This bug was fixed in the package linux-gcp - 4.15.0-1001.1

---------------
linux-gcp (4.15.0-1001.1) bionic; urgency=medium

  * linux-gcp: 4.15.0-1001.1 -proposed tracker (LP: #1752101)

  * linux xenial derivatives fail to build (LP: #1691814) // Prepare linux-gcp
    for bionic (LP: #1752069)
    - [Packaging] Set do_tools_common in common vars

  * Prepare linux-gcp for bionic (LP: #1752069)
    - linux-gcp: Update base kernel version
    - [Config] linux-gcp: Reset config annotations to master
    - [Config] linux-gcp: Add annotations overlay
    - [Config] linux-gcp: updateconfigs after rebase to Ubuntu-4.15.0-10.11
    - Ubuntu: linux-gcp: Revert build_arch=x86
    - [Packaging] linux-gcp: Update Vcs-Git for bionic

  * CVE-2017-5715 (Spectre v2 retpoline)
    - [Config] linux-gcp: disable retpoline checks for first upload

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: allow overlay annotations files

  [ Ubuntu: 4.15.0-10.11 ]

  * linux: 4.15.0-10.11 -proposed tracker (LP: #1749250)
  * "swiotlb: coherent allocation failed" dmesg spam with linux 4.15.0-9.10
    (LP: #1749202)
    - swiotlb: suppress warning when __GFP_NOWARN is set
    - drm/ttm: specify DMA_ATTR_NO_WARN for huge page pools
  * linux-tools: perf incorrectly linking libbfd (LP: #1748922)
    - SAUCE: tools -- add ability to disable libbfd
    - [Packaging] correct disablement of libbfd
  * [Artful] Realtek ALC225: 2 secs noise when a headset plugged in
    (LP: #1744058)
    - ALSA: hda/realtek - update ALC225 depop optimize
  * [Artful] Support headset mode for DELL WYSE (LP: #1723913)
    - SAUCE: ALSA: hda/realtek - Add support headset mode for DELL WYSE
  * headset mic can't be detected on two Dell machines (LP: #1748807)
    - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289
    - ALSA: hda - Fix headset mic detection problem for two Dell machines
  * Bionic update to v4.15.3 stable release (LP: #1749191)
    - ip6mr: fix stale iterator
    - net: igmp: add a missing rcu locking section
    - qlcnic: fix deadlock bug
    - qmi_wwan: Add support for Quectel EP06
    - r8169: fix RTL8168EP take too long to complete driver initialization.
    - tcp: release sk_frag.page in tcp_disconnect
    - vhost_net: stop device during reset owner
    - ipv6: addrconf: break critical section in addrconf_verify_rtnl()
    - ipv6: change route cache aging logic
    - Revert "defer call to mem_cgroup_sk_alloc()"
    - net: ipv6: send unsolicited NA after DAD
    - rocker: fix possible null pointer dereference in
      rocker_router_fib_event_work
    - tcp_bbr: fix pacing_gain to always be unity when using lt_bw
    - cls_u32: add missing RCU annotation.
    - ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only
    - soreuseport: fix mem leak in reuseport_add_sock()
    - net_sched: get rid of rcu_barrier() in tcf_block_put_ext()
    - net: sched: fix use-after-free in tcf_block_put_ext
    - media: mtk-vcodec: add missing MODULE_LICENSE/DESCRIPTION
    - media: soc_camera: soc_scale_crop: add missing
      MODULE_DESCRIPTION/AUTHOR/LICENSE
    - media: tegra-cec: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - gpio: uniphier: fix mismatch between license text and MODULE_LICENSE
    - crypto: tcrypt - fix S/G table for test_aead_speed()
    - Linux 4.15.3
  * bnx2x_attn_int_deasserted3:4323 MC assert! (LP: #1715519) //
    CVE-2018-1000026
    - net: create skb_gso_validate_mac_len()
    - bnx2x: disable GSO where gso_size is too big for hardware
  * ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567)
    - net: hns: add ACPI mode support for ethtool -p
  * CVE-2017-5715 (Spectre v2 Intel)
    - [Packaging] retpoline files must be sorted
    - [Packaging] pull in retpoline files
  * [Feature] PXE boot with Intel Omni-Path (LP: #1712031)
    - d-i: Add hfi1 to nic-modules
  * CVE-2017-5715 (Spectre v2 retpoline)
    - [Packaging] retpoline -- add call site validation
    - [Config] disable retpoline checks for first upload
  * Do not duplicate changelog entries assigned to more than one bug or CVE
    (LP: #1743383)
    - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better

  [ Ubuntu: 4.15.0-9.10 ]

  * linux: 4.15.0-9.10 -proposed tracker (LP: #1748244)
  * Miscellaneous Ubuntu changes
    - [Debian] tests -- remove gcc-multilib dependency for arm64

  [ Ubuntu: 4.15.0-8.9 ]

