - net: systemport: Utilize skb_put_padto()
    - net: systemport: Pad packet before inserting TSB
    - ARM: OMAP1: DMA: Correct the number of logical channels
    - vti6: fix device register to report IFLA_INFO_KIND
    - net/appletalk: Fix kernel memory disclosure
    - ravb: Remove Rx overflow log messages
    - nfs: Don't take a reference on fl->fl_file for LOCK operation
    - KVM: arm/arm64: Fix occasional warning from the timer work function
    - NFSv4: Fix client recovery when server reboots multiple times
    - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
    - net: sctp: fix array overrun read on sctp_timer_tbl
    - tipc: fix cleanup at module unload
    - dmaengine: pl330: fix double lock
    - tcp: correct memory barrier usage in tcp_check_space()
    - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
    - xen-netfront: Improve error handling during initialization
    - net: fec: fix multicast filtering hardware setup
    - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
    - usb: hub: Cycle HUB power when initialization fails
    - usb: xhci: fix panic in xhci_free_virt_devices_depth_first
    - usb: ch9: Add size macro for SSP dev cap descriptor
    - USB: core: Add type-specific length check of BOS descriptors
    - USB: Increase usbfs transfer limit
    - USB: devio: Prevent integer overflow in proc_do_submiturb()
    - USB: usbfs: Filter flags passed in from user space
    - usb: host: fix incorrect updating of offset
    - xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
    - Linux 4.4.105
  * Xenial update to 4.4.104 stable release (LP: #1745043)
    - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
    - x86/efi: Hoist page table switching code into efi_call_virt()
    - x86/efi: Build our own page table structures
    - ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
    - x86/efi-bgrt: Fix kernel panic when mapping BGRT data
    - x86/efi-bgrt: Replace early_memremap() with memremap()
    - mm/madvise.c: fix madvise() infinite loop under special circumstances
    - btrfs: clear space cache inode generation always
    - KVM: x86: pvclock: Handle first-time write to pvclock-page contains random
      junk
    - KVM: x86: Exit to user-mode on #UD intercept when emulator requires
    - KVM: x86: inject exceptions produced by x86_decode_insn
    - mmc: core: Do not leave the block driver in a suspended state
    - eeprom: at24: check at24_read/write arguments
    - bcache: Fix building error on MIPS
    - Revert "drm/radeon: dont switch vt on suspend"
    - drm/radeon: fix atombios on big endian
    - drm/panel: simple: Add missing panel_simple_unprepare() calls
    - mtd: nand: Fix writing mtdoops to nand flash.
    - NFS: revalidate "." etc correctly on "open".
    - drm/i915: Don't try indexed reads to alternate slave addresses
    - drm/i915: Prevent zero length "index" write
    - nfsd: Make init_open_stateid() a bit more whole
    - nfsd: Fix stateid races between OPEN and CLOSE
    - nfsd: Fix another OPEN stateid race
    - Linux 4.4.104
  * Xenial update to 4.4.103 stable release (LP: #1744873)
    - s390: fix transactional execution control register handling
    - s390/runtime instrumention: fix possible memory corruption
    - s390/disassembler: add missing end marker for e7 table
    - s390/disassembler: increase show_code buffer size
    - AF_VSOCK: Shrink the area influenced by prepare_to_wait
    - vsock: use new wait API for vsock_stream_sendmsg()
    - sched: Make resched_cpu() unconditional
    - lib/mpi: call cond_resched() from mpi_powm() loop
    - x86/decoder: Add new TEST instruction pattern
    - ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
    - ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
    - MIPS: ralink: Fix MT7628 pinmux
    - MIPS: ralink: Fix typo in mt7628 pinmux function
    - ALSA: hda: Add Raven PCI ID
    - dm bufio: fix integer overflow when limiting maximum cache size
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()
    - MIPS: Fix an n32 core file generation regset support regression
    - MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
    - autofs: don't fail mount for transient error
    - nilfs2: fix race condition that causes file system corruption
    - eCryptfs: use after free in ecryptfs_release_messaging()
    - bcache: check ca->alloc_thread initialized before wake up it
    - isofs: fix timestamps beyond 2027
    - NFS: Fix typo in nomigration mount option
    - nfs: Fix ugly referral attributes
    - nfsd: deal with revoked delegations appropriately
    - rtlwifi: rtl8192ee: Fix memory leak when loading firmware
    - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
    - ata: fixes kernel crash while tracing ata_eh_link_autopsy event
    - ext4: fix interaction between i_size, fallocate, and delalloc after a crash
    - ALSA: pcm: update tstamp only if audio_tstamp changed
    - ALSA: usb-audio: Add sanity checks to FE parser
    - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
    - ALSA: usb-audio: Add sanity checks in v2 clock parsers
    - ALSA: timer: Remove kernel warning at compat ioctl error paths
    - ALSA: hda/realtek - Fix ALC700 family no sound issue
    - fix a page leak in vhost_scsi_iov_to_sgl() error recovery
    - fs/9p: Compare qid.path in v9fs_test_inode
    - iscsi-target: Fix non-immediate TMR reference leak
    - target: Fix QUEUE_FULL + SCSI task attribute handling
    - KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
    - KVM: SVM: obey guest PAT
    - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
    - clk: ti: dra7-atl-clock: Fix of_node reference counting
    - clk: ti: dra7-atl-clock: fix child-node lookups
    - libnvdimm, namespace: fix label initialization to use valid seq numbers
    - libnvdimm, namespace: make 'resource' attribute only readable by root
    - IB/srpt: Do not accept invalid initiator port names
    - IB/srp: Avoid that a cable pull can trigger a kernel crash
    - NFC: fix device-allocation error return
    - i40e: Use smp_rmb rather than read_barrier_depends
    - igb: Use smp_rmb rather than read_barrier_depends
    - igbvf: Use smp_rmb rather than read_barrier_depends
    - ixgbevf: Use smp_rmb rather than read_barrier_depends
    - i40evf: Use smp_rmb rather than read_barrier_depends
    - fm10k: Use smp_rmb rather than read_barrier_depends
    - ixgbe: Fix skb list corruption on Power systems
    - parisc: Fix validity check of pointer size argument in new CAS
      implementation
    - powerpc/signal: Properly handle return value from uprobe_deny_signal()
    - media: Don't do DMA on stack for firmware upload in the AS102 driver
    - media: rc: check for integer overflow
    - cx231xx-cards: fix NULL-deref on missing association descriptor
    - media: v4l2-ctrl: Fix flags field on Control events
    - sched/rt: Simplify the IPI based RT balancing logic
    - fscrypt: lock mutex before checking for bounce page pool
    - net/9p: Switch to wait_event_killable()
    - PM / OPP: Add missing of_node_put(np)
    - e1000e: Fix error path in link detection
    - e1000e: Fix return value test
    - RDS: RDMA: return appropriate error on rdma map failures
    - PCI: Apply _HPX settings only to relevant devices
    - dmaengine: zx: set DMA_CYCLIC cap_mask bit
    - net: Allow IP_MULTICAST_IF to set index to L3 slave
    - net: 3com: typhoon: typhoon_init_one: make return values more specific
    - net: 3com: typhoon: typhoon_init_one: fix incorrect return values
    - drm/armada: Fix compile fail
    - ath10k: fix incorrect txpower set by P2P_DEVICE interface
    - ath10k: ignore configuring the incorrect board_id
    - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
    - ath10k: set CTS protection VDEV param only if VDEV is up
    - ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
    - drm: Apply range restriction after color adjustment when allocation
    - mac80211: Remove invalid flag operations in mesh TSF synchronization
    - mac80211: Suppress NEW_PEER_CANDIDATE event if no room
    - iio: light: fix improper return value
    - staging: iio: cdc: fix improper return value
    - spi: SPI_FSL_DSPI should depend on HAS_DMA
    - netfilter: nft_queue: use raw_smp_processor_id()
    - netfilter: nf_tables: fix oob access
    - ASoC: rsnd: don't double free kctrl
    - btrfs: return the actual error value from from btrfs_uuid_tree_iterate
    - ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
    - s390/kbuild: enable modversions for symbols exported from asm
    - xen: xenbus driver must not accept invalid transaction ids
    - Revert "sctp: do not peel off an assoc from one netns to another one"
    - Linux 4.4.103
  * ppc64el: Do not call ibm,os-term on panic (LP: #1736954)
    - powerpc: Do not call ppc_md.panic in fadump panic notifier
  * Xenial update to 4.4.102 stable release (LP: #1744870)
    - mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all
      call sites"
    - Linux 4.4.102
  * Xenial update to 4.4.101 stable release (LP: #1744794)
    - tcp: do not mangle skb->cb[] in tcp_make_synack()
    - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
    - bonding: discard lowest hash bit for 802.3ad layer3+4
    - vlan: fix a use-after-free in vlan_device_event()
