This bug was fixed in the package linux - 4.17.0-7.8

---------------
linux (4.17.0-7.8) cosmic; urgency=medium

  * linux: 4.17.0-7.8 -proposed tracker (LP: #1785242)

  * Cosmic update to 4.17.12 stable release (LP: #1785211)
    - spi: spi-s3c64xx: Fix system resume support
    - Input: elan_i2c - add ACPI ID for lenovo ideapad 330
    - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
    - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
    - mm: disallow mappings that conflict for devm_memremap_pages()
    - kvm, mm: account shadow page tables to kmemcg
    - delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
    - tracing: Fix double free of event_trigger_data
    - tracing: Fix possible double free in event_enable_trigger_func()
    - kthread, tracing: Don't expose half-written comm when creating kthreads
    - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
    - tracing: Quiet gcc warning about maybe unused link variable
    - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
    - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues.
    - mlxsw: spectrum_switchdev: Fix port_vlan refcounting
    - kcov: ensure irq code sees a valid area
    - mm: check for SIGKILL inside dup_mmap() loop
    - drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2)
    - xen/netfront: raise max number of slots in xennet_get_responses()
    - hv_netvsc: fix network namespace issues with VF support
    - skip LAYOUTRETURN if layout is invalid
    - ixgbe: Fix setting of TC configuration for macvlan case
    - ALSA: emu10k1: add error handling for snd_ctl_add
    - ALSA: fm801: add error handling for snd_ctl_add
    - NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
    - nfsd: fix error handling in nfs4_set_delegation()
    - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
    - vfio: platform: Fix reset module leak in error path
    - vfio/mdev: Check globally for duplicate devices
    - vfio/type1: Fix task tracking for QEMU vCPU hotplug
    - kernel/hung_task.c: show all hung tasks before panic
    - mem_cgroup: make sure moving_account, move_lock_task and stat_cpu in the
      same cacheline
    - mm: /proc/pid/pagemap: hide swap entries from unprivileged users
    - mm: vmalloc: avoid racy handling of debugobjects in vunmap
    - mm/slub.c: add __printf verification to slab_err()
    - rtc: ensure rtc_set_alarm fails when alarms are not supported
    - rxrpc: Fix terminal retransmission connection ID to include the channel
    - perf tools: Fix pmu events parsing rule
    - netfilter: ipset: forbid family for hash:mac sets
    - netfilter: ipset: List timing out entries with "timeout 1" instead of zero
    - irqchip/ls-scfg-msi: Map MSIs in the iommu
    - watchdog: da9063: Fix updating timeout value
    - media: arch: sh: migor: Fix TW9910 PDN gpio
    - printk: drop in_nmi check from printk_safe_flush_on_panic()
    - bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
    - ceph: fix alignment of rasize
    - ceph: fix use-after-free in ceph_statfs()
    - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
    - infiniband: fix a possible use-after-free bug
    - powerpc/lib: Adjust .balign inside string functions for PPC32
    - powerpc/64s: Add barrier_nospec
    - powerpc/eeh: Fix use-after-release of EEH driver
    - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
    - powerpc/64s: Fix compiler store ordering to SLB shadow area
    - clk-si544: Properly round requested frequency to nearest match
    - clk: ingenic: jz4770: Modify C1CLK clock to disable CPU clock stop on idle
    - RDMA/mad: Convert BUG_ONs to error flows
    - lightnvm: fix partial read error path
    - lightnvm: proper error handling for pblk_bio_add_pages
    - lightnvm: pblk: warn in case of corrupted write buffer
    - netfilter: nf_tables: check msg_type before nft_trans_set(trans)
    - pnfs: Don't release the sequence slot until we've processed layoutget on
      open
    - NFS: Fix up nfs_post_op_update_inode() to force ctime updates
    - disable loading f2fs module on PAGE_SIZE > 4KB
    - f2fs: fix error path of move_data_page
    - f2fs: don't drop dentry pages after fs shutdown
    - f2fs: fix to don't trigger writeback during recovery
    - f2fs: fix to wait page writeback during revoking atomic write
    - f2fs: Fix deadlock in shutdown ioctl
    - f2fs: fix missing clear FI_NO_PREALLOC in some error case
    - f2fs: fix to detect failure of dquot_initialize
    - f2fs: fix race in between GC and atomic open
    - block, bfq: remove wrong lock in bfq_requests_merged
    - usbip: usbip_detach: Fix memory, udev context and udev leak
    - usbip: dynamically allocate idev by nports found in sysfs
    - perf/x86/intel/uncore: Correct fixed counter index check in generic code
    - perf/x86/intel/uncore: Correct fixed counter index check for NHM