  * linux: 4.15.0-8.9 -proposed tracker (LP: #1748075)
  * Bionic update to v4.15.2 stable release (LP: #1748072)
    - KVM: x86: Make indirect calls in emulator speculation safe
    - KVM: VMX: Make indirect call speculation safe
    - module/retpoline: Warn about missing retpoline in module
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 
microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) 
support
    - x86/alternative: Print unadorned pointers
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/cpu/bugs: Make retpoline module warning conditional
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/retpoline: Simplify vmexit_fill_RSB()
    - x86/speculation: Simplify indirect_branch_prediction_barrier()
    - auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - iio: adc/accel: Fix up module licenses
    - pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - KVM: nVMX: Eliminate vmcs02 pool
    - KVM: VMX: introduce alloc_loaded_vmcs
    - objtool: Improve retpoline alternative handling
    - objtool: Add support for alternatives at the end of a section
    - objtool: Warn on stripped section symbol
    - x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/entry/64: Remove the SYSCALL64 fast path
    - x86/entry/64: Push extra regs right away
    - x86/asm: Move 'status' from thread_struct to thread_info
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - x86/speculation: Use Indirect Branch Prediction Barrier in context switch
    - x86/paravirt: Remove 'noreplace-paravirt' cmdline option
    - KVM: VMX: make MSR bitmaps per-VCPU
    - x86/kvm: Update spectre-v1 mitigation
    - x86/retpoline: Avoid retpolines for built-in __init functions
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/pti: Mark constant arrays as __initconst
    - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
    - KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
    - KVM/x86: Add IBPB support
    - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
    - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
    - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
    - serial: core: mark port as initialized after successful IRQ change
    - fpga: region: release of_parse_phandle nodes after use
    - Linux 4.15.2
  * Add support for the NIC on SynQuacer E-Series boards (LP: #1747792)
    - net: phy: core: remove now uneeded disabling of interrupts
    - [Config] CONFIG_NET_VENDOR_SOCIONEXT=y & CONFIG_SNI_NETSEC=m
    - net: socionext: Add Synquacer NetSec driver
    - net: socionext: include linux/io.h to fix build
    - net: socionext: Fix error return code in netsec_netdev_open()
  * [Artful/Bionic] [Config] enable EDAC_GHES for ARM64 (LP: #1747746)
    - [Config] CONFIG_EDAC_GHES=y
  * support thunderx2 vendor pmu events (LP: #1747523)
    - perf pmu: Pass pmu as a parameter to get_cpuid_str()
    - perf tools arm64: Add support for get_cpuid_str function.
    - perf pmu: Add helper function is_pmu_core to detect PMU CORE devices
    - perf vendor events arm64: Add ThunderX2 implementation defined pmu core
      events
    - perf pmu: Add check for valid cpuid in perf_pmu__find_map()
  * linux 4.14.0-7.9 ADT test failure with linux 4.14.0-7.9 (LP: #1732463)
    - SAUCE: mm: disable vma based swap readahead by default
    - SAUCE: mm: fix memory hotplug in ZONE_HIGHMEM
  * Miscellaneous Ubuntu changes
    - [Config] Fix CONFIG_PROFILE_ALL_BRANCHES annotations

  [ Ubuntu: 4.15.0-7.8 ]

  * Bionic update to v4.15.1 stable release (LP: #1747169)
    - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
    - tools/gpio: Fix build error with musl libc
    - gpio: stmpe: i2c transfer are forbiden in atomic context
    - gpio: Fix kernel stack leak to userspace
    - ALSA: hda - Reduce the suspend time consumption for ALC256
    - crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
    - crypto: aesni - handle zero length dst buffer
    - crypto: aesni - fix typo in generic_gcmaes_decrypt
    - crypto: aesni - add wrapper for generic gcm(aes)
    - crypto: aesni - Fix out-of-bounds access of the data buffer in 
generic-gcm-
      aesni
    - crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-
      aesni
    - crypto: inside-secure - fix hash when length is a multiple of a block
    - crypto: inside-secure - avoid unmapping DMA memory that was not mapped
    - crypto: sha3-generic - fixes for alignment and big endian operation
    - crypto: af_alg - whitelist mask and type
    - HID: wacom: EKR: ensure devres groups at higher indexes are released
    - HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE) 
events
    - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
    - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
    - igb: Free IRQs when device is hotplugged
    - ima/policy: fix parsing of fsuuid
    - scsi: aacraid: Fix udev inquiry race condition
    - scsi: aacraid: Fix hang in kdump
    - scsi: storvsc: missing error code in storvsc_probe()
    - staging: lustre: separate a connection destroy from free struct kib_conn
    - staging: ccree: NULLify backup_info when unused
    - staging: ccree: fix fips event irq handling build
    - tty: fix data race between tty_init_dev and flush of buf
    - usb: option: Add support for FS040U modem
    - USB: serial: pl2303: new device id for Chilitag
    - USB: cdc-acm: Do not log urb submission errors on disconnect
    - CDC-ACM: apply quirk for card reader
    - USB: serial: io_edgeport: fix possible sleep-in-atomic
    - usbip: prevent bind loops on devices attached to vhci_hcd
    - usbip: list: don't list devices attached to vhci_hcd
    - USB: serial: simple: add Motorola Tetra driver
    - usb: f_fs: Prevent gadget unbind if it is already unbound
    - usb: uas: unconditionally bring back host after reset
    - usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc()
    - ANDROID: binder: remove waitqueue when thread exits.
    - android: binder: use VM_ALLOC to get vm area
    - mei: me: allow runtime pm for platform with D0i3
    - serial: 8250_of: fix return code when probe function fails to get reset
    - serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
    - serial: 8250_dw: Revert "Improve clock rate setting"
    - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
    - spi: imx: do not access registers while clocks disabled
    - iio: adc: stm32: fix scan of multiple channels with DMA
    - iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
    - test_firmware: fix missing unlock on error in config_num_requests_store()
    - Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
    - Input: synaptics-rmi4 - do not delete interrupt memory too early
    - x86/efi: Clarify that reset attack mitigation needs appropriate userspace
    - Linux 4.15.1
  * Dell XPS 13 9360 bluetooth (Atheros) won't connect after resume
    (LP: #1744712)
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
    - Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
      version
  * apparmor profile load in stacked policy container fails (LP: #1746463)
    - SAUCE: apparmor: fix display of .ns_name for containers

