Ubuntu
linux-kvm package

linux-kvm: 4.4.0-1024.29 -proposed tracker

Bug #1770019 reported by Stefan Bader on 2018-05-08

This bug affects 1 person

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Fix Released	Medium	Canonical Kernel Team
Certification-testing	Invalid	Medium	Canonical Hardware Certification
Prepare-package	Fix Released	Medium	Stefan Bader
Prepare-package-meta	Fix Released	Medium	Stefan Bader
Promote-to-proposed	Fix Released	Medium	Łukasz Zemczak
Promote-to-security	Invalid	Medium	Ubuntu Stable Release Updates Team
Promote-to-updates	Invalid	Medium	Ubuntu Stable Release Updates Team
Regression-testing	Fix Released	Medium	Po-Hsu Lin
Security-signoff	Invalid	Medium	Steve Beattie
Upload-to-ppa	Invalid	Medium	Canonical Kernel Team
Verification-testing	Fix Released	Medium	Canonical Kernel Team
linux-kvm (Ubuntu)	Invalid	Undecided	Unassigned
Xenial	Fix Released	Medium	Unassigned

Bug Description

This bug is for tracking the <version to be filled> upload package. This bug will contain status and testing results related to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
-- swm properties --
boot-testing-requested: true
kernel-stable-master-bug: 1770011
phase: Promoted to proposed
proposed-announcement-sent: true
proposed-testing-requested: true

See original description

Tags:

CVE References

Stefan Bader (smb) on 2018-05-08

tags:	added: kernel-release-tracking-bug
tags:	added: kernel-release-tracking-bug-live
tags:	added: xenial
Changed in linux-kvm (Ubuntu Xenial):
status:	New → Confirmed
Changed in linux-kvm (Ubuntu):
status:	New → Invalid
Changed in linux-kvm (Ubuntu Xenial):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	New → In Progress
importance:	Undecided → Medium
tags:	added: kernel-sru-cycle-2018.04.23-2
tags:	added: kernel-sru-derivative-of-1770011

Brad Figg (brad-figg) on 2018-05-09

description:	updated
description:	updated

Stefan Bader (smb) on 2018-05-09

summary:

- linux-kvm: <version to be filled> -proposed tracker
+ linux-kvm: 4.4.0-1024.29 -proposed tracker

Brad Figg (brad-figg) on 2018-05-09

description:	updated
description:	updated

Brad Figg (brad-figg) on 2018-05-09

description:

updated

Brad Figg (brad-figg) on 2018-05-10

tags:	added: block-proposed-xenial
tags:	added: block-proposed

Brad Figg (brad-figg) on 2018-05-10

description:	updated
description:	updated

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2018-05-11:

4.4.0-1024.29 - kvm
Regression test CMPL, RTB.

Issue to note in amd64:
  ubuntu_fan_smoke_test - ubuntu_fan_smoke_test failed on 4.4 X-kvm kernel (bug 1763323)
  ubuntu_kvm_smoke_test - CONFIG_AUDITSYSCALL needs to be enabled (bug 1770245)
  ubuntu_qrt_kernel_security - test_072_config_debug_rodata (bug 1760643) test_072_config_debug_set_module_ronx (bug 1760646) test_074_config_security_default_mmap_min_addr (bug 1760650) test_076_config_security_acl_ext4 (bug 1760652) test_077_config_security_ipsec (bug 1760653) test_151_sysctl_disables_bpf_unpriv_userns (bug 1760656) test_160_setattr_CVE_2015_1350 (bug 1760657)
  ubuntu_zram_smoke_test - zram module not found (bug 1766823)

tags:

added: regression-testing-passed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-05-22:

Download full text (59.7 KiB)

This bug was fixed in the package linux-kvm - 4.4.0-1026.31

---------------
linux-kvm (4.4.0-1026.31) xenial; urgency=medium

* Xenial update to 4.4.118 stable release (LP: #1756866)
- kvm: [config] Add CONFIG_DST_CACHE=y

* getlogin will fail to open /proc/self/loginuid (LP: #1770245)
- Config: Enable CONFIG_AUDITSYSCALL

[ Ubuntu: 4.4.0-127.153 ]

This bug was fixed in the package linux-kvm - 4.4.0-1026.31

---------------
linux-kvm (4.4.0-1026.31) xenial; urgency=medium

* Xenial update to 4.4.118 stable release (LP: #1756866)
    - kvm: [config] Add CONFIG_DST_CACHE=y

* getlogin will fail to open /proc/self/loginuid (LP: #1770245)
    - Config: Enable CONFIG_AUDITSYSCALL

[ Ubuntu: 4.4.0-127.153 ]

* CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit
  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest and host IBRS
    - SAUCE: x86/bugs: Expose /sys/../spec_store_bypass
    - SAUCE: x86/cpufeatures: Add X86_FEATURE_RDS
    - SAUCE: x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - SAUCE: x86/bugs/intel: Set proper CPU features and setup RDS
    - SAUCE: x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - SAUCE: x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
      requested
    - SAUCE: x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - SAUCE: x86/speculation: Create spec-ctrl.h to avoid include hell
    - SAUCE: prctl: Add speculation control prctls
    - x86/process: Optimize TIF checks in __switch_to_xtra()
    - SAUCE: x86/process: Allow runtime control of Speculative Store Bypass
    - SAUCE: x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - SAUCE: nospec: Allow getting/setting on non-current task
    - SAUCE: proc: Provide details on speculation flaw mitigations
    - SAUCE: seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - SAUCE: x86/bugs: Make boot modes __ro_after_init
    - SAUCE: prctl: Add force disable speculation
    - SAUCE: seccomp: Use PR_SPEC_FORCE_DISABLE
    - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
    - SAUCE: seccomp: Add filter flag to opt-out of SSB mitigation
    - SAUCE: seccomp: Move speculation migitation control to arch code
    - SAUCE: x86/speculation: Make "seccomp" the default mode for Speculative
      Store Bypass
    - SAUCE: x86/bugs: Rename _RDS to _SSBD
    - SAUCE: proc: Use underscores for SSBD in 'status'
    - SAUCE: Documentation/spec_ctrl: Do some minor cleanups
    - SAUCE: x86/bugs: Fix __ssb_select_mitigation() return type
    - SAUCE: x86/bugs: Make cpu_show_common() static
    - x86/entry: define _TIF_ALLWORK_MASK flags explicitly
    - Revert "x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
      microcodes"
    - SAUCE: kvm/cpuid: Fix CPUID_7_0.EDX handling

linux-kvm (4.4.0-1024.29) xenial; urgency=medium

* linux-kvm: 4.4.0-1024.29 -proposed tracker (LP: #1770019)

[ Ubuntu: 4.4.0-125.150 ]