    - selftests/intel_pstate: Improve test, minor fixes
    - selftests: memfd: return Kselftest Skip code for skipped tests
    - selftests: kvm: return Kselftest Skip code for skipped tests
    - selftests: intel_pstate: return Kselftest Skip code for skipped tests
    - selftests: filesystems: return Kselftest Skip code for skipped tests
    - selftests/filesystems: devpts_pts included wrong header
    - qtnfmac: fix invalid STA state on EAPOL failure
    - PCI: Fix devm_pci_alloc_host_bridge() memory leak
    - btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
    - iwlwifi: pcie: fix race in Rx buffer allocator
    - iwlwifi: mvm: open BA session only when sta is authorized
    - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
    - drm/amd/display: Do not program interrupt status on disabled crtc
    - drivers/bus: arm-cci: fix build warnings
    - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
    - ASoC: dpcm: fix BE dai not hw_free and shutdown
    - mfd: cros_ec: Fail early if we cannot identify the EC
    - mwifiex: handle race during mwifiex_usb_disconnect
    - wlcore: sdio: check for valid platform device data before suspend
    - media: tw686x: Fix incorrect vb2_mem_ops GFP flags
    - media: cec-pin-error-inj: avoid a false-positive Spectre detection
    - media: videobuf2-core: don't call memop 'finish' when queueing
    - Btrfs: don't return ino to ino cache if inode item removal fails
    - Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
    - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
    - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
    - x86/microcode: Make the late update update_lock a raw lock for RT
    - PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
    - PCI: Prevent sysfs disable of device while driver is attached
    - soc: qcom: qmi: fix a buffer sizing bug
    - soc: qcom: smem: fix qcom_smem_set_global_partition()
    - soc: qcom: smem: byte swap values properly
    - nvme-rdma: stop admin queue before freeing it
    - nvme-pci: Fix AER reset handling
    - ath: Add regulatory mapping for FCC3_ETSIC
    - ath: Add regulatory mapping for ETSI8_WORLD
    - ath: Add regulatory mapping for APL13_WORLD
    - ath: Add regulatory mapping for APL2_FCCA
    - ath: Add regulatory mapping for Uganda
    - ath: Add regulatory mapping for Tanzania
    - ath: Add regulatory mapping for Serbia
    - ath: Add regulatory mapping for Bermuda
    - ath: Add regulatory mapping for Bahamas
    - sched/cpufreq: Modify aggregate utilization to always include blocked FAIR
      utilization
    - powerpc/32: Add a missing include header
    - powerpc/chrp/time: Make some functions static, add missing header include
    - powerpc/powermac: Add missing prototype for note_bootable_part()
    - powerpc/powermac: Mark variable x as unused
    - powerpc: Add __printf verification to prom_printf
    - KVM: x86: prevent integer overflows in KVM_MEMORY_ENCRYPT_REG_REGION
    - spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
    - powerpc/8xx: fix invalid register expression in head_8xx.S
    - pinctrl: at91-pio4: add missing of_node_put
    - pinctrl: msm: fix gpio-hog related boot issues
    - bpf: fix multi-function JITed dump obtained via syscall
    - bpf: powerpc64: pad function address loads with NOPs
    - PCI: pciehp: Request control of native hotplug only if supported
    - net: dsa: qca8k: Add support for QCA8334 switch
    - mwifiex: correct histogram data with appropriate index
    - mt76x2: apply coverage class on slot time too
    - ima: based on policy verify firmware signatures (pre-allocated buffer)
    - watchdog: renesas-wdt: Add support for the R8A77965 WDT
    - drivers/perf: arm-ccn: don't log to dmesg in event_init
    - spi: Add missing pm_runtime_put_noidle() after failed get
    - fscrypt: use unbound workqueue for decryption
    - net: mvpp2: Add missing VLAN tag detection
    - scsi: ufs: ufshcd: fix possible unclocked register access
    - scsi: ufs: fix exception event handling
    - scsi: zfcp: assert that the ERP lock is held when tracing a recovery 
trigger
    - drm/nouveau: remove fence wait code from deferred client work handler
    - drm/nouveau/gem: lookup VMAs for buffers referenced by pushbuf ioctl
    - drm/nouveau/fifo/gk104-: poll for runlist update completion
    - Bluetooth: btusb: add ID for LiteOn 04ca:301a
    - rtc: tps6586x: fix possible race condition
    - rtc: vr41xx: fix possible race condition
    - rtc: tps65910: fix possible race condition
    - ALSA: emu10k1: Rate-limit error messages about page errors
    - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
    - md/raid1: add error handling of read error from FailFast device
    - md: fix NULL dereference of mddev->pers in remove_and_add_spares()
    - ixgbevf: fix MAC address changes through ixgbevf_set_mac()
    - gpu: host1x: Acquire a reference to the IOVA cache