  [ Ubuntu: 4.15.0-6.7 ]

  * upload urgency should be medium by default (LP: #1745338)
    - [Packaging] update urgency to medium by default
  * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
    - scsi: libiscsi: Allow sd_shutdown on bad transport
  * Miscellaneous Ubuntu changes
    - SAUCE: (noup) Update spl to 0.7.5-1ubuntu1, zfs to 0.7.5-1ubuntu1
    - Revert "UBUNTU: SAUCE: mm: fix memory hotplug in ZONE_HIGHMEM"
    - Revert "UBUNTU: SAUCE: mm: disable vma based swap readahead by default"
  * Rebase to v4.15

  [ Ubuntu: 4.15.0-5.6 ]

  * $(LOCAL_ENV_CC) and $(LOCAL_ENV_DISTCC_HOSTS) should be properly quoted
    (LP: #1744077)
    - [Debian] pass LOCAL_ENV_CC and LOCAL_ENV_DISTCC_HOSTS properly
  * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
    (LP: #1743638)
    - [d-i] Add qede to nic-modules udeb
  * boot failure on AMD Raven + WesternXT (LP: #1742759)
    - SAUCE: drm/amdgpu: add atpx quirk handling (v2)
  * Unable to handle kernel NULL pointer dereference at isci_task_abort_task
    (LP: #1726519)
    - SAUCE: Revert "scsi: libsas: allow async aborts"
  * Update Ubuntu-4.15.0 config to support Intel Atom devices (LP: #1739939)
    - [Config] CONFIG_SERIAL_DEV_BUS=y, CONFIG_SERIAL_DEV_CTRL_TTYPORT=y
  * Miscellaneous Ubuntu changes
    - Rebase to v4.15-rc7
    - [Config] CONFIG_CPU_ISOLATION=y
    - [Config] Update annotations following config review
    - Revert "UBUNTU: SAUCE: Import aufs driver"
    - SAUCE: Import aufs driver
    - ubuntu: vbox -- update to 5.2.6-dfsg-1
    - ubuntu: vbox: build fixes for 4.15
    - ubuntu: vbox -- update to 5.2.6-dfsg-2
    - hio: updates for timer api changes in 4.15
    - enable hio build
    - Rebase to v4.15-rc9
  * Rebase to v4.15-rc9

  [ Ubuntu: 4.15.0-4.5 ]

  * [0cf3:e010] QCA6174A XR failed to pair with bt 4.0 device  (LP: #1741166)
    - SAUCE: Bluetooth: btusb: Add support for 0cf3:e010
  * External HDMI monitor failed to show screen on Lenovo X1 series
    (LP: #1738523)
    - SAUCE: drm/i915: Disable writing of TMDS_OE on Lenovo ThinkPad X1 series
  * Miscellaneous Ubuntu changes
    - [Debian] autoreconstruct - add resoration of execute permissions
  * Rebase to v4.15-rc4

  [ Ubuntu: 4.15.0-3.4 ]

  * ubuntu/xr-usb-serial didn't get built in zesty and artful (LP: #1733281)
    - SAUCE: make sure ubuntu/xr-usb-serial builds for x86
  * Rebase to v4.15-rc6

  [ Ubuntu: 4.15.0-2.3 ]

  * nvidia-graphics-drivers-384 384.90-0ubuntu6 ADT test failure with linux
    4.15.0-1.2 (LP: #1737752)
    - x86/mm: Unbreak modules that use the DMA API
  * Ubuntu 17.10 corrupting BIOS - many LENOVO laptops models (LP: #1734147)
    - [Config] CONFIG_SPI_INTEL_SPI_*=n
  * power: commonise configs IBMVETH/IBMVSCSI and ensure both are in linux-image
    and udebs (LP: #1521712)
    - [Config] Include ibmvnic in nic-modules
  * Enable arm64 emulation of removed ARMv7 instructions (LP: #1545542)
    - [Config] Enable support for emulation of deprecated ARMv8 instructions
  * Miscellaneous Ubuntu changes
    - SAUCE: (noup) Update spl with 4.15 compat fix (LP:#1737761)
    - Enable zfs build
    - [Debian] add icp to zfs-modules.ignore
  * Rebase to v4.15-rc4

