Ubuntu
linux-lts-xenial package

lp:ubuntu/trusty-security/linux-lts-xenial

  1. Trusty (14.04)
  2. trusty-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/trusty-security/linux-lts-xenial
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

5. By Tim Gardner

[ Tim Gardner ]

* Release Tracking Bug
  - LP: #1556247

* s390/mm: four page table levels vs. fork (LP: #1556141)
  - s390/mm: four page table levels vs. fork

* [Hyper-V] network performance patches for Xenial 16.04 (LP: #1556037)
  - hv_netvsc: use skb_get_hash() instead of a homegrown implementation
  - hv_netvsc: cleanup netdev feature flags for netvsc

* fails to boot on megaraid (LP: #1552903)
  - SAUCE: (noup) megaraid_sas: Don't issue kill adapter for MFI controllers in
    case of PD list DCMD failure

* ALSA: hda - add codec support for Kabylake display audio codec (LP: #1556002)
  - ALSA: hda - add codec support for Kabylake display audio codec

* Backport upstream bugfixes to ubuntu-16.04 (LP: #1555765)
  - cpufreq: powernv: Free 'chips' on module exit
  - cpufreq: powernv: Hot-plug safe the kworker thread
  - cpufreq: powernv: Remove cpu_to_chip_id() from hot-path
  - cpufreq: powernv/tracing: Add powernv_throttle tracepoint
  - cpufreq: powernv: Replace pr_info with trace print for throttle event
  - SAUCE: (noup) cpufreq: powernv: Fix bugs in powernv_cpufreq_{init/exit}

* Linux netfilter IPT_SO_SET_REPLACE memory corruption (LP: #1555338)
  - SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving userspace

* integer overflow in xt_alloc_table_info (LP: #1555353)
  - SAUCE: (noup) netfilter: x_tables: check for size overflow

* linux: auto-generate the reconstruct information from the git tag (LP: #1555543)
  - [Packaging] reconstruct -- automatically reconstruct against base tag
  - [Config] reconstruct -- update to autoreconstruct output
  - [Packaging] reconstruct -- update when inserting final changes

* Xenial update to v4.4.5 stable release (LP: #1555640)
  - use ->d_seq to get coherency between ->d_inode and ->d_flags
  - drivers: sh: Restore legacy clock domain on SuperH platforms
  - Btrfs: fix deadlock running delayed iputs at transaction commit time
  - btrfs: Fix no_space in write and rm loop
  - btrfs: async-thread: Fix a use-after-free error for trace
  - block: Initialize max_dev_sectors to 0
  - PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
  - parisc: Fix ptrace syscall number and return value modification
  - mips/kvm: fix ioctl error handling
  - kvm: x86: Update tsc multiplier on change.
  - fbcon: set a default value to blink interval
  - cifs: fix out-of-bounds access in lease parsing
  - CIFS: Fix SMB2+ interim response processing for read requests
  - Fix cifs_uniqueid_to_ino_t() function for s390x
  - vfio: fix ioctl error handling
  - KVM: x86: fix root cause for missed hardware breakpoints
  - arm/arm64: KVM: Fix ioctl error handling
  - iommu/amd: Apply workaround for ATS write permission check
  - iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
  - iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
  - target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
  - drm/ast: Fix incorrect register check for DRAM width
  - drm/radeon/pm: update current crtc info after setting the powerstate
  - drm/amdgpu/pm: update current crtc info after setting the powerstate
  - drm/amdgpu: apply gfx_v8 fixes to gfx_v7 as well
  - drm/amdgpu/gfx8: specify which engine to wait before vm flush
  - drm/amdgpu: return from atombios_dp_get_dpcd only when error
  - libata: fix HDIO_GET_32BIT ioctl
  - libata: Align ata_device's id on a cacheline
  - block: bio: introduce helpers to get the 1st and last bvec
  - writeback: flush inode cgroup wb switches instead of pinning super_block
  - Adding Intel Lewisburg device IDs for SATA
  - arm64: vmemmap: use virtual projection of linear region
  - PM / sleep / x86: Fix crash on graph trace through x86 suspend
  - ata: ahci: don't mark HotPlugCapable Ports as external/removable
  - tracing: Do not have 'comm' filter override event 'comm' field
  - pata-rb532-cf: get rid of the irq_to_gpio() call
  - Btrfs: fix loading of orphan roots leading to BUG_ON
  - Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
  - jffs2: Fix page lock / f->sem deadlock
  - Fix directory hardlinks from deleted directories
  - dmaengine: pxa_dma: fix cyclic transfers
  - adv7604: fix tx 5v detect regression
  - ALSA: usb-audio: Add a quirk for Plantronics DA45
  - ALSA: ctl: Fix ioctls for X32 ABI
  - ALSA: hda - Fix mic issues on Acer Aspire E1-472
  - ALSA: rawmidi: Fix ioctls X32 ABI
  - ALSA: timer: Fix ioctls for X32 ABI
  - ALSA: pcm: Fix ioctls for X32 ABI
  - ALSA: seq: oss: Don't drain at closing a client
  - ALSA: hdspm: Fix wrong boolean ctl value accesses
  - ALSA: hdsp: Fix wrong boolean ctl value accesses
  - ALSA: hdspm: Fix zero-division
  - ALSA: timer: Fix broken compat timer user status ioctl
  - usb: chipidea: otg: change workqueue ci_otg as freezable
  - USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
  - USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)
  - USB: qcserial: add Sierra Wireless EM74xx device ID
  - USB: serial: option: add support for Telit LE922 PID 0x1045
  - USB: serial: option: add support for Quectel UC20
  - MIPS: scache: Fix scache init with invalid line size.
  - MIPS: traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp'
  - ubi: Fix out of bounds write in volume update code
  - i2c: brcmstb: allocate correct amount of memory for regmap
  - thermal: cpu_cooling: fix out of bounds access in time_in_idle
  - block: check virt boundary in bio_will_gap()
  - block: get the 1st and last bvec via helpers
  - drm/i915: more virtual south bridge detection
  - drm/i915: refine qemu south bridge detection
  - modules: fix longstanding /proc/kallsyms vs module insertion race.
  - drm/amdgpu: fix topaz/tonga gmc assignment in 4.4 stable
  - Linux 4.4.5