* linux: 4.4.0-125.150 -proposed tracker (LP: #1770011)
  * Unable to insert test_bpf module on Xenial (LP: #1765698)
    - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
    - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
  * virtio_scsi race can corrupt memory, panic kernel (LP: #1765241)
    - SAUCE: (no-up) virtio-scsi: Fix race in target free
  * bpf_map_lookup_elem: BUG: unable to handle kernel paging request
    (LP: #1763454) // CVE-2017-17862
    - SAUCE: Add missing hunks from "bpf: fix branch pruning logic"
  * Xenial: rfkill: fix missing return on rfkill_init  (LP: #1764810)
    - rfkill: fix missing return on rfkill_init
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * Xenial update to 4.4.128 stable release (LP: #1765010)
    - cfg80211: make RATE_INFO_BW_20 the default
    - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
    - rtc: snvs: fix an incorrect check of return value
    - x86/asm: Don't use RBP as a temporary register in
      csum_partial_copy_generic()
    - NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
    - IB/srpt: Fix abort handling
    - af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
    - mac80211: bail out from prep_connection() if a reconfig is ongoing
    - bna: Avoid reading past end of buffer
    - qlge: Avoid reading past end of buffer
    - ipmi_ssif: unlock on allocation failure
    - net: cdc_ncm: Fix TX zero padding
    - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
    - lockd: fix lockd shutdown race
    - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
    - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in
      alloc_pid()
    - s390: move _text symbol to address higher than zero
    - net/mlx4_en: Avoid adding steering rules with invalid ring
    - NFSv4.1: Work around a Linux server bug...
    - CIFS: silence lockdep splat in cifs_relock_file()
    - net: qca_spi: Fix alignment issues in rx path
    - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
    - Input: elan_i2c - check if device is there before really probing
    - Input: elantech - force relative mode on a certain module
    - KVM: PPC: Book3S PR: Check copy_to/from_user return values
    - vmxnet3: ensure that adapter is in proper state during force_close
    - SMB2: Fix share type handling
    - bus: brcmstb_gisb: Use register offsets with writes too
    - bus: brcmstb_gisb: correct support for 64-bit address output
    - PowerCap: Fix an error code in powercap_register_zone()
    - ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
    - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before
      calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
    - x86/tsc: Provide 'tsc=unstable' boot parameter
    - ARM: dts: imx6qdl-wandboard: Fix audio channel swap
    - ipv6: avoid dad-failures for addresses with NODAD
    - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
    - usb: dwc3: keystone: check return value
    - btrfs: fix incorrect error return ret being passed to mapping_set_error
    - ata: libahci: properly propagate return value of platform_get_irq()
    - neighbour: update neigh timestamps iff update is effective
    - arp: honour gratuitous ARP _replies_
    - usb: chipidea: properly handle host or gadget initialization failure
    - USB: ene_usb6250: fix first command execution
    - net: x25: fix one potential use-after-free issue
    - USB: ene_usb6250: fix SCSI residue overwriting
    - serial: 8250: omap: Disable DMA for console UART
    - serial: sh-sci: Fix race condition causing garbage during shutdown
    - sh_eth: Use platform device for printing before register_netdev()
    - scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
    - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
    - ath5k: fix memory leak on buf on failed eeprom read
    - selftests/powerpc: Fix TM resched DSCR test with some compilers
    - xfrm: fix state migration copy replay sequence numbers
    - iio: hi8435: avoid garbage event at first enable
    - iio: hi8435: cleanup reset gpio
    - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
    - md-cluster: fix potential lock issue in add_new_disk
    - ARM: davinci: da8xx: Create DSP device only when assigned memory
    - ray_cs: Avoid reading past end of buffer
    - leds: pca955x: Correct I2C Functionality
    - sched/numa: Use down_read_trylock() for the mmap_sem
    - net/mlx5: Tolerate irq_set_affinity_hint() failures
    - selinux: do not check open permission on sockets
    - block: fix an error code in add_partition()
    - mlx5: fix bug reading rss_hash_type from CQE
    - net: ieee802154: fix net_device reference release too early
    - libceph: NULL deref on crush_decode() error path
    - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
    - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
    - ASoC: rsnd: SSI PIO adjust to 24bit mode
    - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
    - fix race in drivers/char/random.c:get_reg()
    - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
    - tcp: better validation of received ack sequences
    - net: move somaxconn init from sysctl code
    - Input: elan_i2c - clear INT before resetting controller
    - bonding: Don't update slave->link until ready to commit
    - KVM: nVMX: Fix handling of lmsw instruction
    - net: llc: add lock_sock in llc_ui_bind to avoid a race condition
    - ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
    - thermal: power_allocator: fix one race condition issue for thermal_instances
      list
    - perf probe: Add warning message if there is unexpected event name
    - l2tp: fix missing print session offset info
    - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
    - hwmon: (ina2xx) Make calibration register value fixed
    - media: videobuf2-core: don't go out of the buffer range
    - ASoC: Intel: cht_bsw_rt5645: Analog Mic support
    - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
    - vfb: fix video mode and line_length being set when loaded
    - gpio: label descriptors using the device name
    - ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
    - wl1251: check return from call to wl1251_acx_arp_ip_filter
    - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
    - ovl: filter trusted xattr for non-admin
    - powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE]
    - dmaengine: imx-sdma: Handle return value of clk_prepare_enable
    - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage
    - net/mlx5: avoid build warning for uniprocessor
    - cxgb4: FW upgrade fixes
    - rtc: opal: Handle disabled TPO in opal_get_tpo_time()
    - rtc: interface: Validate alarm-time before handling rollover
    - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket()
    - net: freescale: fix potential null pointer dereference
    - KVM: SVM: do not zero out segment attributes if segment is unusable or not
      present
    - clk: scpi: fix return type of __scpi_dvfs_round_rate
    - clk: Fix __set_clk_rates error print-string
    - powerpc/spufs: Fix coredump of SPU contexts
    - perf trace: Add mmap alias for s390
    - qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and
      qlcnic_82xx_hw_read_wx_2M
    - mISDN: Fix a sleep-in-atomic bug
    - drm/omap: fix tiled buffer stride calculations
    - cxgb4: fix incorrect cim_la output for T6
    - Fix serial console on SNI RM400 machines
    - bio-integrity: Do not allocate integrity context for bio w/o data
    - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
    - sit: reload iphdr in ipip6_rcv
    - net/mlx4: Fix the check in attaching steering rules
    - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP
      qos_vport
    - perf header: Set proper module name when build-id event found
    - perf report: Ensure the perf DSO mapping matches what libdw sees
    - tags: honor COMPILED_SOURCE with apart output directory
    - e1000e: fix race condition around skb_tstamp_tx()
    - cx25840: fix unchecked return values
    - mceusb: sporadic RX truncation corruption fix
    - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support
    - ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull
    - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
    - perf/core: Correct event creation with PERF_FORMAT_GROUP
    - MIPS: mm: fixed mappings: correct initialisation
    - MIPS: mm: adjust PKMAP location
    - MIPS: kprobes: flush_insn_slot should flush only if probe initialised
    - Fix loop device flush before configure v3
    - net: emac: fix reset timeout with AR8035 phy
    - skbuff: only inherit relevant tx_flags
    - xen: avoid type warning in xchg_xen_ulong
    - bnx2x: Allow vfs to disable txvlan offload
    - sctp: fix recursive locking warning in sctp_do_peeloff
    - sparc64: ldc abort during vds iso boot
    - iio: magnetometer: st_magn_spi: fix spi_device_id table
    - Bluetooth: Send HCI Set Event Mask Page 2 command only when needed
    - cpuidle: dt: Add missing 'of_node_put()'
    - ACPICA: Events: Add runtime stub support for event APIs
    - ACPICA: Disassembler: Abort on an invalid/unknown AML opcode
    - s390/dasd: fix hanging safe offline
    - vxlan: dont migrate permanent fdb entries during learn
    - bcache: stop writeback thread after detaching
    - bcache: segregate flash only volume write streams
    - scsi: libsas: fix memory leak in sas_smp_get_phy_events()
    - scsi: libsas: fix error when getting phy events
    - scsi: libsas: initialize sas_phy status according to response of DISCOVER
    - blk-mq: fix kernel oops in blk_mq_tag_idle()
    - tty: n_gsm: Allow ADM response in addition to UA for control dlci
    - EDAC, mv64x60: Fix an error handling path
    - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
    - perf tools: Fix copyfile_offset update of output offset
    - ipsec: check return value of skb_to_sgvec always
    - rxrpc: check return value of skb_to_sgvec always
    - virtio_net: check return value of skb_to_sgvec always
    - virtio_net: check return value of skb_to_sgvec in one more location
    - random: use lockless method of accessing and updating f->reg_idx
    - futex: Remove requirement for lock_page() in get_futex_key()
    - Kbuild: provide a __UNIQUE_ID for clang
    - arp: fix arp_filter on l3slave devices
    - net: fix possible out-of-bound read in skb_network_protocol()
    - net/ipv6: Fix route leaking between VRFs
    - netlink: make sure nladdr has correct size in netlink_connect()
    - net/sched: fix NULL dereference in the error path of tcf_bpf_init()
    - pptp: remove a buggy dst release in pptp_connect()
    - sctp: do not leak kernel memory to user space
    - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
    - vhost: correctly remove wait queue during poll failure
    - vlan: also check phy_driver ts_info for vlan's real device
    - bonding: fix the err path for dev hwaddr sync in bond_enslave
    - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
    - bonding: process the err returned by dev_set_allmulti properly in
      bond_enslave
    - net: fool proof dev_valid_name()
    - ip_tunnel: better validate user provided tunnel names
    - ipv6: sit: better validate user provided tunnel names
    - ip6_gre: better validate user provided tunnel names
    - ip6_tunnel: better validate user provided tunnel names
    - vti6: better validate user provided tunnel names
    - r8169: fix setting driver_data after register_netdev
    - net sched actions: fix dumping which requires several messages to user space
    - net/ipv6: Increment OUTxxx counters after netfilter hook
    - ipv6: the entire IPv6 header chain must fit the first fragment
    - vrf: Fix use after free and double free in vrf_finish_output
    - Revert "xhci: plat: Register shutdown for xhci_plat"
    - Linux 4.4.128
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507) // Xenial update to 4.4.128 stable
    release (LP: #1765010)
    - sky2: Increase D3 delay to sky2 stops working after suspend
  * Xenial update to 4.4.127 stable release (LP: #1765007)
    - mtd: jedec_probe: Fix crash in jedec_read_mfr()
    - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
    - ALSA: pcm: potential uninitialized return values
    - partitions/msdos: Unable to mount UFS 44bsd partitions
    - usb: gadget: define free_ep_req as universal function
    - usb: gadget: change len to size_t on alloc_ep_req()
    - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align
    - usb: gadget: align buffer size when allocating for OUT endpoint
    - usb: gadget: f_hid: fix: Prevent accessing released memory
    - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
    - ACPI, PCI, irq: remove redundant check for null string pointer
    - writeback: fix the wrong congested state variable definition
    - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant
    - dm ioctl: remove double parentheses
    - Input: mousedev - fix implicit conversion warning
    - netfilter: nf_nat_h323: fix logical-not-parentheses warning
    - genirq: Use cpumask_available() for check of cpumask variable
    - cpumask: Add helper cpumask_available()
    - selinux: Remove unnecessary check of array base in selinux_set_mapping()
    - fs: compat: Remove warning from COMPATIBLE_IOCTL
    - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp
    - frv: declare jiffies to be located in the .data section
    - audit: add tty field to LOGIN event
    - tty: provide tty_name() even without CONFIG_TTY
    - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch
    - selinux: Remove redundant check for unknown labeling behavior
    - arm64: avoid overflow in VA_START and PAGE_OFFSET
    - xfrm_user: uncoditionally validate esn replay attribute struct
    - RDMA/ucma: Check AF family prior resolving address
    - RDMA/ucma: Fix use-after-free access in ucma_close
    - RDMA/ucma: Ensure that CM_ID exists prior to access it
    - RDMA/ucma: Check that device is connected prior to access it
    - RDMA/ucma: Check that device exists prior to accessing it
    - RDMA/ucma: Don't allow join attempts for unsupported AF family
    - RDMA/ucma: Introduce safer rdma_addr_size() variants
    - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
    - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
    - netfilter: bridge: ebt_among: add more missing match size checks
    - netfilter: x_tables: add and use xt_check_proc_name
    - Bluetooth: Fix missing encryption refresh on Security Request
    - llist: clang: introduce member_address_is_nonnull()
    - scsi: virtio_scsi: always read VPD pages for multiqueue too
    - usb: dwc2: Improve gadget state disconnection handling
    - USB: serial: ftdi_sio: add RT Systems VX-8 cable
    - USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
    - USB: serial: cp210x: add ELDAT Easywave RX09 id
    - mei: remove dev_err message on an unsupported ioctl
    - media: usbtv: prevent double free in error case
    - parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
    - crypto: ahash - Fix early termination in hash walk
    - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
    - fs/proc: Stop trying to report thread stacks
    - staging: comedi: ni_mio_common: ack ai fifo error interrupts.
    - Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
    - Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
    - vt: change SGR 21 to follow the standards
    - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property
      definition
    - ARM: dts: dra7: Add power hold and power controller properties to palmas
    - ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property
    - md/raid10: reset the 'first' at the end of loop
    - net: hns: Fix ethtool private flags
    - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()"
    - Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
    - Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
    - Revert "cpufreq: Fix governor module removal race"
    - Revert "mtip32xx: use runtime tag to initialize command header"
    - spi: davinci: fix up dma_mapping_error() incorrect patch
    - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized
      ndata"
    - Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
    - Linux 4.4.127
  * Xenial update to 4.4.126 stable release (LP: #1764999)
    - scsi: sg: don't return bogus Sg_requests
    - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for
      shared IRQs"
    - net: Fix hlist corruptions in inet_evict_bucket()
    - dccp: check sk for closed state in dccp_sendmsg()
    - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
    - l2tp: do not accept arbitrary sockets
    - net: ethernet: arc: Fix a potential memory leak if an optional regulator is
      deferred
    - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY
      interface
    - net/iucv: Free memory obtained by kzalloc
    - netlink: avoid a double skb free in genlmsg_mcast()
    - net: Only honor ifindex in IP_PKTINFO if non-0
    - skbuff: Fix not waking applications when errors are enqueued
    - team: Fix double free in error path
    - s390/qeth: free netdevice when removing a card
    - s390/qeth: when thread completes, wake up all waiters
    - s390/qeth: lock read device while queueing next buffer
    - s390/qeth: on channel error, reject further cmd requests
    - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
    - net: fec: Fix unbalanced PM runtime calls
    - net: systemport: Rewrite __bcm_sysport_tx_reclaim()
    - Linux 4.4.126
  * Xenial update to 4.4.125 stable release (LP: #1764973)
    - MIPS: ralink: Remove ralink_halt()
    - iio: st_pressure: st_accel: pass correct platform data to init
    - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
    - ALSA: aloop: Sync stale timer before release
    - ALSA: aloop: Fix access to not-yet-ready substream via cable
    - ALSA: hda/realtek - Always immediately update mute LED with pin VREF
    - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
    - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
    - ahci: Add PCI-id for the Highpoint Rocketraid 644L card
    - clk: bcm2835: Protect sections updating shared registers
    - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
    - libata: fix length validation of ATAPI-relayed SCSI commands
    - libata: remove WARN() for DMA or PIO command without data
    - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
    - libata: Enable queued TRIM for Samsung SSD 860
    - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
    - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
    - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
    - mm/vmalloc: add interfaces to free unmapped page table
    - x86/mm: implement free pmd/pte page interfaces
    - drm/vmwgfx: Fix a destoy-while-held mutex problem.
    - drm/radeon: Don't turn off DP sink when disconnected
    - drm: udl: Properly check framebuffer mmap offsets
    - acpi, numa: fix pxm to online numa node associations
    - brcmfmac: fix P2P_DEVICE ethernet address generation
    - rtlwifi: rtl8723be: Fix loss of signal
    - tracing: probeevent: Fix to support minus offset from symbol
    - mtd: nand: fsl_ifc: Fix nand waitfunc return value
    - staging: ncpfs: memory corruption in ncp_read_kernel()
    - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
    - can: cc770: Fix queue stall & dropped RTR reply
    - can: cc770: Fix use after free in cc770_tx_interrupt()
    - tty: vt: fix up tabstops properly
    - x86/build/64: Force the linker to use 2MB page size
    - x86/boot/64: Verify alignment of the LOAD segment
    - perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
    - staging: lustre: ptlrpc: kfree used instead of kvfree
    - kbuild: disable clang's default use of -fmerge-all-constants
    - bpf: skip unnecessary capability check
    - bpf, x64: increase number of passes
    - Linux 4.4.125
  * System fails to start (boot) on battery due to read-only root file-system
    (LP: #1726930) // Xenial update to 4.4.125 stable release (LP: #1764973)
    - libata: disable LPM for Crucial BX100 SSD 500GB drive
  * Xenial update to 4.4.124 stable release (LP: #1764762)
    - tpm: fix potential buffer overruns caused by bit glitches on the bus
    - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
    - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
    - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
    - regulator: anatop: set default voltage selector for pcie
    - x86: i8259: export legacy_pic symbol
    - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
    - Input: ar1021_i2c - fix too long name in driver's device table
    - time: Change posix clocks ops interfaces to use timespec64
    - ACPI/processor: Fix error handling in __acpi_processor_start()
    - ACPI/processor: Replace racy task affinity logic
    - cpufreq/sh: Replace racy task affinity logic
    - genirq: Use irqd_get_trigger_type to compare the trigger type for shared
      IRQs
    - i2c: i2c-scmi: add a MS HID
    - net: ipv6: send unsolicited NA on admin up
    - media/dvb-core: Race condition when writing to CAM
    - spi: dw: Disable clock after unregistering the host
    - ath: Fix updating radar flags for coutry code India
    - clk: ns2: Correct SDIO bits
    - scsi: virtio_scsi: Always try to read VPD pages
    - KVM: PPC: Book3S PR: Exit KVM on failed mapping
    - ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
    - iommu/omap: Register driver before setting IOMMU ops
    - md/raid10: wait up frozen array in handle_write_completed
    - NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
    - tcp: remove poll() flakes with FastOpen
    - e1000e: fix timing for 82579 Gigabit Ethernet controller
    - ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
    - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
    - IB/ipoib: Update broadcast object if PKey value was changed in index 0
    - HSI: ssi_protocol: double free in ssip_pn_xmit()
    - IB/mlx4: Take write semaphore when changing the vma struct
    - IB/mlx4: Change vma from shared to private
    - ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
    - Fix driver usage of 128B WQEs when WQ_CREATE is V1.
    - netfilter: xt_CT: fix refcnt leak on error path
    - openvswitch: Delete conntrack entry clashing with an expectation.
    - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
    - wan: pc300too: abort path on failure
    - qlcnic: fix unchecked return value
    - scsi: mac_esp: Replace bogus memory barrier with spinlock
    - infiniband/uverbs: Fix integer overflows
    - NFS: don't try to cross a mountpount when there isn't one there.
    - Revert "UBUNTU: SAUCE: (no-up) iio: st_pressure: st_accel: Initialise sensor
      platform data properly"
    - iio: st_pressure: st_accel: Initialise sensor platform data properly
    - mt7601u: check return value of alloc_skb