  [ Ubuntu: 4.15.0-1.2 ]

  * Disabling zfs does not always disable module checks for the zfs modules
    (LP: #1737176)
    - [Packaging] disable zfs module checks when zfs is disabled
  * Miscellaneous Ubuntu changes
    - [Config] CONFIG_UNWINDER_FRAME_POINTER=y for amd64
  * Rebase to v4.15-rc3

  [ Ubuntu: 4.15.0-0.1 ]

  * Miscellaneous Ubuntu changes
    - ubuntu: vbox -- update to 5.2.2-dfsg-2
    - ubuntu: vbox: build fixes for 4.15
    - disable hio build
    - [Config] Update kernel lockdown options to fix build errors
    - Disable zfs build
    - SAUCE: Import aufs driver
    - [Config] Enable AUFS config options
  * Rebase to v4.15-rc2

  [ Ubuntu: 4.14.0-11.13 ]

  * linux: 4.14.0-11.13 -proposed tracker (LP: #1736168)
  * CVE-2017-1000405
    - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
  * linux 4.14.0-7.9 ADT test failure with linux 4.14.0-7.9 (LP: #1732463)
    - SAUCE: mm: disable vma based swap readahead by default
    - SAUCE: mm: fix memory hotplug in ZONE_HIGHMEM
  * Bionic update to v4.14.3 stable release (LP: #1735843)
    - s390: fix transactional execution control register handling
    - s390/noexec: execute kexec datamover without DAT
    - s390/runtime instrumention: fix possible memory corruption
    - s390/guarded storage: fix possible memory corruption
    - s390/disassembler: add missing end marker for e7 table
    - s390/disassembler: increase show_code buffer size
    - ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock
    - ACPI / EC: Fix regression related to triggering source of EC event 
handling
    - cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq
    - serdev: fix registration of second slave
    - sched: Make resched_cpu() unconditional
    - lib/mpi: call cond_resched() from mpi_powm() loop
    - x86/boot: Fix boot failure when SMP MP-table is based at 0
    - x86/decoder: Add new TEST instruction pattern
    - x86/entry/64: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
    - x86/entry/64: Add missing irqflags tracing to native_load_gs_index()
    - perf/x86/intel: Hide TSX events when RTM is not supported
    - arm64: Implement arch-specific pte_access_permitted()
    - ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
    - ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
    - uapi: fix linux/tls.h userspace compilation error
    - uapi: fix linux/rxrpc.h userspace compilation errors
    - MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit 
SMP
    - MIPS: ralink: Fix MT7628 pinmux
    - MIPS: ralink: Fix typo in mt7628 pinmux function
    - net: mvneta: fix handling of the Tx descriptor counter
    - nbd: wait uninterruptible for the dead timeout
    - nbd: don't start req until after the dead connection logic
    - PM / OPP: Add missing of_node_put(np)
    - PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
    - PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
    - PCI: hv: Use effective affinity mask
    - PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
    - PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
    - ALSA: hda: Add Raven PCI ID
    - dm integrity: allow unaligned bv_offset
    - dm cache: fix race condition in the writeback mode overwrite_bio
      optimisation
    - dm crypt: allow unaligned bv_offset
    - dm zoned: ignore last smaller runt zone
    - dm mpath: remove annoying message of 'blk_get_request() returned -11'
    - dm bufio: fix integer overflow when limiting maximum cache size
    - ovl: Put upperdentry if ovl_check_origin() fails
    - dm: allocate struct mapped_device with kvzalloc
    - sched/rt: Simplify the IPI based RT balancing logic
    - MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()
    - dm: discard support requires all targets in a table support discards
    - MIPS: Fix odd fp register warnings with MIPS64r2
    - MIPS: Fix MIPS64 FP save/restore on 32-bit kernels
    - MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry
    - MIPS: Fix an n32 core file generation regset support regression
    - MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
    - MIPS: math-emu: Fix final emulation phase for certain instructions
    - rt2x00usb: mark device removed when get ENOENT usb error
    - mm/z3fold.c: use kref to prevent page free/compact race
    - autofs: don't fail mount for transient error
    - nilfs2: fix race condition that causes file system corruption
    - fscrypt: lock mutex before checking for bounce page pool
    - eCryptfs: use after free in ecryptfs_release_messaging()
    - libceph: don't WARN() if user tries to add invalid key
    - bcache: check ca->alloc_thread initialized before wake up it
    - fs: guard_bio_eod() needs to consider partitions
    - fanotify: fix fsnotify_prepare_user_wait() failure
    - isofs: fix timestamps beyond 2027
    - btrfs: change how we decide to commit transactions during flushing
    - f2fs: expose some sectors to user in inline data or dentry case
    - NFS: Fix typo in nomigration mount option
    - NFS: Revert "NFS: Move the flock open mode check into nfs_flock()"
    - nfs: Fix ugly referral attributes
    - NFS: Avoid RCU usage in tracepoints
    - NFS: revalidate "." etc correctly on "open".
    - nfsd: deal with revoked delegations appropriately
    - rtlwifi: rtl8192ee: Fix memory leak when loading firmware
    - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
    - iwlwifi: fix firmware names for 9000 and A000 series hw
    - md: fix deadlock error in recent patch.
    - md: don't check MD_SB_CHANGE_CLEAN in md_allow_write
    - Bluetooth: btqcomsmd: Add support for BD address setup
    - md/bitmap: revert a patch
    - fsnotify: clean up fsnotify_prepare/finish_user_wait()
    - fsnotify: pin both inode and vfsmount mark
    - fsnotify: fix pinning group in fsnotify_prepare_user_wait()
    - ata: fixes kernel crash while tracing ata_eh_link_autopsy event
    - ext4: fix interaction between i_size, fallocate, and delalloc after a 
crash
    - ext4: prevent data corruption with inline data + DAX
    - ext4: prevent data corruption with journaling + DAX
    - ALSA: pcm: update tstamp only if audio_tstamp changed
    - ALSA: usb-audio: Add sanity checks to FE parser
    - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
    - ALSA: usb-audio: Add sanity checks in v2 clock parsers
    - ALSA: timer: Remove kernel warning at compat ioctl error paths