* QEMU: causes vCPU steal time overflow on live migration (LP: #1494350)
  - x86/mm: Fix slow_virt_to_phys() for X86_PAE again

* TPM2.0 trusted keys fixes (LP: #1398274)
  - tpm_tis: further simplify calculation of ordinal duration
  - tpm_tis: Use devm_free_irq not free_irq
  - tpm_tis: Ensure interrupts are disabled when the driver starts
  - tpm: rework tpm_get_timeouts()
  - tpm_tis: Get rid of the duplicate IRQ probing code
  - tpm_tis: Refactor the interrupt setup
  - tpm_tis: Tighten IRQ auto-probing
  - tpm_ibmvtpm: properly handle interrupted packet receptions

* linux: review all versioned depends/conflicts/replaces/breaks for validility (LP: #1555033)
  - [Config] control.stub.in -- review versioned Build-Depends:
  - [Config] control.stub.in -- review versioned
    Depends/Breaks/Conflicts/Replaces
  - [Config] flavour-control.stub -- review versioned Breaks/Conflicts/Replaces
  - [Config] x86 vars.* -- review versioned Breaks/Conflicts/Replaces

4. By Tim Gardner

* Miscellaneous Ubuntu changes
  - reconstruct: Work around orig tarball packaging limitiations
    Fixes FTBS

3. By Tim Gardner

* Release Tracking Bug (LP: #1554008)

