Hi Greg, Please consider following security fixes for linux-3.18.y. This is a follow up on my previous submission of similar security fixes, https://www.spinics.net/lists/stable/msg169868.html, picked up from android security bulletins published in year 2017 so far. Following are the fixes published in 2015 and 2016 monthly Android Security Bulletins https://source.android.com/security/bulletin/, and/or related follow-up fixes from upstream. Cherry-picked and build tested on v3.18.52 for ARCH=arm/arm64/x86/x86_64/mips + allmodconfig. Benjamin Tissoires (1): HID: core: prevent out-of-bound readings Bjørn Mork (1): cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind Calvin Owens (1): sg: Fix double-free when drives detach during SG_IO David Howells (2): ASN.1: Fix non-match detection failure on data overrun KEYS: Fix ASN.1 indefinite length object parsing Eric Dumazet (2): ipv6: sctp: add rcu protection around np->opt ipv6: sctp: fix lockdep splat in sctp_v6_get_dst() Hangbin Liu (1): net/ipv6: add sysctl option accept_ra_min_hop_limit Jann Horn (1): sched: panic on corrupted stack end Kangjie Lu (3): ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS ALSA: timer: Fix leak in events via snd_timer_user_ccallback ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt Keno Fischer (1): mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp Lukas Czerner (1): ext4: fix potential use after free in __ext4_journal_stop Mark Rutland (1): arm64: make sys_call_table const Peter Hurley (1): tty: Prevent ldisc drivers from re-using stale tty fields Peter Zijlstra (2): perf: Fix event->ctx locking perf: Fix race in swevent hash Rainer Weikusat (1): af_unix: Guard against other == sk in unix_dgram_sendmsg Suzuki K. Poulose (1): arm64: perf: reject groups spanning multiple HW PMUs Takashi Iwai (3): ALSA: seq: Fix race at timer setup and close ALSA: timer: Fix race among timer ioctls xc2028: Fix use-after-free bug properly WANG Cong (1): ppp: defer netns reference release for ppp channel Documentation/networking/ip-sysctl.txt | 8 + arch/arm64/kernel/perf_event.c | 21 ++- arch/arm64/kernel/sys.c | 2 +- drivers/hid/hid-core.c | 3 + drivers/media/tuners/tuner-xc2028.c | 37 ++--- drivers/net/ppp/ppp_generic.c | 5 +- drivers/net/usb/cdc_ncm.c | 20 +-- drivers/scsi/sg.c | 8 +- drivers/tty/tty_ldisc.c | 7 + fs/ext4/ext4_jbd2.c | 6 +- include/linux/ipv6.h | 1 + include/uapi/linux/ipv6.h | 1 + kernel/events/core.c | 264 ++++++++++++++++++++++++++------- kernel/sched/core.c | 3 +- lib/asn1_decoder.c | 21 +-- mm/huge_memory.c | 12 +- net/ipv6/addrconf.c | 10 ++ net/ipv6/ndisc.c | 16 +- net/sctp/ipv6.c | 16 +- net/unix/af_unix.c | 7 +- sound/core/seq/seq_queue.c | 2 + sound/core/timer.c | 35 +++-- 22 files changed, 360 insertions(+), 145 deletions(-) -- 2.7.4