    - ALSA: hda/realtek - Fix ALC275 no sound issue
    - ALSA: hda: Fix too short HDMI/DP chmap reporting
    - ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization
    - ALSA: hda/realtek - Fix ALC700 family no sound issue
    - ASoC: sun8i-codec: Invert Master / Slave condition
    - ASoC: sun8i-codec: Fix left and right channels inversion
    - ASoC: sun8i-codec: Set the BCLK divider
    - mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method
    - fix a page leak in vhost_scsi_iov_to_sgl() error recovery
    - 9p: Fix missing commas in mount options
    - fs/9p: Compare qid.path in v9fs_test_inode
    - net/9p: Switch to wait_event_killable()
    - scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
    - scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()
    - scsi: lpfc: fix pci hot plug crash in timer management routines
    - scsi: lpfc: fix pci hot plug crash in list_add call
    - scsi: lpfc: Fix crash receiving ELS while detaching driver
    - scsi: lpfc: Fix FCP hba_wqidx assignment
    - scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails
    - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
    - iscsi-target: Fix non-immediate TMR reference leak
    - target: fix null pointer regression in core_tmr_drain_tmr_list
    - target: fix buffer offset in core_scsi3_pri_read_full_status
    - target: Fix QUEUE_FULL + SCSI task attribute handling
    - target: Fix caw_sem leak in transport_generic_request_failure
    - target: Fix quiese during transport_write_pending_qf endless loop
    - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
    - mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid
    - mtd: nand: Export nand_reset() symbol
    - mtd: nand: atmel: Actually use the PM ops
    - mtd: nand: omap2: Fix subpage write
    - mtd: nand: Fix writing mtdoops to nand flash.
    - mtd: nand: mtk: fix infinite ECC decode IRQ issue
    - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence
    - p54: don't unregister leds when they are not initialized
    - block: Fix a race between blk_cleanup_queue() and timeout handling
    - raid1: prevent freeze_array/wait_all_barriers deadlock
    - genirq: Track whether the trigger type has been set
    - irqchip/gic-v3: Fix ppi-partitions lookup
    - lockd: double unregister of inetaddr notifiers
    - KVM: PPC: Book3S HV: Don't call real-mode XICS hypercall handlers if not
      enabled
    - KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
    - KVM: SVM: obey guest PAT
    - kvm: vmx: Reinstate support for CPUs without virtual NMI
    - dax: fix PMD faults on zero-length files
    - dax: fix general protection fault in dax_alloc_inode
    - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
    - clk: ti: dra7-atl-clock: fix child-node lookups
    - libnvdimm, dimm: clear 'locked' status on successful DIMM enable
    - libnvdimm, pfn: make 'resource' attribute only readable by root
    - libnvdimm, namespace: fix label initialization to use valid seq numbers
    - libnvdimm, region : make 'resource' attribute only readable by root
    - libnvdimm, namespace: make 'resource' attribute only readable by root
    - svcrdma: Preserve CB send buffer across retransmits
    - IB/srpt: Do not accept invalid initiator port names
    - IB/cm: Fix memory corruption in handling CM request
    - IB/hfi1: Fix incorrect available receive user context count
    - IB/srp: Avoid that a cable pull can trigger a kernel crash
    - IB/core: Avoid crash on pkey enforcement failed in received MADs
    - IB/core: Only maintain real QPs in the security lists
    - NFC: fix device-allocation error return
    - spi-nor: intel-spi: Fix broken software sequencing codes
    - i40e: Use smp_rmb rather than read_barrier_depends
    - igb: Use smp_rmb rather than read_barrier_depends
    - igbvf: Use smp_rmb rather than read_barrier_depends
    - ixgbevf: Use smp_rmb rather than read_barrier_depends
    - i40evf: Use smp_rmb rather than read_barrier_depends
    - fm10k: Use smp_rmb rather than read_barrier_depends
    - ixgbe: Fix skb list corruption on Power systems
    - parisc: Fix validity check of pointer size argument in new CAS
      implementation
    - powerpc: Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX
    - powerpc/mm/radix: Fix crashes on Power9 DD1 with radix MMU and STRICT_RWX
    - powerpc/perf/imc: Use cpu_to_node() not topology_physical_package_id()
    - powerpc/signal: Properly handle return value from uprobe_deny_signal()
    - powerpc/64s: Fix masking of SRR1 bits on instruction fault
    - powerpc/64s/radix: Fix 128TB-512TB virtual address boundary case 
allocation
    - powerpc/64s/hash: Fix 512T hint detection to use >= 128T
    - powerpc/64s/hash: Fix 128TB-512TB virtual address boundary case allocation
    - powerpc/64s/hash: Fix fork() with 512TB process address space
    - powerpc/64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary
    - media: Don't do DMA on stack for firmware upload in the AS102 driver
    - media: rc: check for integer overflow
    - media: rc: nec decoder should not send both repeat and keycode
    - cx231xx-cards: fix NULL-deref on missing association descriptor
    - media: v4l2-ctrl: Fix flags field on Control events
    - media: venus: fix wrong size on dma_free
    - media: venus: venc: fix bytesused v4l2_plane field
    - media: venus: reimplement decoder stop command
    - ARM64: dts: meson-gxl: Add alternate ARM Trusted Firmware reserved memory
      zone
    - iwlwifi: fix wrong struct for a000 device
    - iwlwifi: add a new a000 device
    - iwlwifi: pcie: sort IDs for the 9000 series for easier comparisons
    - iwlwifi: add new cards for a000 series
    - iwlwifi: add new cards for 8265 series
    - iwlwifi: add new cards for 8260 series
    - iwlwifi: fix PCI IDs and configuration mapping for 9000 series
    - iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command
    - e1000e: Fix error path in link detection
    - e1000e: Fix return value test
    - e1000e: Separate signaling for link check/link up
    - e1000e: Avoid receiver overrun interrupt bursts
    - e1000e: fix buffer overrun while the I219 is processing DMA transactions
    - Linux 4.14.3
  * Miscellaneous Ubuntu changes
    - SAUCE: s390/topology: don't inline cpu_to_node
    - SAUCE: (noup) Update spl to 0.7.3-1ubuntu1, zfs to 0.7.3-1ubuntu1