    - media: smiapp: fix timeout checking in smiapp_read_nvm
    - PCI/DPC: Clear interrupt status in interrupt handler top half
    - clocksource: Move inline keyword to the beginning of function declarations
    - net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
    - ALSA: usb-audio: Apply rate limit to warning messages in URB complete
      callback
    - media: atomisp: ov2680: don't declare unused vars
    - media: staging: atomisp: Comment out several unused sensor resolutions
    - arm64: cmpwait: Clear event register before arming exclusive monitor
    - HID: hid-plantronics: Re-resend Update to map button for PTT products
    - arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
    - drm/amd/display: remove need of modeset flag for overlay planes (V2)
    - drm/radeon: fix mode_valid's return type
    - drm/amdgpu: Remove VRAM from shared bo domains.
    - drm/amd/display: Fix dim display on DCE11
    - IB: Fix RDMA_RXE and INFINIBAND_RDMAVT dependencies for DMA_VIRT_OPS
    - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by
      Starlet
    - HID: i2c-hid: check if device is there before really probing
    - EDAC, altera: Fix ARM64 build warning
    - rsi: Add null check for virtual interfaces in wowlan config
    - ARM: dts: stih410: Fix complain about IRQ_TYPE_NONE usage
    - ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
    - ARM: dts: emev2: Add missing interrupt-affinity to PMU node
    - ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
    - nvmem: properly handle returned value nvmem_reg_read
    - ARM: dts: imx53: Fix LDB OF graph warning
    - i40e: free the skb after clearing the bitlock
    - tty: Fix data race in tty_insert_flip_string_fixed_flag
    - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
    - net: phy: phylink: Release link GPIO
    - media: rcar_jpu: Add missing clk_disable_unprepare() on error in 
jpu_open()
    - libata: Fix command retry decision
    - ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
    - media: media-device: fix ioctl function types
    - media: saa7164: Fix driver name in debug output
    - media: renesas-ceu: Set mbus_fmt on subdev operations
    - media: em28xx: Fix DualHD broken second tuner
    - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter 
pages
    - brcmfmac: Add support for bcm43364 wireless chipset
    - s390/cpum_sf: Add data entry sizes to sampling trailer entry
    - perf: fix invalid bit in diagnostic entry
    - net: phy: sfp: handle cases where neither BR, min nor BR, max is given
    - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
    - bnxt_en: Always forward VF MAC address to the PF.
    - mm, powerpc, x86: define VM_PKEY_BITx bits if CONFIG_ARCH_HAS_PKEYS is
      enabled
    - staging: most: cdev: fix chrdev_region leak
    - scsi: 3w-9xxx: fix a missing-check bug
    - scsi: 3w-xxxx: fix a missing-check bug
    - scsi: megaraid: silence a static checker bug
    - soc/tegra: pmc: Don't allocate struct tegra_powergate on stack
    - scsi: qedf: Set the UNLOADING flag when removing a vport
    - dma-direct: try reallocation with GFP_DMA32 if possible
    - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
    - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
    - thermal: exynos: fix setting rising_threshold for Exynos5433
    - regulator: add dummy function of_find_regulator_by_node
    - bpf: fix references to free_bpf_prog_info() in comments
    - f2fs: avoid fsync() failure caused by EAGAIN in writepage()
    - media: em28xx: fix a regression with HVR-950
    - media: siano: get rid of __le32/__le16 cast warnings
    - mt76x2: fix avg_rssi estimation
    - drm/atomic: Handling the case when setting old crtc for plane
    - mmc: sdhci-omap: Fix when capabilities are obtained from 
SDHCI_CAPABILITIES
      reg
    - f2fs: check cap_resource only for data blocks
    - mlxsw: spectrum_router: Return an error for non-default FIB rules
    - ALSA: hda/ca0132: fix build failure when a local macro is defined
    - mmc: dw_mmc: update actual clock for mmc debugfs
    - mmc: pwrseq: Use kmalloc_array instead of stack VLA
    - dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
    - spi: meson-spicc: Fix error handling in meson_spicc_probe()
    - dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
    - i40e: Add advertising 10G LR mode
    - i40e: avoid overflow in i40e_ptp_adjfreq()
    - mt76: add rcu locking around tx scheduling
    - backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
    - stop_machine: Use raw spinlocks
    - delayacct: Use raw_spinlocks
    - ath10k: fix kernel panic while reading tpc_stats
    - memory: tegra: Do not handle spurious interrupts
    - memory: tegra: Apply interrupts mask per SoC
    - nvme: lightnvm: add granby support
    - ASoC: fsl_ssi: Use u32 variable type when using regmap_read()