    - rndis_wlan: add return value validation
    - Btrfs: send, fix file hole not being preserved due to inline extent
    - mac80211: don't parse encrypted management frames in ieee80211_frame_acked
    - mfd: palmas: Reset the POWERHOLD mux during power off
    - mtip32xx: use runtime tag to initialize command header
    - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK
      set to y
    - staging: wilc1000: fix unchecked return value
    - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
    - ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
    - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
    - ACPI / PMIC: xpower: Fix power_table addresses
    - drm/nouveau/kms: Increase max retries in scanout position queries.
    - bnx2x: Align RX buffers
    - power: supply: pda_power: move from timer to delayed_work
    - Input: twl4030-pwrbutton - use correct device for irq request
    - md/raid10: skip spare disk as 'first' disk
    - ia64: fix module loading for gcc-5.4
    - tcm_fileio: Prevent information leak for short reads
    - video: fbdev: udlfb: Fix buffer on stack
    - sm501fb: don't return zero on failure path in sm501fb_start()
    - net: hns: fix ethtool_get_strings overflow in hns driver
    - cifs: small underflow in cnvrtDosUnixTm()
    - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
    - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
    - perf tests kmod-path: Don't fail if compressed modules aren't supported
    - Bluetooth: hci_qca: Avoid setup failure on missing rampatch
    - media: c8sectpfe: fix potential NULL pointer dereference in
      c8sectpfe_timer_interrupt
    - drm/msm: fix leak in failed get_pages
    - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
    - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
    - media: bt8xx: Fix err 'bt878_probe()'
    - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
    - cros_ec: fix nul-termination for firmware build info
    - platform/chrome: Use proper protocol transfer function
    - mmc: avoid removing non-removable hosts during suspend
    - IB/ipoib: Avoid memory leak if the SA returns a different DGID
    - RDMA/cma: Use correct size when writing netlink stats
    - IB/umem: Fix use of npages/nmap fields
    - vgacon: Set VGA struct resource types
    - drm/omap: DMM: Check for DMM readiness after successful transaction commit
    - pty: cancel pty slave port buf's work in tty_release
    - coresight: Fix disabling of CoreSight TPIU
    - pinctrl: Really force states during suspend/resume
    - iommu/vt-d: clean up pr_irq if request_threaded_irq fails
    - ip6_vti: adjust vti mtu according to mtu of lower device
    - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
    - nfsd4: permit layoutget of executable-only files
    - clk: si5351: Rename internal plls to avoid name collisions
    - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
    - RDMA/ucma: Fix access to non-initialized CM_ID object
    - Linux 4.4.124
  * Xenial update to 4.4.123 stable release (LP: #1764666)
    - blkcg: fix double free of new_blkg in blkcg_init_queue
    - Input: tsc2007 - check for presence and power down tsc2007 during probe
    - staging: speakup: Replace BUG_ON() with WARN_ON().
    - staging: wilc1000: add check for kmalloc allocation failure.
    - HID: reject input outside logical range only if null state is set
    - drm: qxl: Don't alloc fbdev if emulation is not supported
    - ath10k: fix a warning during channel switch with multiple vaps
    - PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()
    - selinux: check for address length in selinux_socket_bind()
    - perf sort: Fix segfault with basic block 'cycles' sort dimension
    - i40e: Acquire NVM lock before reads on all devices
    - i40e: fix ethtool to get EEPROM data from X722 interface
    - perf tools: Make perf_event__synthesize_mmap_events() scale
    - drivers: net: xgene: Fix hardware checksum setting
    - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-
      off)
    - ath10k: disallow DFS simulation if DFS channel is not enabled
    - perf probe: Return errno when not hitting any event
    - HID: clamp input to logical range if no null state
    - net/8021q: create device with all possible features in wanted_features
    - ARM: dts: Adjust moxart IRQ controller and flags
    - batman-adv: handle race condition for claims between gateways
    - of: fix of_device_get_modalias returned length when truncating buffers
    - solo6x10: release vb2 buffers in solo_stop_streaming()
    - scsi: ipr: Fix missed EH wakeup
    - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
    - timers, sched_clock: Update timeout for clock wrap
    - sysrq: Reset the watchdog timers while displaying high-resolution timers
    - Input: qt1070 - add OF device ID table
    - sched: act_csum: don't mangle TCP and UDP GSO packets
    - ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT
    - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
    - tcp: sysctl: Fix a race to avoid unexpected 0 window from space
    - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
    - driver: (adm1275) set the m,b and R coefficients correctly for power
    - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
    - blk-throttle: make sure expire time isn't too big
    - f2fs: relax node version check for victim data in gc
    - bonding: refine bond_fold_stats() wrap detection
    - braille-console: Fix value returned by _braille_console_setup
    - drm/vmwgfx: Fixes to vmwgfx_fb
    - vxlan: vxlan dev should inherit lowerdev's gso_max_size
    - NFC: nfcmrvl: Include unaligned.h instead of access_ok.h
    - NFC: nfcmrvl: double free on error path
    - ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks
    - ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks
    - powerpc: Avoid taking a data miss on every userspace instruction miss
    - net/faraday: Add missing include of of.h
    - ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
    - reiserfs: Make cancel_old_flush() reliable
    - ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
    - fm10k: correctly check if interface is removed
    - apparmor: Make path_max parameter readonly
    - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
    - video: ARM CLCD: fix dma allocation size
    - drm/radeon: Fail fb creation from imported dma-bufs.
    - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2)
    - coresight: Fixes coresight DT parse to get correct output port ID.
    - MIPS: BPF: Quit clobbering callee saved registers in JIT code.
    - MIPS: BPF: Fix multiple problems in JIT skb access helpers.
    - MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
    - MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
    - regulator: isl9305: fix array size
    - md/raid6: Fix anomily when recovering a single device in RAID6.
    - usb: dwc2: Make sure we disconnect the gadget state
    - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in
      dummy_hub_control()
    - drivers/perf: arm_pmu: handle no platform_device
    - perf inject: Copy events when reordering events in pipe mode
    - perf session: Don't rely on evlist in pipe mode
    - scsi: sg: check for valid direction before starting the request
    - scsi: sg: close race condition in sg_remove_sfp_usercontext()
    - kprobes/x86: Fix kprobe-booster not to boost far call instructions
    - kprobes/x86: Set kprobes pages read-only
    - pwm: tegra: Increase precision in PWM rate calculation
    - wil6210: fix memory access violation in wil_memcpy_from/toio_32
    - drm/edid: set ELD connector type in drm_edid_to_eld()