  [ Ubuntu: 4.14.0-10.12 ]

  * linux: 4.14.0-10.12 -proposed tracker (LP: #1734901)
  * Miscellaneous Ubuntu changes
    - SAUCE: Enable the ACPI kernel debugger and acpidbg tool
    - [Packaging] Include arch/arm64/kernel/ftrace-mod.o in headers package

  [ Ubuntu: 4.14.0-9.11 ]

  * linux: 4.14.0-9.11 -proposed tracker (LP: #1734728)
  * Miscellaneous Ubuntu changes
    - Revert "UBUNTU: SAUCE: (noup) Update spl to 0.7.3-1ubuntu1, zfs to
      0.7.3-1ubuntu1"

  [ Ubuntu: 4.14.0-8.10 ]

  * linux: 4.14.0-8.10 -proposed tracker (LP: #1734695)
  * Bionic update to v4.14.2 stable release (LP: #1734694)
    - bio: ensure __bio_clone_fast copies bi_partno
    - af_netlink: ensure that NLMSG_DONE never fails in dumps
    - vxlan: fix the issue that neigh proxy blocks all icmpv6 packets
    - net: cdc_ncm: GetNtbFormat endian fix
    - fealnx: Fix building error on MIPS
    - net/sctp: Always set scope_id in sctp_inet6_skb_msgname
    - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
    - serial: omap: Fix EFR write on RTS deassertion
    - serial: 8250_fintek: Fix finding base_port with activated SuperIO
    - tpm-dev-common: Reject too short writes
    - rcu: Fix up pending cbs check in rcu_prepare_for_idle
    - mm/pagewalk.c: report holes in hugetlb ranges
    - ocfs2: fix cluster hang after a node dies
    - ocfs2: should wait dio before inode lock in ocfs2_setattr()
    - ipmi: fix unsigned long underflow
    - mm/page_alloc.c: broken deferred calculation
    - mm/page_ext.c: check if page_ext is not prepared
    - coda: fix 'kernel memory exposure attempt' in fsync
    - ipmi: Prefer ACPI system interfaces over SMBIOS ones
    - Linux 4.14.2
  * Bionic update to v4.14.1 stable release (LP: #1734693)
    - EDAC, sb_edac: Don't create a second memory controller if HA1 is not 
present
    - dmaengine: dmatest: warn user when dma test times out
    - media: imon: Fix null-ptr-deref in imon_probe
    - media: dib0700: fix invalid dvb_detach argument
    - crypto: dh - Fix double free of ctx->p
    - crypto: dh - Don't permit 'p' to be 0
    - crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
    - crypto: brcm - Explicity ACK mailbox message
    - USB: early: Use new USB product ID and strings for DbC device
    - USB: usbfs: compute urb->actual_length for isochronous
    - USB: Add delay-init quirk for Corsair K70 LUX keyboards
    - usb: gadget: f_fs: Fix use-after-free in ffs_free_inst
    - USB: serial: metro-usb: stop I/O after failed open
    - USB: serial: Change DbC debug device binding ID
    - USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
    - USB: serial: garmin_gps: fix I/O after failed probe and remove
    - USB: serial: garmin_gps: fix memory leak on probe errors
    - selftests/x86/protection_keys: Fix syscall NR redefinition warnings
    - x86/MCE/AMD: Always give panic severity for UC errors in kernel context
    - platform/x86: peaq-wmi: Add DMI check before binding to the WMI interface
    - platform/x86: peaq_wmi: Fix missing terminating entry for peaq_dmi_table
    - HID: cp2112: add HIDRAW dependency
    - HID: wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen 
collection
    - rpmsg: glink: Add missing MODULE_LICENSE
    - staging: wilc1000: Fix bssid buffer offset in Txq