    - arm64: defconfig: Enable Rockchip io-domain driver
    - ASoC: compress: Only call free for components which have been opened
    - igb: Fix queue selection on MAC filters on i210
    - qtnfmac: pearl: pcie: fix memory leak in qtnf_fw_work_handler
    - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
    - ipconfig: Correctly initialise ic_nameservers
    - rsi: Fix 'invalid vdd' warning in mmc
    - rsi: fix nommu_map_sg overflow kernel panic
    - audit: allow not equal op for audit by executable
    - drm/rockchip: analogix_dp: Do not call Analogix code before bind
    - platform/x86: dell-smbios: Match on www.dell.com in OEM strings too
    - staging: vchiq_core: Fix missing semaphore release in error case
    - staging: lustre: llite: correct removexattr detection
    - staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
    - staging: ks7010: fix error handling in ks7010_upload_firmware
    - serial: core: Make sure compiler barfs for 16-byte earlycon names
    - soc: imx: gpcv2: Do not pass static memory as platform data
    - microblaze: Fix simpleImage format generation
    - usb: hub: Don't wait for connect state at resume for powered-off ports
    - crypto: authencesn - don't leak pointers to authenc keys
    - crypto: authenc - don't leak pointers to authenc keys
    - y2038: ipc: Use ktime_get_real_seconds consistently
    - media: rc: mce_kbd decoder: low timeout values cause double keydowns
    - media: omap3isp: fix unbalanced dma_iommu_mapping
    - regulator: Don't return or expect -errno from of_map_mode()
    - ath10k: search all IEs for variant before falling back
    - drm/stm: ltdc: fix warning in ltdc_crtc_update_clut()
    - scsi: scsi_dh: replace too broad "TP9" string with the exact models
    - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
    - PCI/ASPM: Disable ASPM L1.2 Substate if we don't have LTR
    - media: atomisp: compat32: fix __user annotations
    - media: cec: fix smatch error
    - media: si470x: fix __be16 annotations
    - ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
    - ASoC: topology: Add missing clock gating parameter when parsing hw_configs
    - ARM: dts: imx6qdl-wandboard: Let the codec control MCLK pinctrl
    - drm: Add DP PSR2 sink enable bit
    - drm/atomic-helper: Drop plane->fb references only for
      drm_atomic_helper_shutdown()
    - drm/dp/mst: Fix off-by-one typo when dump payload table
    - drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier
    - block: bio_iov_iter_get_pages: fix size of last iovec
    - blkdev: __blkdev_direct_IO_simple: fix leak in error case
    - block: reset bi_iter.bi_done after splitting bio
    - nvmet-fc: fix target sgl list on large transfers
    - i2c: rcar: handle RXDMA HW behaviour on Gen3
    - random: mix rdrand with entropy sent in from userspace
    - squashfs: be more careful about metadata corruption
    - ext4: fix false negatives *and* false positives in 
ext4_check_descriptors()
    - ext4: fix inline data updates with checksums enabled
    - ext4: fix check to prevent initializing reserved inodes
    - gpio: of: Handle fixed regulator flags properly
    - gpio: uniphier: set legitimate irq trigger type in .to_irq hook
    - RDMA/uverbs: Protect from attempts to create flows on unsupported QP
    - net: dsa: qca8k: Force CPU port to its highest bandwidth
    - net: dsa: qca8k: Enable RXMAC when bringing up a port
    - net: dsa: qca8k: Add QCA8334 binding documentation
    - net: dsa: qca8k: Allow overwriting CPU port setting
    - ipv4: remove BUG_ON() from fib_compute_spec_dst
    - netdevsim: don't leak devlink resources
    - net: ena: Fix use of uninitialized DMA address bits field
    - net: fix amd-xgbe flow-control issue
    - net: lan78xx: fix rx handling before first packet is send
    - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
    - NET: stmmac: align DMA stuff to largest cache line length
    - RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr
    - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
    - virtio_net: Fix incosistent received bytes counter
    - xen-netfront: wait xenbus state change when load module manually
    - cxgb4: Added missing break in ndo_udp_tunnel_{add/del}
    - net: rollback orig value on failure of dev_qdisc_change_tx_queue_len
    - netlink: Do not subscribe to non-existent groups
    - netlink: Don't shift with UB on nlk->ngroups
    - tcp: do not force quickack when receiving out-of-order packets
    - tcp: add max_quickacks param to tcp_incr_quickack and
      tcp_enter_quickack_mode
    - tcp: do not aggressively quick ack after ECN events
    - tcp: refactor tcp_ecn_check_ce to remove sk type cast
    - tcp: add one more quick ack after after ECN events
    - tcp: ack immediately when a cwr packet arrives
    - ACPICA: AML Parser: ignore control method status in module-level code
    - Linux 4.17.12