    - video/hdmi: Allow "empty" HDMI infoframes
    - HID: elo: clear BTN_LEFT mapping
    - ARM: dts: exynos: Correct Trats2 panel reset line
    - sched: Stop switched_to_rt() from sending IPIs to offline CPUs
    - sched: Stop resched_cpu() from sending IPIs to offline CPUs
    - test_firmware: fix setting old custom fw path back on exit
    - net: xfrm: allow clearing socket xfrm policies.
    - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
    - ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
    - ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
    - ath10k: update tdls teardown state to target
    - cpufreq: Fix governor module removal race
    - clk: qcom: msm8916: fix mnd_width for codec_digcodec
    - ath10k: fix invalid STS_CAP_OFFSET_MASK
    - tools/usbip: fixes build with musl libc toolchain
    - spi: sun6i: disable/unprepare clocks on remove
    - scsi: core: scsi_get_device_flags_keyed(): Always return device flags
    - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
    - scsi: dh: add new rdac devices
    - media: cpia2: Fix a couple off by one bugs
    - veth: set peer GSO values
    - drm/amdkfd: Fix memory leaks in kfd topology
    - agp/intel: Flush all chipset writes after updating the GGTT
    - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
    - mac80211: remove BUG() when interface type is invalid
    - ASoC: nuc900: Fix a loop timeout test
    - ipvlan: add L2 check for packets arriving via virtual devices
    - rcutorture/configinit: Fix build directory error message
    - ima: relax requiring a file signature for new files with zero length
    - selftests/x86/entry_from_vm86: Exit with 1 if we fail
    - selftests/x86: Add tests for User-Mode Instruction Prevention
    - selftests/x86: Add tests for the STR and SLDT instructions
    - selftests/x86/entry_from_vm86: Add test cases for POPF
    - x86/vm86/32: Fix POPF emulation
    - x86/mm: Fix vmalloc_fault to use pXd_large
    - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
    - ALSA: hda - Revert power_save option default value
    - ALSA: seq: Fix possible UAF in snd_seq_check_queue()
    - ALSA: seq: Clear client entry before deleting else at closing
    - drm/amdgpu/dce: Don't turn off DP sink when disconnected
    - fs: Teach path_connected to handle nfs filesystems with multiple roots.
    - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
    - fs/aio: Add explicit RCU grace period when freeing kioctx
    - fs/aio: Use RCU accessors for kioctx_table->table[]
    - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
    - scsi: sg: fix SG_DXFER_FROM_DEV transfers
    - scsi: sg: fix static checker warning in sg_is_valid_dxfer
    - scsi: sg: only check for dxfer_len greater than 256M
    - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
    - btrfs: alloc_chunk: fix DUP stripe size handling
    - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale
      device
    - USB: gadget: udc: Add missing platform_device_put() on error in
      bdc_pci_probe()
    - usb: gadget: bdc: 64-bit pointer capability check
    - Linux 4.4.123
  * Xenial update to 4.4.123 stable release (LP: #1764666) // CVE-2017-16995
    - Revert "bpf: fix incorrect sign extension in check_alu_op()"
    - bpf: fix incorrect sign extension in check_alu_op()
  * Xenial update to 4.4.122 stable release (LP: #1764627)
    - RDMA/ucma: Limit possible option size
    - RDMA/ucma: Check that user doesn't overflow QP state
    - RDMA/mlx5: Fix integer overflow while resizing CQ
    - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
    - workqueue: Allow retrieval of current task's work struct
    - drm: Allow determining if current task is output poll worker
    - drm/nouveau: Fix deadlock on runtime suspend
    - drm/radeon: Fix deadlock on runtime suspend
    - drm/amdgpu: Fix deadlock on runtime suspend
    - drm/amdgpu: Notify sbios device ready before send request
    - drm/radeon: fix KV harvesting
    - drm/amdgpu: fix KV harvesting
    - MIPS: BMIPS: Do not mask IPIs during suspend
    - MIPS: ath25: Check for kzalloc allocation failure
    - MIPS: OCTEON: irq: Check for null return on kzalloc allocation
    - Input: matrix_keypad - fix race when disabling interrupts
    - loop: Fix lost writes caused by missing flag
    - kbuild: Handle builtin dtb file names containing hyphens
    - bcache: don't attach backing with duplicate UUID
    - x86/MCE: Serialize sysfs changes
    - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
    - ALSA: seq: More protection for concurrent write and ioctl races
    - ALSA: hda: add dock and led support for HP EliteBook 820 G3
    - ALSA: hda: add dock and led support for HP ProBook 640 G2
    - watchdog: hpwdt: SMBIOS check
    - watchdog: hpwdt: Check source of NMI
    - watchdog: hpwdt: fix unused variable warning
    - netfilter: nfnetlink_queue: fix timestamp attribute
    - Input: tca8418_keypad - remove double read of key event register
    - tc358743: fix register i2c_rd/wr function fix
    - netfilter: add back stackpointer size checks
    - netfilter: x_tables: fix missing timer initialization in xt_LED
    - netfilter: nat: cope with negative port range
    - netfilter: IDLETIMER: be syzkaller friendly
    - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
    - netfilter: bridge: ebt_among: add missing match size checks
    - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
    - netfilter: use skb_to_full_sk in ip_route_me_harder
    - ext4: inplace xattr block update fails to deduplicate blocks
    - ubi: Fix race condition between ubi volume creation and udev
    - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
    - NFS: Fix an incorrect type in struct nfs_direct_req
    - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
    - x86/module: Detect and skip invalid relocations
    - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
    - serial: sh-sci: prevent lockup on full TTY buffers
    - tty/serial: atmel: add new version check for usart
    - uas: fix comparison for error code
    - staging: comedi: fix comedi_nsamples_left.
    - staging: android: ashmem: Fix lockdep issue during llseek
    - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
    - usb: quirks: add control message delay for 1b1c:1b20
    - USB: usbmon: remove assignment from IS_ERR argument
    - usb: usbmon: Read text within supplied buffer size
    - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
    - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
    - fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
    - Linux 4.4.122
  * Xenial update to 4.4.122 stable release (LP: #1764627) // CVE-2018-1000004.
    - ALSA: seq: Don't allow resizing pool in use
  * Xenial update to 4.4.121 stable release (LP: #1764367)
    - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the
      bus
    - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on
      the bus
    - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the
      bus
    - ALSA: usb-audio: Add a quirck for B&W PX headphones
    - ALSA: hda: Add a power_save blacklist
    - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
    - media: m88ds3103: don't call a non-initalized function
    - ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
    - KVM: mmu: Fix overlap between public and private memslots
    - btrfs: Don't clear SGID when inheriting ACLs
    - ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
    - x86/apic/vector: Handle legacy irq data correctly
    - leds: do not overflow sysfs buffer in led_trigger_show
    - x86/spectre: Fix an error message