    - af_netlink: ensure that NLMSG_DONE never fails in dumps
    - sctp: do not peel off an assoc from one netns to another one
    - fealnx: Fix building error on MIPS
    - net/sctp: Always set scope_id in sctp_inet6_skb_msgname
    - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
    - serial: omap: Fix EFR write on RTS deassertion
    - arm64: fix dump_instr when PAN and UAO are in use
    - ocfs2: should wait dio before inode lock in ocfs2_setattr()
    - ipmi: fix unsigned long underflow
    - mm/page_alloc.c: broken deferred calculation
    - coda: fix 'kernel memory exposure attempt' in fsync
    - mm: check the return value of lookup_page_ext for all call sites
    - mm/page_ext.c: check if page_ext is not prepared
    - mm/pagewalk.c: report holes in hugetlb ranges
    - Linux 4.4.101
  * Xenial update to 4.4.100 stable release (LP: #1744639)
    - media: imon: Fix null-ptr-deref in imon_probe
    - media: dib0700: fix invalid dvb_detach argument
    - KVM: x86: fix singlestepping over syscall
    - net: cdc_ether: fix divide by 0 on bad descriptors
    - net: qmi_wwan: fix divide by 0 on bad descriptors
    - arm: crypto: reduce priority of bit-sliced AES cipher
    - Bluetooth: btusb: fix QCA Rome suspend/resume
    - dmaengine: dmatest: warn user when dma test times out
    - extcon: palmas: Check the parent instance to prevent the NULL
    - fm10k: request reset when mbx->state changes
    - ARM: dts: Fix compatible for ti81xx uarts for 8250
    - ARM: dts: Fix am335x and dm814x scm syscon to probe children
    - ARM: OMAP2+: Fix init for multiple quirks for the same SoC
    - ARM: dts: Fix omap3 off mode pull defines
    - ata: ATA_BMDMA should depend on HAS_DMA
    - ata: SATA_HIGHBANK should depend on HAS_DMA
    - ata: SATA_MV should depend on HAS_DMA
    - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache
    - igb: reset the PHY before reading the PHY ID
    - igb: close/suspend race in netif_device_detach
    - igb: Fix hw_dbg logging in igb_update_flash_i210
    - scsi: ufs-qcom: Fix module autoload
    - scsi: ufs: add capability to keep auto bkops always enabled
    - staging: rtl8188eu: fix incorrect ERROR tags from logs
    - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort
    - scsi: lpfc: Correct host name in symbolic_name field
    - scsi: lpfc: Correct issue leading to oops during link reset
    - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload
    - ALSA: vx: Don't try to update capture stream before running
    - ALSA: vx: Fix possible transfer overflow
    - backlight: lcd: Fix race condition during register
    - backlight: adp5520: Fix error handling in adp5520_bl_probe()
    - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap
    - ALSA: hda/realtek - Add new codec ID ALC299
    - arm64: dts: NS2: reserve memory for Nitro firmware
    - ixgbe: fix AER error handling
    - ixgbe: handle close/suspend race with netif_device_detach/present
    - ixgbe: Reduce I2C retry count on X550 devices
    - ixgbe: add mask for 64 RSS queues
    - ixgbe: do not disable FEC from the driver
    - staging: rtl8712: fixed little endian problem
    - MIPS: End asm function prologue macros with .insn
    - mm: add PHYS_PFN, use it in __phys_to_pfn()
    - MIPS: init: Ensure bootmem does not corrupt reserved memory
    - MIPS: init: Ensure reserved memory regions are not added to bootmem
    - MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds
    - Revert "crypto: xts - Add ECB dependency"
    - Revert "uapi: fix linux/rds.h userspace compilation errors"
    - uapi: fix linux/rds.h userspace compilation error
    - uapi: fix linux/rds.h userspace compilation errors
    - USB: usbfs: compute urb->actual_length for isochronous
    - USB: Add delay-init quirk for Corsair K70 LUX keyboards
    - USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
    - USB: serial: garmin_gps: fix I/O after failed probe and remove
    - USB: serial: garmin_gps: fix memory leak on probe errors
    - Linux 4.4.100
  * Xenial update to 4.4.99 stable release (LP: #1744636)
    - mac80211: accept key reinstall without changing anything
    - mac80211: use constant time comparison with keys
    - mac80211: don't compare TKIP TX MIC key in reinstall prevention
    - usb: usbtest: fix NULL pointer dereference
    - Input: ims-psu - check if CDC union descriptor is sane
    - ALSA: seq: Cancel pending autoload work at unbinding device
    - tun/tap: sanitize TUNSETSNDBUF input
    - tcp: fix tcp_mtu_probe() vs highest_sack
    - l2tp: check ps->sock before running pppol2tp_session_ioctl()
    - tun: call dev_get_valid_name() before register_netdevice()
    - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
    - packet: avoid panic in packet_getsockopt()
    - ipv6: flowlabel: do not leave opt->tot_len with garbage
    - net/unix: don't show information about sockets from other namespaces
    - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
    - tun: allow positive return values on dev_get_valid_name() call
    - sctp: reset owner sk for data chunks on out queues when migrating a sock
    - ppp: fix race in ppp device destruction
    - ipip: only increase err_count for some certain type icmp in ipip_err
    - tcp/dccp: fix ireq->opt races
    - tcp/dccp: fix lockdep splat in inet_csk_route_req()
    - tcp/dccp: fix other lockdep splats accessing ireq_opt
    - security/keys: add CONFIG_KEYS_COMPAT to Kconfig
    - tipc: fix link attribute propagation bug
    - brcmfmac: remove setting IBSS mode when stopping AP
    - target/iscsi: Fix iSCSI task reassignment handling
    - target: Fix node_acl demo-mode + uncached dynamic shutdown regression
    - misc: panel: properly restore atomic counter on error path
    - Linux 4.4.99
  * elantech touchpad of Lenovo L480/580 failed to detect hw_version
    (LP: #1733605)
    - Input: elantech - add new icbody type 15
  * Disabling zfs does not always disable module checks for the zfs modules
    (LP: #1737176)
    - [Packaging] disable zfs module checks when zfs is disabled
  * Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
    (LP: #1735977)
    - integrity: convert digsig to akcipher api
  * CVE-2017-17450
    - netfilter: xt_osf: Add missing permission checks
  * CVE-2017-15129
    - net: Fix double free and memory corruption in get_net_ns_by_id()
  * CVE-2018-5344
    - loop: fix concurrent lo_open/lo_release
  * [KVM] Lower the default for halt_poll_ns to 200000 ns (LP: #1724614)
    - KVM: x86: lower default for halt_poll_ns
  * $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted
    (LP: #1744077)
    - [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly
  * Redpine: Wifi/BT not functioning after s3 resume (LP: #1742090) //
    [16.04][classic] Redpine: wowlan feature doesn't work (LP: #1742094)
    - SAUCE: Redpine: fix for wowlan wakeup failure
    - SAUCE: Redpine: fix data issue with non-uapsd APs
    - SAUCE: Redpine: fix reset card issue
    - SAUCE: Redpine: fix wowlan issue
  * Using an NVMe drive causes huge power drain (LP: #1664602) // Samsung SSD
    960 EVO 500GB refused to change power state (LP: #1705748)
    - nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
  * Using an NVMe drive causes huge power drain (LP: #1664602)
    - nvme/scsi: Remove power management support
    - nvme: return the whole CQE through the request passthrough interface
    - nvme: factor out a add nvme_is_write helper
    - nvme: Modify and export sync command submission for fabrics
    - nvme: Fix nvme_get/set_features() with a NULL result pointer
    - nvme: Pass pointers, not dma addresses, to nvme_get/set_features()
    - nvme: Add a quirk mechanism that uses identify_ctrl
    - nvme: Enable autonomous power state transitions
    - nvme: Adjust the Samsung APST quirk
    - nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA"
    - nvme: only consider exit latency when choosing useful non-op power states
    - nvme: relax APST default max latency to 100ms
    - nvme: Quirk APST on Intel 600P/P3100 devices
  * CVE-2017-17862
    - bpf: fix branch pruning logic
  * CVE-2017-16995
    - bpf: fix incorrect sign extension in check_alu_op()
  * CVE-2017-17741
    - KVM: Fix stack-out-of-bounds read in write_mmio
  * CVE-2018-5333
    - RDS: null pointer dereference in rds_atomic_free_op
  * the kernel is blackholing IPv6 packets to linkdown nexthops (LP: #1738219)
    - ipv6: Do not consider linkdown nexthops during multipath
  * /dev/bcache/by-uuid links not created after reboot (LP: #1729145)
    - SAUCE: (no-up) bcache: decouple emitting a cached_dev CHANGE uevent
  * e1000e in 4.4.0-97-generic breaks 82574L under heavy load. (LP: #1730550)
    - e1000e: Avoid receiver overrun interrupt bursts
    - e1000e: Separate signaling for link check/link up
  * ath10k: enhance rf signal strength (LP: #1736317)
    - ath10k: add max_tx_power for QCA6174 WLAN.RM.2.0 firmware
  * User reports excessive ALUA retry messages (LP: #1720228)
    - scsi_dh_alua: uninitialized variable in alua_rtpg()
  * Add installer support for new Broadcom network drivers.  (LP: #1734757)
    - d-i: Add bnxt_en_bpo to nic-modules.
  * Transparent hugepages should default to enabled=madvise (LP: #1703742)
    - SAUCE: use CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y as default