    - staging: sm750fb: Fix parameter mistake in poke32
    - staging: ccree: fix 64 bit scatter/gather DMA ops
    - staging: greybus: spilib: fix use-after-free after deregistration
    - staging: rtl8188eu: Revert 4 commits breaking ARP
    - spi: fix use-after-free at controller deregistration
    - sparc32: Add cmpxchg64().
    - sparc64: mmu_context: Add missing include files
    - sparc64: Fix page table walk for PUD hugepages
    - Linux 4.14.1
  * Set PANIC_TIMEOUT=10 on Power Systems (LP: #1730660)
    - [Config]: Set PANIC_TIMEOUT=10 on ppc64el
  * enable CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH easily confuse users
    (LP: #1732627)
    - [Config] CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH=n
  * Miscellaneous Ubuntu changes
    - SAUCE: (noup) Update spl to 0.7.3-1ubuntu1, zfs to 0.7.3-1ubuntu1

  [ Ubuntu: 4.14.0-7.9 ]

  * Miscellaneous Ubuntu changes
    - SAUCE: apparmor: add base infastructure for socket mediation
    - SAUCE: apparmor: af_unix mediation
    - SAUCE: LSM stacking: procfs: add smack subdir to attrs
    - SAUCE: LSM stacking: LSM: manage credential security blobs
    - SAUCE: LSM stacking: LSM: Manage file security blobs
    - SAUCE: LSM stacking: LSM: manage task security blobs
    - SAUCE: LSM stacking: LSM: Infrastructure management of the remaining blobs
    - SAUCE: LSM stacking: LSM: general but not extreme module stacking
    - SAUCE: LSM stacking: LSM: Complete task_alloc hook
    - SAUCE: LSM stacking: fixup procsfs: add smack subdir to attrs
    - SAUCE: LSM stacking: fixup initialize task->security
    - SAUCE: LSM stacking: fixup: alloc_task_ctx is dead code
    - SAUCE: LSM stacking: add support for stacking getpeersec_stream
    - SAUCE: LSM stacking: add stacking support to apparmor network hooks
    - SAUCE: LSM stacking: fixup apparmor stacking enablement
    - SAUCE: LSM stacking: fixup stacking kconfig
    - SAUCE: LSM stacking: allow selecting multiple LSMs using kernel boot 
params
    - SAUCE: LSM stacking: provide prctl interface for setting context
    - SAUCE: LSM stacking: inherit current display LSM
    - SAUCE: LSM stacking: keep an index for each registered LSM
    - SAUCE: LSM stacking: verify display LSM
    - SAUCE: LSM stacking: provide a way to specify the default display lsm
    - SAUCE: LSM stacking: make sure LSM blob align on 64 bit boundaries
    - SAUCE: LSM stacking: add /proc/<pid>/attr/display_lsm
    - SAUCE: LSM stacking: add Kconfig to set default display LSM
    - SAUCE: LSM stacking: add configs for LSM stacking
    - SAUCE: LSM stacking: check for invalid zero sized writes
    - [Config] Run updateconfigs after merging LSM stacking
    - [Config] CONFIG_AMD_MEM_ENCRYPT=y
  * Rebase to v4.14

  [ Ubuntu: 4.14.0-6.8 ]

  * Miscellaneous Ubuntu changes
    - SAUCE: add workarounds to enable ZFS for 4.14
  * Rebase to v4.14-rc8

  [ Ubuntu: 4.14.0-5.7 ]

  * Miscellaneous Ubuntu changes
    - [Debian] Fix invocation of dh_prep for dbgsym packages

  [ Ubuntu: 4.14.0-4.5 ]

  * Miscellaneous Ubuntu changes
    - [Packaging] virtualbox -- reduce in kernel module versions
    - vbox-update: Fix up KERN_DIR definitions
    - ubuntu: vbox -- update to 5.2.0-dfsg-2
    - [Config] CONFIG_AMD_MEM_ENCRYPT=n
  * Rebase to v4.14-rc7

  [ Ubuntu: 4.14.0-3.4 ]

  * Touchpad and TrackPoint Dose Not Work on Lenovo X1C6 and X280 (LP: #1723986)
    - SAUCE: Input: synaptics-rmi4 - RMI4 can also use SMBUS version 3
    - SAUCE: Input: synaptics - Lenovo X1 Carbon 5 should use SMBUS/RMI
    - SAUCE: Input: synaptics - add Intertouch support on X1 Carbon 6th and X280
  * powerpc/64s: Add workaround for P9 vector CI load issuenext (LP: #1721070)
    - powerpc/64s: Add workaround for P9 vector CI load issue
  * Miscellaneous Ubuntu changes
    - SAUCE: staging: vboxvideo: Fix reporting invalid 
suggested-offset-properties
    - [Config] CONFIG_DRM_VBOXVIDEO=m
    - SAUCE: Import aufs driver
    - [Config] Enable aufs
    - [Config] Reorder annotations file after enabling aufs
    - vbox-update: Disable imported vboxvideo module
    - ubuntu: vbox -- update to 5.1.30-dfsg-1
    - Enable vbox
    - hio: Use correct sizes when initializing ssd_index_bits* arrays
    - hio: Update io stat accounting for 4.14
    - Enable hio
  * Rebase to v4.14-rc5
  * Rebase to v4.14-rc6

  [ Ubuntu: 4.14.0-2.3 ]

  * [Bug] USB controller failed to respond on Denverton after loading
    intel_th_pci module (LP: #1715833)
    - SAUCE: PCI: Disable broken RTIT_BAR of Intel TH
  * CONFIG_DEBUG_FS is not enabled by "make zfcpdump_defconfig" with Ubuntu
    17.10 (kernel 4.13) (LP: #1719290)
    - SAUCE: s390: update zfcpdump_defconfig
  * Add installer support for Broadcom BCM573xx network drivers. (LP: #1720466)
    - d-i: Add bnxt_en to nic-modules.
  * Miscellaneous Ubuntu changes
    - [Config] Update annotations for 4.14-rc2
  * Rebase to v4.14-rc3
  * Rebase to v4.14-rc4

  [ Ubuntu: 4.14.0-1.2 ]

  * [Bug] USB 3.1 Gen2 works as 5Gbps (LP: #1720045)
    - xhci: set missing SuperSpeedPlus Link Protocol bit in roothub descriptor
  * Please make linux-libc-dev Provide: aufs-dev (LP: #1716091)
    - [Packaging] Add aufs-dev to the Provides: for linux-libc-dev
  * Upgrade to 4.13.0-11.12 in artful amd64 VM breaks display on wayland
    (LP: #1718679)
    - [Config] CONFIG_DRM_VBOXVIDEO=n
  * ipmmu-vmsa driver breaks arm64 boots (LP: #1718734)
    - [Config] Disable CONFIG_IPMMU_VMSA on arm64
  * autopkgtest profile fails to build on armhf (LP: #1717920)
    - [Packaging] autopkgtest -- disable d-i when dropping flavours
  * Miscellaneous Ubuntu changes
    - [Config] CONFIG_I2C_XLP9XX=m
    - [Packaging] Use SRCPKGNAME rather than hard-coding the source package name
  * Rebase to v4.14-rc2

  [ Ubuntu: 4.14.0-0.1 ]

  * Miscellaneous Ubuntu changes
    - Disable vbox build
    - Disable hio build
    - Disable zfs build
  * Rebase to v4.14-rc1

 -- Marcelo Henrique Cerri <marcelo.ce...@canonical.com>  Tue, 27 Feb
2018 09:47:24 -0300

** Changed in: linux-gcp (Ubuntu Bionic)
       Status: Invalid => Fix Released

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000405

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000026

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1746463

Title:
  apparmor profile load in stacked policy container fails

Status in snapd:
  Triaged
Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Confirmed
Status in linux-gcp package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Won't Fix
Status in linux source package in Xenial:
  Invalid
Status in linux-gcp source package in Xenial:
  Confirmed
Status in apparmor source package in Artful:
  Fix Committed
Status in linux source package in Artful:
  Confirmed
Status in linux-gcp source package in Artful:
  Invalid
Status in apparmor source package in Bionic:
  Confirmed
Status in linux source package in Bionic:
  Confirmed
Status in linux-gcp source package in Bionic:
  Fix Released

Bug description:
  LXD containers on an artful or bionic host with aa namespaces, should
  be able to load the lxc policies. However /lib/apparmor/profile-load
  skips that part when running in a container.

  aa-status shows 0 policies

  /lib/apparmor/profile-load is failing due to
  is_container_with_internal_policy() failing

  due to

  /sys/kernel/security/apparmor/.ns_name being empty which causes

        if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
           [ "${ns_name#lxc-*}" = "$ns_name" ]; then
                return 1
        fi

  to fail

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1746463/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to