    - bridge: check brport attr show in brport_show
    - fib_semantics: Don't match route with mismatching tclassid
    - hdlc_ppp: carrier detect ok, don't turn off negotiation
    - ipv6 sit: work around bogus gcc-8 -Wrestrict warning
    - net: fix race on decreasing number of TX queues
    - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
    - netlink: ensure to loop over all netns in genlmsg_multicast_allns()
    - ppp: prevent unregistered channels from connecting to PPP units
    - udplite: fix partial checksum initialization
    - sctp: fix dst refcnt leak in sctp_v4_get_dst
    - sctp: fix dst refcnt leak in sctp_v6_get_dst()
    - s390/qeth: fix SETIP command handling
    - s390/qeth: fix IPA command submission race
    - sctp: verify size of a new chunk in _sctp_make_chunk()
    - net: mpls: Pull common label check into helper
    - dm io: fix duplicate bio completion due to missing ref count
    - bpf, x64: implement retpoline for tail call
    - btrfs: preserve i_mode if __btrfs_set_acl() fails
    - Linux 4.4.121
  * Xenial update to 4.4.120 stable release (LP: #1764316)
    - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
    - f2fs: fix a bug caused by NULL extent tree
    - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
    - ipv6: icmp6: Allow icmp messages to be looped back
    - ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
    - sget(): handle failures of register_shrinker()
    - drm/nouveau/pci: do a msi rearm on init
    - spi: atmel: fixed spin_lock usage inside atmel_spi_remove
    - net: arc_emac: fix arc_emac_rx() error paths
    - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
    - ARM: dts: ls1021a: fix incorrect clock references
    - lib/mpi: Fix umul_ppmm() for MIPS64r6
    - tg3: Add workaround to restrict 5762 MRRS to 2048
    - tg3: Enable PHY reset in MTU change path for 5720
    - bnx2x: Improve reliability in case of nested PCI errors
    - s390/dasd: fix wrongly assigned configuration data
    - IB/mlx4: Fix mlx4_ib_alloc_mr error flow
    - IB/ipoib: Fix race condition in neigh creation
    - xfs: quota: fix missed destroy of qi_tree_lock
    - xfs: quota: check result of register_shrinker()
    - e1000: fix disabling already-disabled warning
    - drm/ttm: check the return value of kzalloc
    - mac80211: mesh: drop frames appearing to be from us
    - can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
    - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
    - xen-netfront: enable device after manual module load
    - mdio-sun4i: Fix a memory leak
    - SolutionEngine771x: fix Ether platform data
    - xen/gntdev: Fix off-by-one error when unmapping with holes
    - xen/gntdev: Fix partial gntdev_mmap() cleanup
    - sctp: make use of pre-calculated len
    - net: gianfar_ptp: move set_fipers() to spinlock protecting area
    - MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
    - Linux 4.4.120
  * Xenial update to 4.4.119 stable release (LP: #1762453)
    - netfilter: drop outermost socket lock in getsockopt()
    - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
    - PCI: keystone: Fix interrupt-controller-node lookup
    - ip_tunnel: replace dst_cache with generic implementation
    - ip_tunnel: fix preempt warning in ip tunnel creation/updating
    - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
    - cfg80211: fix cfg80211_beacon_dup
    - iio: buffer: check if a buffer has been set up when poll is called
    - iio: adis_lib: Initialize trigger before requesting interrupt
    - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
    - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
    - usb: ohci: Proper handling of ed_rm_list to handle race condition between
      usb_kill_urb() and finish_unlinks()
    - arm64: Disable unhandled signal log messages by default
    - Add delay-init quirk for Corsair K70 RGB keyboards
    - usb: dwc3: gadget: Set maxpacket size for ep0 IN
    - usb: ldusb: add PIDs for new CASSY devices supported by this driver
    - usb: gadget: f_fs: Process all descriptors during bind
    - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
    - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
    - binder: add missing binder_unlock()
    - Linux 4.4.119
  * [regression] Colour banding and artefacts appear system-wide on an Asus
    Zenbook UX303LA with Intel HD 4400 graphics (LP: #1749420) // Xenial update
    to 4.4.119 stable release (LP: #1762453)
    - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
  * Xenial update to 4.4.118 stable release (LP: #1756866)
    - net: add dst_cache support
    - [Config] Add CONFIG_DST_CACHE=y
    - net: replace dst_cache ip6_tunnel implementation with the generic one
    - cfg80211: check dev_set_name() return value
    - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
    - xfrm: Fix stack-out-of-bounds read on socket policy lookup.
    - xfrm: check id proto in validate_tmpl()
    - blktrace: fix unlocked registration of tracepoints
    - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
    - Provide a function to create a NUL-terminated string from unterminated data
    - selinux: ensure the context is NUL terminated in
      security_context_to_sid_core()
    - selinux: skip bounded transition processing if the policy isn't loaded
    - crypto: x86/twofish-3way - Fix %rbp usage
    - KVM: x86: fix escape of guest dr6 to the host
    - netfilter: x_tables: fix int overflow in xt_alloc_table_info()
    - netfilter: x_tables: avoid out-of-bounds reads in
      xt_request_find_{match|target}
    - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
    - netfilter: on sockopt() acquire sock lock only in the required scope
    - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
    - net: avoid skb_warn_bad_offload on IS_ERR
    - ASoC: ux500: add MODULE_LICENSE tag
    - video: fbdev/mmp: add MODULE_LICENSE
    - arm64: dts: add #cooling-cells to CPU nodes
    - Make DST_CACHE a silent config option
    - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
    - staging: android: ashmem: Fix a race condition in pin ioctls
    - binder: check for binder_thread allocation failure in binder_poll()
    - staging: iio: adc: ad7192: fix external frequency setting
    - usbip: keep usbip_device sockfd state in sync with tcp_socket
    - usb: build drivers/usb/common/ when USB_SUPPORT is set
    - ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
    - ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
    - ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
    - ARM: dts: am4372: Correct the interrupts_properties of McASP
    - perf top: Fix window dimensions change handling
    - perf bench numa: Fixup discontiguous/sparse numa nodes
    - media: s5k6aa: describe some function parameters
    - pinctrl: sunxi: Fix A80 interrupt pin bank
    - RDMA/cma: Make sure that PSN is not over max allowed
    - scripts/kernel-doc: Don't fail with status != 0 if error encountered with
      -none
    - ipvlan: Add the skb->mark as flow4's member to lookup route
    - powerpc/perf: Fix oops when grouping different pmu events
    - s390/dasd: prevent prefix I/O error
    - gianfar: fix a flooded alignment reports because of padding issue.
    - net_sched: red: Avoid devision by zero
    - net_sched: red: Avoid illegal values
    - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
    - 509: fix printing uninitialized stack memory when OID is empty
    - dmaengine: ioat: Fix error handling path
    - dmaengine: at_hdmac: fix potential NULL pointer dereference in
      atc_prep_dma_interleaved
    - clk: fix a panic error caused by accessing NULL pointer