* Xenial update to v4.4.4 stable release (LP: #1553179)
  - af_iucv: Validate socket address length in iucv_sock_bind()
  - gro: Make GRO aware of lightweight tunnels.
  - net: dp83640: Fix tx timestamp overflow handling.
  - tunnels: Allow IPv6 UDP checksums to be correctly controlled.
  - lwt: fix rx checksum setting for lwt devices tunneling over ipv6
  - tcp: fix NULL deref in tcp_v4_send_ack()
  - af_unix: fix struct pid memory leak
  - pptp: fix illegal memory access caused by multiple bind()s
  - sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
  - net: dsa: fix mv88e6xxx switches
  - tipc: fix connection abort during subscription cancel
  - inet: frag: Always orphan skbs inside ip_defrag()
  - switchdev: Require RTNL mutex to be held when sending FDB notifications
  - tcp: beware of alignments in tcp_get_info()
  - ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()
  - ipv6/udp: use sticky pktinfo egress ifindex on connect()
  - ipv6: addrconf: Fix recursive spin lock call
  - ipv6: fix a lockdep splat
  - unix: correctly track in-flight fds in sending process user_struct
  - tcp: do not drop syn_recv on all icmp reports
  - net:Add sysctl_max_skb_frags
  - tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs
  - enic: increment devcmd2 result ring in case of timeout
  - sctp: translate network order to host order when users get a hmacid
  - net: Copy inner L3 and L4 headers as unaligned on GRE TEB
  - flow_dissector: Fix unaligned access in __skb_flow_dissector when used by
    eth_get_headlen
  - bpf: fix branch offset adjustment on backjumps after patching ctx expansion
  - bonding: Fix ARP monitor validation
  - ipv4: fix memory leaks in ip_cmsg_send() callers
  - af_unix: Don't set err in unix_stream_read_generic unless there was an error
  - af_unix: Guard against other == sk in unix_dgram_sendmsg
  - tipc: fix premature addition of node to lookup table
  - tcp: md5: release request socket instead of listener
  - qmi_wwan: add "4G LTE usb-modem U901"
  - net/mlx4_en: Count HW buffer overrun only once
  - net/mlx4_en: Avoid changing dev->features directly in run-time
  - l2tp: Fix error creating L2TP tunnels
  - pppoe: fix reference counting in PPPoE proxy
  - net_sched fix: reclassification needs to consider ether protocol changes
  - route: check and remove route cache when we get route
  - tcp/dccp: fix another race at listener dismantle
  - IFF_NO_QUEUE: Fix for drivers not calling ether_setup()
  - rtnl: RTM_GETNETCONF: fix wrong return value
  - tipc: unlock in error path
  - unix_diag: fix incorrect sign extension in unix_lookup_by_ino
  - sctp: Fix port hash table size computation
  - ext4: fix bh->b_state corruption
  - ARM: debug-ll: fix BCM63xx entry for multiplatform
  - arm64: errata: Add -mpc-relative-literal-loads to build flags
  - KVM: s390: fix guest fprs memory leak
  - devm_memremap: Fix error value when memremap failed
  - drm/gma500: Use correct unref in the gem bo create function
  - ARM: 8457/1: psci-smp is built only for SMP
  - lib/ucs2_string: Add ucs2 -> utf8 helper functions
  - efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
  - efi: Do variable name validation tests in utf8
  - efi: Make our variable validation list include the guid
  - efi: Make efivarfs entries immutable by default
  - efi: Add pstore variables to the deletion whitelist
  - lib/ucs2_string: Correct ucs2 -> utf8 conversion
  - bcache: fix a livelock when we cause a huge number of cache misses
  - bcache: Add a cond_resched() call to gc
  - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device
  - bcache: fix a leak in bch_cached_dev_run()
  - bcache: unregister reboot notifier if bcache fails to unregister device
  - bcache: allows use of register in udev to avoid "device_busy" error.
  - bcache: Change refill_dirty() to always scan entire disk if necessary
  - dm thin: fix race condition when destroying thin pool workqueue
  - can: ems_usb: Fix possible tx overflow
  - usb: dwc3: Fix assignment of EP transfer resources
  - USB: cp210x: add IDs for GE B650V3 and B850V3 boards
  - USB: option: add support for SIM7100E
  - USB: option: add "4G LTE usb-modem U901"
  - drivers: android: correct the size of struct binder_uintptr_t for
    BC_DEAD_BINDER_DONE
  - spi: omap2-mcspi: Prevent duplicate gpio_request
  - iw_cxgb3: Fix incorrectly returning error on success
  - drm/i915: shut up gen8+ SDE irq dmesg noise
  - ocfs2: unlock inode if deleting inode from orphan fails
  - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
  - mm: numa: quickly fail allocations for NUMA balancing on full nodes
  - genirq: Validate action before dereferencing it in handle_irq_event_percpu()
  - clocksource/drivers/vt8500: Increase the minimum delta
  - s390/kvm: remove dependency on struct save_area definition
  - KVM: s390: fix memory overwrites when vx is disabled
  - Btrfs: add missing brelse when superblock checksum fails
  - Btrfs: igrab inode in writepage
  - btrfs: statfs: report zero available if metadata are exhausted
  - Btrfs: send, don't BUG_ON() when an empty symlink is found
  - Btrfs: fix number of transaction units required to create symlink
  - Btrfs: fix transaction handle leak on failure to create hard link
  - Btrfs: Initialize btrfs_root->highest_objectid when loading tree root and
    subvolume roots
  - btrfs: initialize the seq counter in struct btrfs_device
  - s390: fix normalization bug in exception table sorting
  - s390/dasd: prevent incorrect length error under z/VM after PAV changes
  - s390/dasd: fix refcount for PAV reassignment
  - s390/dasd: fix performance drop
  - uml: flush stdout before forking
  - uml: fix hostfs mknod()
  - um: link with -lpthread
  - locks: fix unlock when fcntl_setlk races with a close
  - rtlwifi: rtl_pci: Fix kernel panic
  - rtlwifi: rtl8192cu: Add missing parameter setup
  - rtlwifi: rtl8192ce: Fix handling of module parameters
  - rtlwifi: rtl8192de: Fix incorrect module parameter descriptions
  - rtlwifi: rtl8723ae: Fix initialization of module parameters
  - rtlwifi: rtl8192se: Fix module parameter initialization
  - rtlwifi: rtl8188ee: Fix module parameter initialization
  - rtlwifi: rtl8723be: Fix module parameter initialization
  - mei: fix fasync return value on error
  - mei: validate request value in client notify request ioctl
  - namei: ->d_inode of a pinned dentry is stable only for positives
  - rc: sunxi-cir: Initialize the spinlock properly