linux-snapdragon (4.4.0-1087.92) xenial; urgency=medium

  * linux-snapdragon: 4.4.0-1087.92 -proposed tracker (LP: #1749096)

  [ Ubuntu: 4.4.0-116.140 ]

  * linux: 4.4.0-116.140 -proposed tracker (LP: #1748990)
  * BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
    (LP: #1748671)
    - SAUCE: net: ipv4: fix for a race condition in raw_sendmsg -- fix backport

linux-snapdragon (4.4.0-1086.91) xenial; urgency=medium

  * linux-snapdragon: 4.4.0-1086.91 -proposed tracker (LP: #1748494)

  [ Ubuntu: 4.4.0-115.139 ]

  * linux: 4.4.0-115.138 -proposed tracker (LP: #1748745)
  * CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
    - SAUCE: turn off IBRS when full retpoline is present
    - [Packaging] retpoline files must be sorted
    - [Packaging] pull in retpoline files

  [ Ubuntu: 4.4.0-114.137 ]

  * linux: 4.4.0-114.137 -proposed tracker (LP: #1748484)
  * ALSA backport missing NVIDIA GPU codec IDs to patch table to
    Ubuntu 16.04 LTS Kernel (LP: #1744117)
    - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport
  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
    - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
    (LP: #1747090)
    - KVM: s390: wire up bpb feature
    - KVM: s390: Enable all facility bits that are known good for passthrough
  * CVE-2017-5715 (Spectre v2 Intel)
    - SAUCE: drop lingering gmb() macro
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: Fix spec_ctrl support in KVM
    - SAUCE: turn off IBPB when full retpoline is present

linux-snapdragon (4.4.0-1085.90) xenial; urgency=low

  * linux-snapdragon: 4.4.0-1085.90 -proposed tracker (LP: #1746942)


  [ Ubuntu: 4.4.0-113.136 ]