    - ASoC: rockchip: disable clock on error
    - spi: sun4i: disable clocks in the remove function
    - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
    - drm/armada: fix leak of crtc structure
    - dmaengine: jz4740: disable/unprepare clk if probe fails
    - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
    - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
    - xen: XEN_ACPI_PROCESSOR is Dom0-only
    - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
    - virtio_balloon: prevent uninitialized variable use
    - isdn: icn: remove a #warning
    - vmxnet3: prevent building with 64K pages
    - [Config] ppc64el: Drop vmxnet3 module
    - gpio: intel-mid: Fix build warning when !CONFIG_PM
    - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
    - video: fbdev: via: remove possibly unused variables
    - scsi: advansys: fix build warning for PCI=n
    - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
    - arm64: define BUG() instruction without CONFIG_BUG
    - x86/fpu/math-emu: Fix possible uninitialized variable use
    - tools build: Add tools tree support for 'make -s'
    - x86/build: Silence the build with "make -s"
    - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
    - x86: add MULTIUSER dependency for KVM
    - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
    - scsi: advansys: fix uninitialized data access
    - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
    - ALSA: hda/ca0132 - fix possible NULL pointer use
    - reiserfs: avoid a -Wmaybe-uninitialized warning
    - ssb: mark ssb_bus_register as __maybe_unused
    - thermal: spear: use __maybe_unused for PM functions
    - x86/boot: Avoid warning for zero-filling .bss
    - scsi: sim710: fix build warning
    - drivers/net: fix eisa_driver probe section mismatch
    - dpt_i2o: fix build warning
    - profile: hide unused functions when !CONFIG_PROC_FS
    - md: avoid warning for 32-bit sector_t
    - mtd: ichxrom: maybe-uninitialized with gcc-4.9
    - mtd: maps: add __init attribute
    - mptfusion: hide unused seq_mpt_print_ioc_summary function
    - scsi: fdomain: drop fdomain_pci_tbl when built-in
    - video: fbdev: sis: remove unused variable
    - staging: ste_rmi4: avoid unused function warnings
    - fbdev: sis: enforce selection of at least one backend
    - video: Use bool instead int pointer for get_opt_bool() argument
    - scsi: mvumi: use __maybe_unused to hide pm functions
    - SCSI: initio: remove duplicate module device table
    - pwc: hide unused label
    - usb: musb/ux500: remove duplicate check for dma_is_compatible
    - tty: hvc_xen: hide xen_console_remove when unused
    - target/user: Fix cast from pointer to phys_addr_t
    - driver-core: use 'dev' argument in dev_dbg_ratelimited stub
    - fbdev: auo_k190x: avoid unused function warnings
    - amd-xgbe: Fix unused suspend handlers build warning
    - mtd: sh_flctl: pass FIFO as physical address
    - mtd: cfi: enforce valid geometry configuration
    - fbdev: s6e8ax0: avoid unused function warnings
    - modsign: hide openssl output in silent builds
    - fbdev: sm712fb: avoid unused function warnings
    - hwrng: exynos - use __maybe_unused to hide pm functions
    - USB: cdc_subset: only build when one driver is enabled
    - [Config] Add CONFIG_USB_NET_CDC_SUBSET_ENABLE=m
    - rtlwifi: fix gcc-6 indentation warning
    - staging: wilc1000: fix kbuild test robot error
    - x86/platform/olpc: Fix resume handler build warning
    - netfilter: ipvs: avoid unused variable warnings
    - ipv4: ipconfig: avoid unused ic_proto_used symbol
    - tc1100-wmi: fix build warning when CONFIG_PM not enabled
    - tlan: avoid unused label with PCI=n
    - drm/vmwgfx: use *_32_bits() macros
    - tty: cyclades: cyz_interrupt is only used for PCI
    - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
    - ASoC: mediatek: add i2c dependency
    - iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
    - infiniband: cxgb4: use %pR format string for printing resources
    - b2c2: flexcop: avoid unused function warnings
    - i2c: remove __init from i2c_register_board_info()
    - staging: unisys: visorinput depends on INPUT
    - tc358743: fix register i2c_rd/wr functions
    - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
    - Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
    - KVM: add X86_LOCAL_APIC dependency
    - go7007: add MEDIA_CAMERA_SUPPORT dependency
    - em28xx: only use mt9v011 if camera support is enabled
    - ISDN: eicon: reduce stack size of sig_ind function
    - ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
    - serial: 8250_mid: fix broken DMA dependency
    - drm/gma500: Sanity-check pipe index
    - hdpvr: hide unused variable
    - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
    - cw1200: fix bogus maybe-uninitialized warning
    - wireless: cw1200: use __maybe_unused to hide pm functions_
    - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
    - dmaengine: zx: fix build warning
    - net: hp100: remove unnecessary #ifdefs
    - gpio: xgene: mark PM functions as __maybe_unused
    - ncpfs: fix unused variable warning
    - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
    - power: bq27xxx_battery: mark some symbols __maybe_unused
    - isdn: sc: work around type mismatch warning
    - binfmt_elf: compat: avoid unused function warning
    - idle: i7300: add PCI dependency
    - usb: phy: msm add regulator dependency
    - ncr5380: shut up gcc indentation warning
    - ARM: tegra: select USB_ULPI from EHCI rather than platform
    - ASoC: Intel: Kconfig: fix build when ACPI is not enabled
    - netlink: fix nla_put_{u8,u16,u32} for KASAN
    - dell-wmi, dell-laptop: depends DMI
    - genksyms: Fix segfault with invalid declarations
    - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix
      preemptibility bug
    - drm/gma500: remove helper function
    - kasan: rework Kconfig settings
    - KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"
      exceptions simultaneously
    - x86/retpoline: Remove the esp/rsp thunk
    - module/retpoline: Warn about missing retpoline in module
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/cpu/bugs: Make retpoline module warning conditional
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
    - x86/paravirt: Remove 'noreplace-paravirt' cmdline option
    - x86/retpoline: Avoid retpolines for built-in __init functions
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
    - KVM: nVMX: kmap() can't fail
    - KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
    - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
    - KVM: VMX: clean up declaration of VPID/EPT invalidation types
    - KVM: nVMX: invvpid handling improvements
    - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
    - net: dst_cache_per_cpu_dst_set() can be static
    - ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
    - Linux 4.4.118
  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

-- Juerg Haefliger <juergh@canonical.com>  Sun, 20 May 2018 16:19:04 +0200

Changed in linux-kvm (Ubuntu Xenial):
status:	Confirmed → Fix Released

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-05-22: Workflow done!

All tasks have been completed and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status:	In Progress → Fix Released
tags:	removed: kernel-release-tracking-bug-live

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1766610

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-kvm package

linux-kvm: 4.4.0-1024.29 -proposed tracker

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
linux-kvm package