  - media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
  - si2157: return -EINVAL if firmware blob is too big
  - gspca: ov534/topro: prevent a division by 0
  - vb2: fix a regression in poll() behavior for output,streams
  - tda1004x: only update the frontend properties if locked
  - dm space map metadata: remove unused variable in brb_pop()
  - dm snapshot: fix hung bios when copy error occurs
  - dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths
  - coresight: checking for NULL string in coresight_name_match()
  - irqchip/omap-intc: Add support for spurious irq handling
  - irqchip/mxs: Add missing set_handle_irq()
  - irqchip/atmel-aic: Fix wrong bit operation for IRQ priority
  - irqchip/gic-v3-its: Fix double ICC_EOIR write for LPI in EOImode==1
  - posix-clock: Fix return code on the poll method's error path
  - clockevents/tcb_clksrc: Prevent disabling an already disabled clock
  - mmc: usdhi6rol0: handle NULL data in timeout
  - mmc: sdhci-pci: Do not default to 33 Ohm driver strength for Intel SPT
  - mmc: sdio: Fix invalid vdd in voltage switch power cycle
  - mmc: mmc: Fix incorrect use of driver strength switching HS200 and HS400
  - mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off()
  - mmc: core: Enable tuning according to the actual timing
  - mmc: mmci: fix an ages old detection error
  - mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL
  - mmc: pxamci: fix again read-only gpio detection polarity
  - mmc: sdhci-pci: Fix card detect race for Intel BXT/APL
  - mmc: sdhci: Allow override of mmc host operations
  - mmc: sdhci: Allow override of get_cd() called from sdhci_request()
  - Bluetooth: Use continuous scanning when creating LE connections
  - Bluetooth: Add support of Toshiba Broadcom based devices
  - Bluetooth: Fix incorrect removing of IRKs
  - Bluetooth: 6lowpan: Fix kernel NULL pointer dereferences
  - Bluetooth: 6lowpan: Fix handling of uncompressed IPv6 packets
  - time: Avoid signed overflow in timekeeping_get_ns()
  - cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
  - Revert "MIPS: Fix PAGE_MASK definition"
  - MIPS: Loongson-3: Fix SMP_ASK_C0COUNT IPI handler
  - MIPS: hpet: Choose a safe value for the ETIME check
  - MIPS: Fix some missing CONFIG_CPU_MIPSR6 #ifdefs
  - MIPS: Fix buffer overflow in syscall_get_arguments()
  - EDAC: Robustify workqueues destruction
  - EDAC, mc_sysfs: Fix freeing bus' name
  - sparc64: fix incorrect sign extension in sys_sparc64_personality
  - clk: exynos: use irqsave version of spin_lock to avoid deadlock with irqs
  - regulator: axp20x: Fix GPIO LDO enable value for AXP22x
  - regulator: mt6311: MT6311_REGULATOR needs to select REGMAP_I2C
  - virtio_balloon: fix race by fill and leak
  - virtio_balloon: fix race between migration and ballooning
  - virtio_pci: fix use after free on release
  - drm/vmwgfx: Fix an incorrect lock check
  - drm/vmwgfx: Fix a width / pitch mismatch on framebuffer updates
  - drm/vmwgfx: respect 'nomodeset'
  - drm/amdgpu: Fix off-by-one errors in amdgpu_vm_bo_map
  - drm/amdgpu: call hpd_irq_event on resume
  - drm/amdgpu: fix lost sync_to if scheduler is enabled.
  - drm/amdgpu: fix tonga smu resume
  - drm/amdgpu: fix amdgpu_bo_pin_restricted VRAM placing v2
  - drm/amdgpu: no need to load MC firmware on fiji
  - drm/amdgpu: move gmc7 support out of CIK dependency
  - drm/amdgpu: iceland use CI based MC IP
  - drm/amdgpu: The VI specific EXE bit should only apply to GMC v8.0 above
  - drm/amdgpu: pull topaz gmc bits into gmc_v7
  - drm/amdgpu: drop topaz support from gmc8 module
  - drm/amdgpu: don't load MEC2 on topaz
  - drm/amdgpu: remove exp hardware support from iceland
  - drm/amdgpu: fix s4 resume
  - drm/amdgpu: remove unnecessary forward declaration
  - drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2)
  - drm/amdgpu: fix issue with overlapping userptrs
  - drm/amdgpu: use post-decrement in error handling
  - drm/amdgpu: Don't hang in amdgpu_flip_work_func on disabled crtc.
  - drm/amdgpu/pm: adjust display configuration after powerstate
  - drm/nouveau/kms: take mode_config mutex in connector hotplug path
  - drm/nouveau/display: Enable vblank irqs after display engine is on again.
  - drm/nouveau/disp/dp: ensure sink is powered up before attempting link
    training
  - drm/nouveau: platform: Fix deferred probe
  - drm/dp/mst: process broadcast messages correctly
  - drm/dp/mst: always send reply for UP request
  - drm/dp/mst: fix in MSTB RAD initialization
  - drm/dp/mst: fix in RAD element access
  - drm: Add drm_fixp_from_fraction and drm_fixp2int_ceil
  - drm/dp/mst: Calculate MST PBN with 31.32 fixed point
  - drm/dp/mst: move GUID storage from mgr, port to only mst branch
  - drm/dp/mst: Reverse order of MST enable and clearing VC payload table.
  - drm/dp/mst: deallocate payload on port destruction
  - drm/radeon: Fix off-by-one errors in radeon_vm_bo_set_addr
  - drm/radeon: call hpd_irq_event on resume
  - drm/radeon: Fix "slow" audio over DP on DCE8+
  - drm/radeon: clean up fujitsu quirks
  - drm/radeon: properly byte swap vce firmware setup
  - drm/radeon: cleaned up VCO output settings for DP audio
  - drm/radeon: Add a common function for DFS handling
  - drm/radeon: fix DP audio support for APU with DCE4.1 display engine
  - drm: add helper to check for wc memory support
  - drm/radeon: mask out WC from BO on unsupported arches
  - drm/radeon: hold reference to fences in radeon_sa_bo_new
  - drm: fix missing reference counting decrease
  - drm/i915: Restore inhibiting the load of the default context
  - drm/i915: intel_hpd_init(): Fix suspend/resume reprobing
  - drm/i915: Init power domains early in driver load
  - drm/i915: Make sure DC writes are coherent on flush.
  - drm/i915/dp: fall back to 18 bpp when sink capability is unknown
  - drm/i915: Don't reject primary plane windowing with color keying enabled on
    SKL+
  - drm/i915/skl: Don't skip mst encoders in skl_ddi_pll_select()
  - drm/i915/dsi: defend gpio table against out of bounds access
  - drm/i915/dsi: don't pass arbitrary data to sideband
  - drm/i915: fix error path in intel_setup_gmbus()
  - drm/qxl: use kmalloc_array to alloc reloc_info in qxl_process_single_command
  - drm/radeon: use post-decrement in error handling
  - drm: No-Op redundant calls to drm_vblank_off() (v2)
  - drm: Prevent vblank counter bumps > 1 with active vblank clients. (v2)
  - drm: Fix drm_vblank_pre/post_modeset regression from Linux 4.4
  - drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
  - drm/radeon: Don't hang in radeon_flip_work_func on disabled crtc. (v2)
  - drm/radeon/pm: adjust display configuration after powerstate
  - make sure that freeing shmem fast symlinks is RCU-delayed
  - toshiba_acpi: Fix blank screen at boot if transflective backlight is
    supported
  - ideapad-laptop: Add Lenovo ideapad Y700-17ISK to no_hw_rfkill dmi list
  - ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
  - uapi: update install list after nvme.h rename
  - lib: sw842: select crc32
  - ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Portege
    R700
  - ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Satellite
    R830
  - ACPI: Revert "ACPI / video: Add Dell Inspiron 5737 to the blacklist"
  - ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot()
  - nfit: fix multi-interface dimm handling, acpi6.1 compatibility
  - dmaengine: dw: fix cyclic transfer setup
  - dmaengine: dw: fix cyclic transfer callbacks
  - dmaengine: at_xdmac: fix resume for cyclic transfers
  - dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer
  - IB/cm: Fix a recently introduced deadlock
  - IB/qib: fix mcast detach when qp not attached
  - IB/qib: Support creating qps with GFP_NOIO flag
  - IB/mlx5: Expose correct maximum number of CQE capacity
  - Thermal: initialize thermal zone device correctly
  - Thermal: handle thermal zone device properly during system sleep
  - Thermal: do thermal zone update after a cooling device registered
  - hwmon: (dell-smm) Blacklist Dell Studio XPS 8000
  - hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook
  - hwmon: (ads1015) Handle negative conversion values correctly
  - cpufreq: pxa2xx: fix pxa_cpufreq_change_voltage prototype
  - cpufreq: Fix NULL reference crash while accessing policy->governor_data
  - seccomp: always propagate NO_NEW_PRIVS on tsync
  - libceph: fix ceph_msg_revoke()
  - libceph: don't bail early from try_read() when skipping a message
  - libceph: use the right footer size when skipping a message
  - libceph: don't spam dmesg with stray reply warnings
  - sd: Optimal I/O size is in bytes, not sectors
  - Staging: speakup: Fix getting port information
  - Revert "Staging: panel: usleep_range is preferred over udelay"
  - cdc-acm:exclude Samsung phone 04e8:685d
  - perf stat: Do not clean event's private stats
  - tick/nohz: Set the correct expiry when switching to nohz/lowres mode
  - rfkill: fix rfkill_fop_read wait_event usage
  - mac80211: Requeue work after scan complete for all VIF types.
  - workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup
  - Revert "workqueue: make sure delayed work run in local cpu"
  - ALSA: hda - Apply clock gate workaround to Skylake, too
  - ALSA: hda - Fixing background noise on Dell Inspiron 3162
  - target: Fix LUN_RESET active I/O handling for ACK_KREF
  - target: Fix LUN_RESET active TMR descriptor handling
  - target: Fix TAS handling for multi-session se_node_acls
  - target: Fix remote-port TMR ABORT + se_cmd fabric stop
  - target: Fix race with SCF_SEND_DELAYED_TAS handling
  - spi: atmel: fix gpio chip-select in case of non-DT platform
  - libata: fix sff host state machine locking while polling
  - ARCv2: STAR 9000950267: Handle return from intr to Delay Slot #2
  - ARCv2: SMP: Emulate IPI to self using software triggered interrupt
  - PCI/AER: Flush workqueue on device remove to avoid use-after-free
  - cpuset: make mm migration asynchronous
  - cgroup: make sure a parent css isn't offlined before its children
  - writeback: keep superblock pinned during cgroup writeback association
    switches
  - phy: core: fix wrong err handle for phy_power_on
  - i2c: i801: Adding Intel Lewisburg support for iTCO
  - bio: return EINTR if copying to user space got interrupted
  - block: fix use-after-free in dio_bio_complete
  - nfs: fix nfs_size_to_loff_t
  - NFSv4: Fix a dentry leak on alias use
  - of/irq: Fix msi-map calculation for nonzero rid-base
  - KVM: async_pf: do not warn on page allocation failures
  - KVM: arm/arm64: vgic: Ensure bitmaps are long enough
  - KVM: x86: fix missed hardware breakpoints
  - KVM: x86: MMU: fix ubsan index-out-of-range warning
  - powerpc/eeh: Fix partial hotplug criterion
  - tracing: Fix showing function event in available_events
  - sunrpc/cache: fix off-by-one in qword_get()
  - kernel/resource.c: fix muxed resource handling in __request_region()
  - do_last(): don't let a bogus return value from ->open() et.al. to confuse us
  - ARM: OMAP2+: Fix onenand initialization to avoid filesystem corruption
  - ARM: at91/dt: fix typo in sama5d2 pinmux descriptions
  - xen/arm: correctly handle DMA mapping of compound pages
  - xen/scsiback: correct frontend counting
  - xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY
  - xen/pciback: Save the number of MSI-X entries to be copied later.
  - xen/pcifront: Fix mysterious crashes when NUMA locality information was
    extracted.
  - should_follow_link(): validate ->d_seq after having decided to follow
  - do_last(): ELOOP failure exit should be done after leaving RCU mode
  - hpfs: don't truncate the file when delete fails
  - x86/irq: Call chip->irq_set_affinity in proper context
  - x86/irq: Fix a race in x86_vector_free_irqs()
  - x86/irq: Validate that irq descriptor is still active
  - x86/irq: Do not use apic_chip_data.old_domain as temporary buffer
  - x86/irq: Reorganize the return path in assign_irq_vector
  - x86/irq: Reorganize the search in assign_irq_vector
  - x86/irq: Check vector allocation early
  - x86/irq: Copy vectormask instead of an AND operation
  - x86/irq: Get rid of code duplication
  - x86/irq: Remove offline cpus from vector cleanup
  - x86/irq: Clear move_in_progress before sending cleanup IPI
  - x86/irq: Remove the cpumask allocation from send_cleanup_vector()
  - x86/irq: Remove outgoing CPU from vector cleanup mask
  - x86/irq: Call irq_force_move_complete with irq descriptor
  - x86/irq: Plug vector cleanup race
  - IB/cma: Fix RDMA port validation for iWarp
  - iwlwifi: dvm: fix WoWLAN
  - iwlwifi: pcie: properly configure the debug buffer size for 8000
  - iwlwifi: update and fix 7265 series PCI IDs
  - iwlwifi: mvm: don't allow sched scans without matches to be started
  - Revert "UBUNTU: SAUCE: bcache: prevent crash on changing writeback_running"
  - bcache: prevent crash on changing writeback_running
  - Linux 4.4.4