  * linux: 4.4.0-113.136 -proposed tracker (LP: #1746936)
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
    (LP: #1743638)
    - [d-i] Add qede to nic-modules udeb
  * CVE-2017-5753 (Spectre v1 Intel)
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - SAUCE: reinstate MFENCE_RDTSC feature definition
    - locking/barriers: introduce new observable speculation barrier
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - ipv4: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - userns: prevent speculative execution
    - SAUCE: claim mitigation via observable speculation barrier
    - SAUCE: powerpc: add osb barrier
    - SAUCE: s390/spinlock: add osb memory barrier
    - SAUCE: arm64: no osb() implementation yet
    - SAUCE: arm: no osb() implementation yet
  * CVE-2017-5715 (Spectre v2 retpoline)
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - x86/cpu: Factor out application of forced CPU caps
    - x86/cpufeatures: Make CPU bugs sticky
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors
    - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
    - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
    - x86/cpu: Merge bugs.c and bugs_64.c
    - sysfs/cpu: Add vulnerability folder
    - x86/cpu: Implement CPU vulnerabilites sysfs functions
    - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
    - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
    - x86/asm: Use register variable to get stack pointer value
    - x86/kbuild: enable modversions for symbols exported from asm
    - x86/asm: Make asm/alternative.h safe from assembly
    - EXPORT_SYMBOL() for asm
    - kconfig.h: use __is_defined() to check if MODULE is defined
    - x86/retpoline: Add initial retpoline support
    - x86/spectre: Add boot time option to select Spectre v2 mitigation
    - x86/retpoline/crypto: Convert crypto assembler indirect jumps
    - x86/retpoline/entry: Convert entry assembler indirect jumps
    - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
    - x86/retpoline/hyperv: Convert assembler indirect jumps
    - x86/retpoline/xen: Convert Xen hypercall indirect jumps
    - x86/retpoline/checksum32: Convert assembler indirect jumps
    - x86/retpoline/irq32: Convert assembler indirect jumps
    - x86/retpoline: Fill return stack buffer on vmexit
    - x86/retpoline: Remove compile time warning
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - module: Add retpoline tag to VERMAGIC
    - x86/mce: Make machine check speculation protected
    - retpoline: Introduce start/end markers of indirect thunk
    - kprobes/x86: Blacklist indirect thunk functions for kprobes
    - kprobes/x86: Disable optimizing on the function jumps to indirect thunk
    - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
    - [Config] CONFIG_RETPOLINE=y
    - [Packaging] retpoline -- add call site validation
    - [Config] disable retpoline checks for first upload
  * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
    - Revert "UBUNTU: SAUCE: Fix spec_ctrl support in KVM"
    - Revert "x86/cpuid: Provide get_scattered_cpuid_leaf()"
    - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
    - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
    - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
      support IBPB feature -- repair missmerge"
    - Revert "arm: no gmb() implementation yet"
    - Revert "arm64: no gmb() implementation yet"
    - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
    - Revert "s390/spinlock: add gmb memory barrier"
    - Revert "powerpc: add gmb barrier"
    - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - Revert "x86/svm: Add code to clobber the RSB on VM exit"
    - Revert "KVM: x86: Add speculative control CPUID support for guests"
    - Revert "x86/svm: Set IBPB when running a different VCPU"
    - Revert "x86/svm: Set IBRS value on VM entry and exit"
    - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
    - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
    - Revert "x86/cpu/AMD: Add speculative control support for AMD"
    - Revert "x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR"
    - Revert "x86/entry: Use retpoline for syscall's indirect calls"
    - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
      syscall entrance"
    - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
    - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
      control"
    - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
    - Revert "x86/kvm: Pad RSB on VM transition"
    - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
    - Revert "x86/kvm: Set IBPB when switching VM"
    - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
    - Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
    - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
      thread"
    - Revert "x86/mm: Set IBPB upon context switch"
    - Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
    - Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
    - Revert "x86/enter: Use IBRS on syscall and interrupts"
    - Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
    - Revert "x86/feature: Report presence of IBPB and IBRS control"
    - Revert "x86/feature: Enable the x86 feature to control Speculation"
    - Revert "udf: prevent speculative execution"
    - Revert "net: mpls: prevent speculative execution"
    - Revert "fs: prevent speculative execution"
    - Revert "ipv6: prevent speculative execution"
    - Revert "userns: prevent speculative execution"
    - Revert "Thermal/int340x: prevent speculative execution"
    - Revert "qla2xxx: prevent speculative execution"
    - Revert "carl9170: prevent speculative execution"
    - Revert "uvcvideo: prevent speculative execution"
    - Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
    - Revert "bpf: prevent speculative execution in eBPF interpreter"
  * CVE-2017-17712
    - net: ipv4: fix for a race condition in raw_sendmsg
  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default
  * CVE-CVE-2017-12190
    - more bio_map_user_iov() leak fixes
  * CVE-2015-8952
    - mbcache2: reimplement mbcache
    - ext2: convert to mbcache2
    - ext4: convert to mbcache2
    - mbcache2: limit cache size
    - mbcache2: Use referenced bit instead of LRU
    - ext4: kill ext4_mballoc_ready
    - ext4: shortcut setting of xattr to the same value
    - mbcache: remove mbcache
    - mbcache2: rename to mbcache
    - mbcache: get rid of _e_hash_list_head
    - mbcache: add reusable flag to cache entries
  * CVE-2017-15115
    - sctp: do not peel off an assoc from one netns to another one
  * CVE-2017-8824
    - dccp: CVE-2017-8824: use-after-free in DCCP code