  * Suspend fails in Ubuntu and Kubuntu 18.04 but works fine in Ubuntu and
    Kubuntu 17.10 (and on Kubuntu 18.04 using kernel 4.14.47) (LP: #1774950)
    - ACPI / LPSS: Avoid PM quirks on suspend and resume from hibernation

  * hinic interfaces aren't getting predictable names (LP: #1783138)
    - hinic: Link the logical network device to the pci device in sysfs

  * libvirtd is unable to configure bridge devices inside of LXD containers
    (LP: #1784501)
    - kernfs: allow creating kernfs objects with arbitrary uid/gid
    - sysfs, kobject: allow creating kobject belonging to arbitrary users
    - kobject: kset_create_and_add() - fetch ownership info from parent
    - driver core: set up ownership of class devices in sysfs
    - net-sysfs: require net admin in the init ns for setting tx_maxrate
    - net-sysfs: make sure objects belong to container's owner
    - net: create reusable function for getting ownership info of sysfs inodes
    - bridge: make sure objects belong to container's owner
    - sysfs: Fix regression when adding a file to an existing group

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix 
sockets

  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process

  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id

  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

  * Allow Raven Ridge's audio controller to be runtime suspended (LP: #1782540)
    - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge

  * Invoking obsolete 'firmware_install' target breaks snap build (LP: #1782166)
    - snapcraft.yaml: stop invoking the obsolete (and non-existing)
      'firmware_install' target

  * snapcraft.yaml: missing ubuntu-retpoline-extract-one script breaks the build
    (LP: #1782116)
    - snapcraft.yaml: copy retpoline-extract-one to scripts before build

  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE

  * Error parsing PCC subspaces from PCCT (LP: #1528684)
    - mailbox: PCC: erroneous error message when parsing ACPI PCCT