* mlx4_en didn't choose time-stamping shift value according to HW frequency
  (LP: #1552627)
  - net/mlx4_en: Choose time-stamping shift value according to HW frequency

* [Ubuntu 16.04] Help to flush kernel panics to console (LP: #1552332)
  - target/transport: add flag to indicate CPU Affinity is observed
  - powerpc/powernv: Add a kmsg_dumper that flushes console output on panic
  - powerpc/powernv: Fix OPAL_CONSOLE_FLUSH prototype and usages

* [Ubuntu 16.04] Update qla2xxx driver for POWER (QLogic) (LP: #1541456)
  - qla2xxx: Fix warning reported by static checker
  - qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM
  - qla2xxx: Fix stale pointer access.
  - qla2xxx: Use ATIO type to send correct tmr response
  - qla2xxx: use TARGET_SCF_USE_CPUID flag to indiate CPU Affinity

* [s390x] zfcp.ko missing from scsi-modules udeb (LP: #1552314)
  - [Config] Add s390x zfcp to scsi-modules udeb

2. By Tim Gardner

[ Andy Whitcroft ]

* Release Tracking Bug
  - LP: #1551868

[ Tim Gardner ]

* AppArmor logs denial for when the device path is ENOENT (LP: #1482943)
  - SAUCE: apparmor: fix log of apparmor audit message when kern_path() fails

* BUG: unable to handle kernel NULL pointer dereference (aa_label_merge) (LP:
  #1448912)
  - SAUCE: apparmor: Fix: insert race between label_update and label_merge
  - SAUCE: apparmor: Fix: ensure aa_get_newest will trip debugging if the
    replacedby is not setup
  - SAUCE: apparmor: Fix: label merge handling of marking unconfined and stale
  - SAUCE: apparmor: Fix: refcount race between locating in labelset and get
  - SAUCE: apparmor: Fix: ensure new labels resulting from merge have a
    replacedby
  - SAUCE: apparmor: Fix: label_vec_merge insertion
  - SAUCE: apparmor: Fix: deadlock in aa_put_label() call chain
  - SAUCE: apparmor: Fix: add required locking of __aa_update_replacedby on
    merge path
  - SAUCE: apparmor: Fix: convert replacedby update to be protected by the
    labelset lock
  - SAUCE: apparmor: Fix: update replacedby allocation to take a gfp parameter

* apparmor kernel BUG kills firefox (LP: #1430546)
  - SAUCE: apparmor: Disallow update of cred when then subjective != the
    objective cred
  - SAUCE: apparmor: rework retrieval of the current label in the profile update
    case

* sleep from invalid context in aa_move_mount (LP: #1539349)
  - SAUCE: apparmor: fix sleep from invalid context

* s390x: correct restore of high gprs on signal return (LP: #1550468)
  - s390/compat: correct restore of high gprs on signal return

* missing SMAP support (LP: #1550517)
  - x86/entry/compat: Add missing CLAC to entry_INT80_32

* Floating-point exception handler receives empty Data-Exception Code in
  Floating Point Control register (LP: #1548414)
  - s390/fpu: signals vs. floating point control register

* kvm fails to boot GNU Hurd kernels with 4.4 Xenial kernel (LP: #1550596)
  - KVM: x86: fix conversion of addresses to linear in 32-bit protected mode

* Surelock GA2 SP1: capiredp01: cxl_init_adapter fails for CAPI devices
  0000:01:00.0 and 0005:01:00.0 after upgrading to 840.10 Platform firmware
  build fips840/b1208b_1604.840 (LP: #1532914)
  - cxl: Fix PSL timebase synchronization detection

