Cosmic update: 4.18.15 upstream stable release

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       4.18.15 upstream stable release
       from git://git.kernel.org/

The following patches will be applied:
* bnxt_en: Fix TX timeout during netpoll.
* bnxt_en: free hwrm resources, if driver probe fails.
* bonding: avoid possible dead-lock
* ip6_tunnel: be careful when accessing the inner header
* ip_tunnel: be careful when accessing the inner header
* ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
* ipv6: take rcu lock in rawv6_send_hdrinc()
* net: dsa: bcm_sf2: Call setup during switch resume
* net: hns: fix for unmapping problem when SMMU is on
* net: ipv4: update fnhe_pmtu when first hop's MTU changes
* net/ipv6: Display all addresses in output of /proc/net/if_inet6
* netlabel: check for IPV4MASK in addrinfo_get
* net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
* net: mvpp2: fix a txq_done race condition
* net: sched: Add policy validation for tc attributes
* net: sched: cls_u32: fix hnode refcounting
* net: systemport: Fix wake-up interrupt race during resume
* net/usb: cancel pending work when unbinding smsc75xx
* qlcnic: fix Tx descriptor corruption on 82xx devices
* qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
* rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
* sctp: update dst pmtu with the correct daddr
* team: Forbid enslaving team device to itself
* tipc: fix flow control accounting for implicit connect
* udp: Unbreak modules that rely on external __skb_recv_udp() availability
* net: qualcomm: rmnet: Skip processing loopback packets
* net: qualcomm: rmnet: Fix incorrect allocation flag in transmit
* net: qualcomm: rmnet: Fix incorrect allocation flag in receive path
* tun: remove unused parameters
* tun: initialize napi_mutex unconditionally
* tun: napi flags belong to tfile
* net: stmmac: Fixup the tail addr setting in xmit path
* net/packet: fix packet drop as of virtio gso
* net: dsa: bcm_sf2: Fix unbind ordering
* net/mlx5e: Set vlan masks for all offloaded TC rules
* net: aquantia: memory corruption on jumbo frames
* net/mlx5: E-Switch, Fix out of bound access when setting vport rate
* bonding: pass link-local packets to bonding master also.
* bonding: fix warning message
* net: stmmac: Rework coalesce timer and fix multi-queue races
* nfp: avoid soft lockups under control message storm
* bnxt_en: don't try to offload VLAN 'modify' action
* net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN
* net: phy: phylink: fix SFP interface autodetection
* sfp: fix oops with ethtool -m
* tcp/dccp: fix lockdep issue when SYN is backlogged
* inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
* net: dsa: b53: Keep CPU port as tagged in all VLANs
* rtnetlink: Fail dump if target netnsid is invalid
* bnxt_en: Fix VNIC reservations on the PF.
* net: ipv4: don't let PMTU updates increase route MTU
* net/mlx5: Check for SQ and not RQ state when modifying hairpin SQ
* bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request
* bnxt_en: get the reduced max_irqs by the ones used by RDMA
* net/ipv6: Remove extra call to ip6_convert_metrics for multipath case
* net/ipv6: stop leaking percpu memory in fib6 info
* net: mscc: fix the frame extraction into the skb
* qed: Fix shmem structure inconsistency between driver and the mfw.
* r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO
* r8169: set RX_MULTI_EN bit in RxConfig for 8168F-family chips
* vxlan: fill ttl inherit info
* ASoC: dapm: Fix NULL pointer deference on CODEC to CODEC DAIs
* ASoC: max98373: Added speaker FS gain cotnrol register to volatile.
* ASoC: rt5514: Fix the issue of the delay volume applied again
* selftests: android: move config up a level
* selftests: kselftest: Remove outdated comment
* ASoC: max98373: Added 10ms sleep after amp software reset
* ASoC: wm8804: Add ACPI support
* ASoC: sigmadsp: safeload should not have lower byte limit
* ASoC: q6routing: initialize data correctly
* selftests: add headers_install to lib.mk
* selftests/efivarfs: add required kernel configs
* selftests: memory-hotplug: add required configs
* ASoC: rsnd: adg: care clock-frequency size
* ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER
* hwmon: (nct6775) Fix access to fan pulse registers
* Fix cg_read_strcmp()
* ASoC: AMD: Ensure reset bit is cleared before configuring
* drm/pl111: Make sure of_device_id tables are NULL terminated
* Bluetooth: SMP: Fix trying to use non-existent local OOB data
* Bluetooth: Use correct tfm to generate OOB data
* Bluetooth: hci_ldisc: Free rw_semaphore on close
* mfd: omap-usb-host: Fix dts probe of children
* KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size
* scsi: iscsi: target: Don't use stack buffer for scatterlist
* scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted()
* sound: enable interrupt after dma buffer initialization
* sound: don't call skl_init_chip() to reset intel skl soc
* bpf: btf: Fix end boundary calculation for type section
* bpf: use __GFP_COMP while allocating page
* hwmon: (nct6775) Fix virtual temperature sources for NCT6796D
* hwmon: (nct6775) Fix RPM output for fan7 on NCT6796D
* stmmac: fix valid numbers of unicast filter entries
* hwmon: (nct6775) Use different register to get fan RPM for fan7
* net: ethernet: ti: add missing GENERIC_ALLOCATOR dependency
* net: macb: disable scatter-gather for macb on sama5d3
* ARM: dts: at91: add new compatibility string for macb on sama5d3
* PCI: hv: support reporting serial number as slot information
* clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail
* clk: x86: Stop marking clocks as CLK_IS_CRITICAL
* pinctrl: cannonlake: Fix gpio base for GPP-E
* x86/kvm/lapic: always disable MMIO interface in x2APIC mode
* drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
* drm/amdkfd: Change the control stack MTYPE from UC to NC on GFX9
* drm/amdkfd: Fix ATS capablity was not reported correctly on some APUs
* mm: slowly shrink slabs with a relatively small number of objects
* mm/vmstat.c: fix outdated vmstat_text
* afs: Fix afs_server struct leak
* afs: Fix clearance of reply
* MIPS: Fix CONFIG_CMDLINE handling
* MIPS: VDSO: Always map near top of user memory
* mach64: detect the dot clock divider correctly on sparc
* vsprintf: Fix off-by-one bug in bstr_printf() processing dereferenced pointers
* percpu: stop leaking bitmap metadata blocks
* perf script python: Fix export-to-postgresql.py occasional failure
* perf script python: Fix export-to-sqlite.py sample columns
* s390/cio: Fix how vfio-ccw checks pinned pages
* dm cache: destroy migration_cache if cache target registration failed
* dm: fix report zone remapping to account for partition offset
* dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled
* dm linear: fix linear_end_io conditional definition
* cgroup: Fix dom_cgrp propagation when enabling threaded mode
* Input: xpad - add support for Xbox1 PDP Camo series gamepad
* drm/nouveau/drm/nouveau: Grab runtime PM ref in nv50_mstc_detect()
* mmc: block: avoid multiblock reads for the last sector in SPI mode
* pinctrl: mcp23s08: fix irq and irqchip setup order
* arm64: perf: Reject stand-alone CHAIN events for PMUv3
* mm/mmap.c: don't clobber partially overlapping VMA with MAP_FIXED_NOREPLACE
* mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2
* filesystem-dax: Fix dax_layout_busy_page() livelock
* mm: Preserve _PAGE_DEVMAP across mprotect() calls
* i2c: i2c-scmi: fix for i2c_smbus_write_block_data
* KVM: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault
* Linux 4.18.15