  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390

  * Cosmic update to 4.17.11 stable release (LP: #1784636)
    - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
    - Revert "iommu/intel-iommu: Enable CONFIG_DMA_DIRECT_OPS=y and clean up
      intel_{alloc,free}_coherent()"
    - MIPS: ath79: fix register address in ath79_ddr_wb_flush()
    - MIPS: Fix off-by-one in pci_resource_to_user()
    - clk: mvebu: armada-37xx-periph: Fix switching CPU rate from 300Mhz to 
1.2GHz
    - clk: aspeed: Mark bclk (PCIe) and dclk (VGA) as critical
    - clk: aspeed: Support HPLL strapping on ast2400
    - xen/PVH: Set up GS segment for stack canary
    - KVM: PPC: Check if IOMMU page is contained in the pinned physical page
    - drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
    - drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
    - clk: meson-gxbb: set fclk_div2 as CLK_IS_CRITICAL
    - bonding: set default miimon value for non-arp modes if not set
    - ip: hash fragments consistently
    - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
    - net: dsa: mv88e6xxx: fix races between lock and irq freeing
    - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
    - net-next/hinic: fix a problem in hinic_xmit_frame()
    - net: skb_segment() should not return NULL
    - tcp: fix dctcp delayed ACK schedule
    - tcp: helpers to send special DCTCP ack
    - tcp: do not cancel delay-AcK on DCTCP special ACK
    - tcp: do not delay ACK in DCTCP upon CE status change
    - net/mlx5: E-Switch, UBSAN fix undefined behavior in mlx5_eswitch_mode
    - r8169: restore previous behavior to accept BIOS WoL settings
    - tls: check RCV_SHUTDOWN in tls_wait_data
    - net/mlx5e: Add ingress/egress indication for offloaded TC flows
    - net/mlx5e: Only allow offloading decap egress (egdev) flows
    - net/mlx5e: Refine ets validation function
    - nfp: flower: ensure dead neighbour entries are not offloaded
    - sock: fix sg page frag coalescing in sk_alloc_sg
    - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
    - multicast: do not restore deleted record source filter mode to new one
    - net/ipv6: Fix linklocal to global address with VRF
    - net/mlx5e: Don't allow aRFS for encapsulated packets
    - net/mlx5e: Fix quota counting in aRFS expire flow
    - net/mlx5: Adjust clock overflow work period
    - rtnetlink: add rtnl_link_state check in rtnl_configure_link
    - vxlan: add new fdb alloc and create helpers
    - vxlan: make netlink notify in vxlan_fdb_destroy optional
    - vxlan: fix default fdb entry netlink notify ordering during netdev create
    - tcp: free batches of packets in tcp_prune_ofo_queue()
    - tcp: avoid collapses in tcp_prune_queue() if possible
    - tcp: detect malicious patterns in tcp_collapse_ofo_queue()
    - tcp: call tcp_drop() from tcp_data_queue_ofo()
    - tcp: add tcp_ooo_try_coalesce() helper
    - Revert "staging:r8188eu: Use lib80211 to support TKIP"
    - staging: speakup: fix wraparound in uaccess length check
    - usb: cdc_acm: Add quirk for Castles VEGA3000
    - usb: core: handle hub C_PORT_OVER_CURRENT condition
    - usb: dwc2: Fix DMA alignment to start at allocated boundary
    - usb: xhci: Fix memory leak in xhci_endpoint_reset()
    - usb: gadget: Fix OS descriptors support
    - usb: gadget: f_fs: Only return delayed status when len is 0
    - ACPICA: AML Parser: ignore dispatcher error status during table load
    - driver core: Partially revert "driver core: correct device's shutdown 
order"
    - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
    - can: xilinx_can: fix power management handling
    - can: xilinx_can: fix recovery from error states not being propagated
    - can: xilinx_can: fix device dropping off bus on RX overrun
    - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
    - can: xilinx_can: fix incorrect clear of non-processed interrupts
    - can: xilinx_can: fix RX overflow interrupt not being enabled
    - can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA 
addr
      only
    - can: m_can: Fix runtime resume call
    - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before
      checking can.ctrlmode
    - Linux 4.17.11