* [Feature]EDAC support for Knights Landing (LP: #1519631)
  - EDAC, sb_edac: Set fixed DIMM width on Xeon Knights Landing

* Various failures of kernel_security suite on Xenial kernel on s390x arch
  (LP: #1531327)
  - [config] s390x -- CONFIG_DEFAULT_MMAP_MIN_ADDR=65536

* Unable to install VirtualBox Guest Service in 15.04 (LP: #1434579)
  - [Config] Provides: virtualbox-guest-modules when appropriate

* linux is missing provides for virtualbox-guest-modules [i386 amd64 x32] (LP:
  #1507588)
  - [Config] Provides: virtualbox-guest-modules when appropriate

* Backport more recent driver for SKL, KBL and BXT graphics (LP: #1540390)
  - SAUCE: i915_bpo: Provide a backport driver for SKL, KBL & BXT graphics
  - SAUCE: i915_bpo: Update intel_ips.h file location
  - SAUCE: i915_bpo: Rename the backport driver to i915_bpo
  - SAUCE: i915_bpo: Add i915_bpo_*() calls for ubuntu/i915
  - drm/i915: remove an extra level of indirection in PCI ID list
  - drm/i915/kbl: Add Kabylake PCI ID
  - drm/i915/kbl: Add Kabylake GT4 PCI ID
  - mm: Export nr_swap_pages
  - async: export current_is_async()
  - drm: fix potential dangling else problems in for_each_ macros
  - dp/mst: add SDP stream support
  - drm: Implement drm_modeset_lock_all_ctx()
  - drm: Add "prefix" parameter to drm_rect_debug_print()
  - drm/i915: Set connector_state->connector using the helper.
  - drm/atomic: add connector mask to drm_crtc_state.
  - drm/i915: Report context GTT size
  - drm/i915: Add get_eld audio component
  - SAUCE: Backport I915_PARAM_HAS_EXEC_SOFTPIN and EXEC_OBJECT_PINNED
  - SAUCE: i915_bpo: Revert passing plane/encoder name
  - SAUCE: sound/hda: Load i915_bpo from the hda driver on SKL/KBL/BXT
  - SAUCE: i915_bpo: Support only SKL, KBL and BXT with the backport driver
  - drm/i915/bxt: update list of PCIIDs
  - drm/i915/skl: Add missing SKL ids
  - SAUCE: i915_bpo: Revert "drm/i915: Defer probe if gmux is present but its
    driver isn't"
  - SAUCE: uapi/drm/i915: Backport I915_EXEC_BSD_MASK
  - drm/atomic: Do not unset crtc when an encoder is stolen
  - drm/i915: Update connector_mask during readout, v2.
  - drm/atomic: Add encoder_mask to crtc_state, v3.
  - SAUCE: drm/core: Add drm_encoder_index.
  - SAUCE: i915_bpo: Revert "drm/i915: Switch DDC when reading the EDID"
  - i915_bpo: [Config] Enable CONFIG_DRM_I915_BPO=m

* arm64: guest hangs when ntpd is running (LP: #1549494)
  - hrtimer: Add support for CLOCK_MONOTONIC_RAW
  - hrtimer: Catch illegal clockids
  - KVM: arm/arm64: timer: Switch to CLOCK_MONOTONIC_RAW

* Miscellaneous Ubuntu changes
  - [Debian] git-ubuntu-log -- wrap long bug and commit titles
  - [Config] CONFIG_ARM_SMMU=y on arm64
  - rebase to v4.4.3
  - [Debian] git-ubuntu-log -- ensure we get the last commit
  - [Config] fix up spelling of probably again
  - [Debian] perf -- build in the context of the full generated local headers
  - SAUCE: tools: lib/bpf -- add generated headers to search path
  - SAUCE: proc: Always set super block owner to init_user_ns
  - SAUCE: fix-up: kern_mount fail path should not be doing put_buffers()
  - SAUCE: apparmor: Fix: oops do to invalid null ptr deref in label print fns
  - SAUCE: apparmor: debug: POISON label and replaceby pointer on free
  - SAUCE: apparmor: add underscores to indicate aa_label_next_not_in_set() use
    needs locking
  - SAUCE: apparmor: Fix: refcount leak in aa_label_merge
  - SAUCE: apparmor: ensure that repacedby sharing is done correctly
  - SAUCE: apparmor Fix: refcount bug in pivotroot mediation
  - SAUCE: apparmor: Fix: now that insert can force replacement use it instead
    of remove_and_insert
  - SAUCE: apparmor: Fix: refcount bug when inserting label update that
    transitions ns
  - SAUCE: apparmor: Fix: break circular refcount for label that is directly
    freed.
  - SAUCE: apparmor: Don't remove label on rcu callback if the label has already
    been removed
  - SAUCE: apparmor: Fix: query label file permission
  - SAUCE: apparmor: fix: ref count leak when profile sha1 hash is read
  - SAUCE: fixup: cleanup return handling of labels
  - SAUCE: fix: replacedby forwarding is not being properly update when ns is
    destroyed
  - SAUCE: fixup: make __share_replacedby private to get rid of build warning
  - SAUCE: fixup: 20/23 locking issue around in __label_update
  - SAUCE: fixup: get rid of unused var build warning
  - SAUCE: fixup: cast poison values to remove warnings
  - SAUCE: apparmor: fix refcount race when finding a child profile
  - SAUCE: fixup: warning about aa_label_vec_find_or_create not being static
  - SAUCE: fix: audit "no_new_privs" case for exec failure
  - SAUCE: Fixup: __label_update() still doesn't handle some cases correctly.
  - SAUCE: Move replacedby allocation into label_alloc
  - [Debian] supply zfs dkms Provides: based on do_zfs
  - [Config] supply zfs dkms Provides: based on do_zfs
  - [Config] drop linux-image-3.0 provides