  [ Ubuntu: 4.4.0-112.135 ]

  * linux: 4.4.0-112.135 -proposed tracker (LP: #1744244)
  * CVE-2017-5715 // CVE-2017-5753
    - x86/cpuid: Provide get_scattered_cpuid_leaf()
    - SAUCE: Fix spec_ctrl support in KVM
    - SAUCE: s390: improve cpu alternative handling for gmb and nobp
    - SAUCE: s390: print messages for gmb and nobp
    - [Config] KERNEL_NOBP=y

  [ Ubuntu: 4.4.0-111.134 ]

  * linux: 4.4.0-111.134 -proposed tracker (LP: #1743362)
  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
  * CVE-2017-5715 // CVE-2017-5753
    - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
      -- repair missmerge
    - Revert "x86/svm: Add code to clear registers on VM exit"
    - kvm: vmx: Scrub hardware GPRs at VM-exit
  * CVE-2017-5754
    - SAUCE: powerpc: use sync instead of hwsync mnemonic

  [ Ubuntu: 4.4.0-110.133 ]

  * linux: 4.4.0-110.133 -proposed tracker (LP: #1742995)
  * CVE-2017-5753
    - x86/microcode/AMD: Add support for fam17h microcode loading
    - bpf: add bpf_patch_insn_single helper
    - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
    - bpf: add generic constant blinding for use in jits
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/syscall: Clear unused extra registers on syscall entrance
    - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
      entrance
    - x86/entry: Use retpoline for syscall's indirect calls
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - x86/svm: Add code to clobber the RSB on VM exit
    - x86/svm: Add code to clear registers on VM exit
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - powerpc: add gmb barrier
    - s390/spinlock: add gmb memory barrier
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - arm64: no gmb() implementation yet
    - arm: no gmb() implementation yet
  * CVE-2017-5715
    - x86/microcode/AMD: Add support for fam17h microcode loading
    - bpf: add bpf_patch_insn_single helper
    - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
    - bpf: add generic constant blinding for use in jits
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/syscall: Clear unused extra registers on syscall entrance
    - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
      entrance
    - x86/entry: Use retpoline for syscall's indirect calls
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - x86/svm: Add code to clobber the RSB on VM exit
    - x86/svm: Add code to clear registers on VM exit
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - powerpc: add gmb barrier
    - s390/spinlock: add gmb memory barrier
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - arm64: no gmb() implementation yet
    - arm: no gmb() implementation yet
  * powerpc: flush L1D on return to use (LP: #1742772)
    - SAUCE: powerpc: Secure memory rfi flush
    - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
    - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
    - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
    - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
    - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
    - SAUCE: rfi-flush: Implement congruence-first fallback flush
    - SAUCE: rfi-flush: Make l1d_flush_type bit flags
    - SAUCE: rfi-flush: Push the instruction selection down to the patching
      routine
    - SAUCE: rfi-flush: Expand the RFI section to two nop slots
    - SAUCE: rfi-flush: Support more than one flush type at once
    - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
    - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
    - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
    - SAUCE: Remove setup.h include file otherwise compilation complains about
      missing header file.
    - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Rework powernv logic to be more cautious
    - SAUCE: rfi-flush: Rework pseries logic to be more cautious
    - SAUCE: rfi-flush: Fix the fallback flush to actually activate
    - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
    - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
    - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
    - SAUCE: rfi-flush: Use rfi-flush in printks
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI
  * s390: add ppa to kernel entry/exit (LP: #1742771)
    - s390: introduce CPU alternatives
    - s390: add ppa to kernel entry / exit
  * CVE-2017-5754
    - x86/tlb: Drop the _GPL from the cpu_tlbstate export
    - Map the vsyscall page with _PAGE_USER
    - s390: introduce CPU alternatives
    - s390: add ppa to kernel entry / exit
    - SAUCE: powerpc: Secure memory rfi flush
    - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
    - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
    - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
    - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
    - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
    - SAUCE: rfi-flush: Implement congruence-first fallback flush
    - SAUCE: rfi-flush: Make l1d_flush_type bit flags
    - SAUCE: rfi-flush: Push the instruction selection down to the patching
      routine
    - SAUCE: rfi-flush: Expand the RFI section to two nop slots
    - SAUCE: rfi-flush: Support more than one flush type at once
    - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
    - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
    - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
    - SAUCE: Remove setup.h include file otherwise compilation complains about
      missing header file.
    - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Rework powernv logic to be more cautious
    - SAUCE: rfi-flush: Rework pseries logic to be more cautious
    - SAUCE: rfi-flush: Fix the fallback flush to actually activate
    - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
    - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
    - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
    - SAUCE: rfi-flush: Use rfi-flush in printks
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI

  [ Ubuntu: 4.4.0-109.132 ]

  * linux: 4.4.0-109.132 -proposed tracker (LP: #1742252)
  * Kernel trace with xenial 4.4  (4.4.0-108.131, Candidate kernels for PTI fix)
    (LP: #1741934)
    - SAUCE: kaiser: fix perf crashes - fix to original commit

  [ Ubuntu: 4.4.0-108.131 ]

  * linux: 4.4.0-108.131 -proposed tracker (LP: #1741727)
  * CVE-2017-5754
    - x86/mm: Disable PCID on 32-bit kernels

linux-snapdragon (4.4.0-1084.89) xenial; urgency=low

  * linux-snapdragon: 4.4.0-1084.89 -proposed tracker (LP: #1741653)

  [ Ubuntu: 4.4.0-107.130 ]

  * linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)
  * CVE-2017-5754
    - Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
    - KPTI: Report when enabled
    - x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
    - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
    - x86/kasan: Clear kasan_zero_page after TLB flush
    - kaiser: Set _PAGE_NX only if supported

  [ Ubuntu: 4.4.0-106.129 ]

  * linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)
  * CVE-2017-5754
    - KAISER: Kernel Address Isolation
    - kaiser: merged update
    - kaiser: do not set _PAGE_NX on pgd_none
    - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
    - kaiser: fix build and FIXME in alloc_ldt_struct()
    - kaiser: KAISER depends on SMP
    - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
    - kaiser: fix perf crashes
    - kaiser: ENOMEM if kaiser_pagetable_walk() NULL
    - kaiser: tidied up asm/kaiser.h somewhat
    - kaiser: tidied up kaiser_add/remove_mapping slightly
    - kaiser: kaiser_remove_mapping() move along the pgd
    - kaiser: cleanups while trying for gold link
    - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
    - kaiser: delete KAISER_REAL_SWITCH option
    - kaiser: vmstat show NR_KAISERTABLE as nr_overhead
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm: Add INVPCID helpers
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - kaiser: enhanced by kernel and user PCIDs
    - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
    - kaiser: PCID 0 for kernel and 128 for user
    - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
    - kaiser: paranoid_entry pass cr3 need to paranoid_exit
    - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
    - kaiser: fix unlikely error in alloc_ldt_struct()
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: drop is_atomic arg to kaiser_pagetable_walk()
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - kvm: x86: fix RSM when PCID is non-zero
    - SAUCE: arch/x86/entry/vdso: temporarily disable vdso
    - [Config]: CONFIG_KAISER=y

linux-snapdragon (4.4.0-1082.87) xenial; urgency=low

  * linux-snapdragon: 4.4.0-1082.87 -proposed tracker (LP: #1737520)

  [ Ubuntu: 4.4.0-104.127 ]

  * linux: 4.4.0-104.127 -proposed tracker (LP: #1737511)
  * upgrading linux-image package to 4.4.0-103.126 breaks Ceph network file
    system connection (LP: #1737033)
    - Revert "libceph: MOSDOpReply v7 encoding"
    - Revert "libceph: advertise support for TUNABLES5"
    - Revert "crush: decode and initialize chooseleaf_stable"
    - Revert "crush: add chooseleaf_stable tunable"
    - Revert "crush: ensure take bucket value is valid"
    - Revert "crush: ensure bucket id is valid before indexing buckets array"

Date: 2018-03-14 09:45:22.129889+00:00
Changed-By: Khaled El Mously <khalid.elmously at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1088.93
-------------- next part --------------
Sorry, changesfile not available.


More information about the Artful-changes mailing list