  * Cosmic update to 4.17.10 stable release (LP: #1784634)
    - scsi: sd_zbc: Fix variable type and bogus comment
    - scsi: qla2xxx: Fix inconsistent DMA mem alloc/free
    - scsi: qla2xxx: Fix kernel crash due to late workqueue allocation
    - scsi: qla2xxx: Fix NULL pointer dereference for fcport search
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
    - KVM: VMX: Mark VMXArea with revision_id of physical CPU even when eVMCS
      enabled
    - x86/kvm/vmx: don't read current->thread.{fs,gs}base of legacy tasks
    - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock
    - x86/apm: Don't access __preempt_count with zeroed fs
    - x86/events/intel/ds: Fix bts_interrupt_threshold alignment
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: rawmidi: Change resized buffers atomically
    - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
    - ALSA: hda/realtek - Yet another Clevo P950 quirk entry
    - ARCv2: [plat-hsdk]: Save accl reg pair by default
    - ARC: Fix CONFIG_SWAP
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - mm/huge_memory.c: fix data loss when splitting a file pmd
    - cpufreq: intel_pstate: Register when ACPI PCCH is present
    - vfio/pci: Fix potential Spectre v1
    - vfio/spapr: Use IOMMU pageshift rather than pagesize
    - stop_machine: Disable preemption when waking two stopper threads
    - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
    - drm/amdgpu: Reserve VM root shared fence slot for command submission (v3)
    - drm/i915: Fix hotplug irq ack on i965/g4x
    - Revert "drm/amd/display: Don't return ddc result and read_bytes in same
      return value"
    - drm/nouveau: Remove bogus crtc check in pmops_runtime_idle
    - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
    - drm/nouveau: Avoid looping through fake MST connectors
    - gen_stats: Fix netlink stats dumping in the presence of padding
    - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
    - ipv6: fix useless rol32 call on hash
    - ipv6: ila: select CONFIG_DST_CACHE
    - lib/rhashtable: consider param->min_size when setting initial table size
    - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
    - net: Don't copy pfmemalloc flag in __copy_skb_header()
    - skbuff: Unconditionally copy pfmemalloc in __skb_clone()
    - net/ipv4: Set oif in fib_compute_spec_dst
    - net/ipv6: Do not allow device only routes via the multipath API
    - net: phy: fix flag masking in __set_phy_supported
    - ptp: fix missing break in switch
    - qmi_wwan: add support for Quectel EG91
    - rhashtable: add restart routine in rhashtable_free_and_destroy()
    - sch_fq_codel: zero q->flows_cnt when fq_codel_init fails
    - tg3: Add higher cpu clock for 5762.
    - net: ip6_gre: get ipv6hdr after skb_cow_head()
    - sctp: introduce sctp_dst_mtu
    - sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
    - hv_netvsc: Fix napi reschedule while receive completion is busy
    - net: aquantia: vlan unicast address list correct handling
    - net/mlx4_en: Don't reuse RX page when XDP is set
    - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
    - ipv6: make DAD fail with enhanced DAD when nonce length differs
    - net: usb: asix: replace mii_nway_restart in resume path
    - alpha: fix osf_wait4() breakage
    - drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()
    - cxl_getfile(): fix double-iput() on alloc_file() failures
    - xhci: Fix perceived dead host due to runtime suspend race with event 
handler
    - Linux 4.17.10

  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763) // Cosmic update
    to 4.17.10 stable release (LP: #1784634)
    - ALSA: hda: add mute led support for HP ProBook 455 G5

 -- Thadeu Lima de Souza Cascardo <casca...@canonical.com>  Fri, 03 Aug
2018 09:33:11 -0300

** Changed in: linux (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12233

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13094

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1780227

Title:
  locking sockets broken due to missing AppArmor socket mediation
  patches

Status in apparmor package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Invalid
Status in linux source package in Xenial:
  Fix Committed
Status in apparmor source package in Bionic:
  Invalid
Status in linux source package in Bionic:
  Fix Committed

Bug description:
  Hey,

  Newer systemd makes use of locks placed on AF_UNIX sockets created
  with the socketpair() syscall to synchronize various bits and pieces
  when isolating services. On kernels prior to 4.18 that do not have
  backported the AppArmor socket mediation patchset this will cause the
  locks to be denied with EACCESS. This causes systemd to be broken in
  LXC and LXD containers that do not run unconfined which is a pretty
  big deal. We have seen various bug reports related to this. See for
  example [1] and [2].

  If feasible it would be excellent if we could backport the socket
  mediation patchset to all LTS kernels. Afaict, this should be 4.4 and
  4.15. This will unbreak a whole range of use-cases.

  The socket mediation patchset is available here:
  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80a17a5f501ea048d86f81d629c94062b76610d4

  
  [1]: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575779
  [2]: https://github.com/systemd/systemd/issues/9493

  Thanks!
  Christian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1780227/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to