* Miscellaneous upstream changes
  - x86/mpx: Fix off-by-one comparison with nr_registers

[ Upstream Kernel Changes ]

* rebase to v4.4.3

1. By Andy Whitcroft

* update ZFS and SPL to 0.6.5.4 (LP: #1542296)
  - [Config] update spl/zfs version
  - SAUCE: (noup) Update spl to 0.6.5.4-0ubuntu2, zfs to 0.6.5.4-0ubuntu1
  - [Config] reconstruct -- drop links for zfs userspace components
  - [Config] reconstruct -- drop links for zfs userspace components -- restore spec links

* recvmsg() fails SCM_CREDENTIALS request with EOPNOTSUPP. (LP: #1540731)
  - Revert "af_unix: Revert 'lock_interruptible' in stream receive code"

* lxc: ADT exercise test failing with linux-4.4.0-3.17 (LP: #1542049)
  - Revert "UBUNTU: SAUCE: apparmor: fix sleep from invalid context"

* WARNING: at /build/linux-lts-wily-W0lTWH/linux-lts-wily-4.2.0/net/core/skbuff.c:4174 (Travis IB) (LP: #1541326)
  - SAUCE: IB/IPoIB: Do not set skb truesize since using one linearskb

* backport Microsoft Precision Touchpad palm rejection patch (LP: #1541671)
  - HID: multitouch: enable palm rejection if device implements confidence usage

* [Ubuntu 16.04] Update qla2xxx driver for POWER (QLogic) (LP: #1541456)
  - qla2xxx: Remove unavailable firmware files
  - qla2xxx: Enable Extended Logins support
  - qla2xxx: Enable Exchange offload support.
  - qla2xxx: Enable Target counters in DebugFS.
  - qla2xxx: Add FW resource count in DebugFS.
  - qla2xxx: Added interface to send explicit LOGO.
  - qla2xxx: Delete session if initiator is gone from FW
  - qla2xxx: Wait for all conflicts before ack'ing PLOGI
  - qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit.
  - qla2xxx: Remove dependency on hardware_lock to reduce lock contention.
  - qla2xxx: Add irq affinity notification
  - qla2xxx: Add selective command queuing
  - qla2xxx: Move atioq to a different lock to reduce lock contention
  - qla2xxx: Disable ZIO at start time.
  - qla2xxx: Set all queues to 4k
  - qla2xxx: Check for online flag instead of active reset when transmitting responses
  - scsi: qla2xxxx: avoid type mismatch in comparison

* [Hyper-V] PCI Passthrough (LP: #1541120)
  - x86/irq: Export functions to allow MSI domains in modules
  - genirq/msi: Export functions to allow MSI domains in modules

* Update lpfc driver to 11.0.0.10 (LP: #1541592)
  - lpfc: Fix FCF Infinite loop in lpfc_sli4_fcf_rr_next_index_get.
  - lpfc: Fix the FLOGI discovery logic to comply with T11 standards
  - lpfc: Fix RegLogin failed error seen on Lancer FC during port bounce
  - lpfc: Fix driver crash when module parameter lpfc_fcp_io_channel set to 16
  - lpfc: Fix crash in fcp command completion path.
  - lpfc: Modularize and cleanup FDMI code in driver
  - lpfc: Fix RDP Speed reporting.
  - lpfc: Fix RDP ACC being too long.
  - lpfc: Make write check error processing more resilient
  - lpfc: Use new FDMI speed definitions for 10G, 25G and 40G FCoE.
  - lpfc: Fix mbox reuse in PLOGI completion
  - lpfc: Fix external loopback failure.
  - lpfc: Add logging for misconfigured optics.
  - lpfc: Delete unnecessary checks before the function call "mempool_destroy"
  - lpfc: Use kzalloc instead of kmalloc
  - lpfc: Update version to 11.0.0.10 for upstream patch set

* Miscellaneous Ubuntu changes
  - [Config] CONFIG_ARM64_VA_BITS=48
  - [Config] Fixed Vcs-Git

* Miscellaneous upstream changes
  - cxl: Fix possible idr warning when contexts are released
  - cxl: use correct operator when writing pcie config space values
  - cxlflash: drop unlikely before IS_ERR_OR_NULL
  - cxl: Fix DSI misses when the context owning task exits
  - cxlflash: Removed driver date print
  - cxlflash: Fix to resolve cmd leak after host reset
  - cxlflash: Resolve oops in wait_port_offline
  - cxlflash: Enable device id for future IBM CXL adapter
  - cxl: fix build for GCC 4.6.x
  - cxl: use -Werror only with CONFIG_PPC_WERROR
  - cxl: Enable PCI device ID for future IBM CXL adapter

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers