From patchwork Tue May 9 14:42:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 98913 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp1857312qge; Tue, 9 May 2017 07:42:54 -0700 (PDT) X-Received: by 10.84.222.129 with SMTP id x1mr676698pls.144.1494340974870; Tue, 09 May 2017 07:42:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1494340974; cv=none; d=google.com; s=arc-20160816; b=RdCEsgwffkpJnVf2ixlwuHOzM2vbzaqal/ev8u9NR3g57Ipd565kWdpfEAgQAaMBA2 tXyL6B+9aqZ0qnM7kncVQ4gMNXkqoqYPya1HLlGpBupalWU75LQs2kSvf+3UBnA5CIT2 j+OPZSRbUEeBmrgPQuZ8hFzLTXYxrYu2tIUWVsStSxEIPsleRF1O6cDXqm165jQe7XVp guX5SePgBpe4UQrqJZ87F2yI8wPiVLeAB26/G+IMB/zhHv4F/dJwzl2FwjosMhDrB/q2 MXhZTVWy3E2rlkyXno2oTlsGA6/LXpOjN/LZoKe/mZxeWX/+TVSVmDITltboP4Um36Y9 Jz5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=M/qFTd4I8xUrMyfU3E3GjHW92kYP2CSGHnZz2sBRIIY=; b=iU/aAjUV8mleYlsSSyP0inSDNNgrLkxIzUM9T/MS6wNh0OOBktlTXukYML2yLVBeem uNEDXjAImSzzDpaspTIF9ZlMUsB9xUY+RxlhFnyz3cH4o+jFqVxd9Frq78mr3VPnHL09 n/YcBbe+NaJoRE0MfRFxEM1SkR1kJeEw+iJH2a5KVmj0f0kHQU+33oqfI5oVlu5TtCrV yEwDTPrW2IDLyf258/wSHZIWxzhmx93TW6aakMULjvAxc53WbSp1UbCuwIX660A4o8Ku ZwNY4Jw4e3P8deftSzrsvavTyTHmPq+v2dxz8hY15JhZaShV6mGl4gJXofgFWepm8mDE eHuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w34si113540pla.121.2017.05.09.07.42.54; Tue, 09 May 2017 07:42:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751363AbdEIOmx (ORCPT + 6 others); Tue, 9 May 2017 10:42:53 -0400 Received: from mail-pg0-f51.google.com ([74.125.83.51]:34542 "EHLO mail-pg0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751210AbdEIOmx (ORCPT ); Tue, 9 May 2017 10:42:53 -0400 Received: by mail-pg0-f51.google.com with SMTP id u28so762362pgn.1 for ; Tue, 09 May 2017 07:42:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=M/qFTd4I8xUrMyfU3E3GjHW92kYP2CSGHnZz2sBRIIY=; b=XyeMUvjICXj9aNFkdcE86G3ptTqSpFjFJq+OBYT/leFBELUgIkXOTlwmkUVQ353nvf UFMPdkdwxgQl7prk516c003KklmH+K+Z4Pu0DD+8v6AqSBil18/TMwt+0ot/PzRV0BKu 6iAL5A2O4ZXFBGZh1uE7iYMR55iGvgKjDtJ1c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=M/qFTd4I8xUrMyfU3E3GjHW92kYP2CSGHnZz2sBRIIY=; b=cpHmhkTL3ht4XLte6Thi9yb/HOK+D4FAi36PJ6xxxlVWSogRWMD8A4yhJNMQxf4X+F hz/5ParEghd2tZMNnZsJuyuZ8O1fxgMTLwaj63ui/SEUUA4W4rpx8xvhRoXGjpehWA+m KYwV1dX/P8fB7PVRKzFgcAoNFzSE571G0OrRv5gZLcEHJxb1utV3YWey1DN5KnHsAxZ6 l4KXIQQ/6CyaKzyBn1qAEJ8mfSsora5ceoIpZbbFZYI5kbKyAbeHYDqGsQ+qmAYeeE2i pU2FiYaSLCtRUpYCD86dNds3EkPAiANdg2rzCLcGisGXH3CB69x4+lghScwsld1WmYKI NXMw== X-Gm-Message-State: AODbwcCO6OFstZnetco83QY1tVYbXw5g7mJrMcT+g6qnp/29CE7kmlQd 2VYsZCvvVDAiVGHGC6v2Zw== X-Received: by 10.98.220.201 with SMTP id c70mr282004pfl.230.1494340972187; Tue, 09 May 2017 07:42:52 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.126]) by smtp.gmail.com with ESMTPSA id 11sm341811pfj.59.2017.05.09.07.42.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 09 May 2017 07:42:51 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: stable@vger.kernel.org Subject: [PATCH for-3.18 00/24] Security fixes from 2015 and 2016 android security bulletins Date: Tue, 9 May 2017 20:12:24 +0530 Message-Id: <1494340968-17152-1-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org Hi Greg, Please consider following security fixes for linux-3.18.y. This is a follow up on my previous submission of similar security fixes, https://www.spinics.net/lists/stable/msg169868.html, picked up from android security bulletins published in year 2017 so far. Following are the fixes published in 2015 and 2016 monthly Android Security Bulletins https://source.android.com/security/bulletin/, and/or related follow-up fixes from upstream. Cherry-picked and build tested on v3.18.52 for ARCH=arm/arm64/x86/x86_64/mips + allmodconfig. Benjamin Tissoires (1): HID: core: prevent out-of-bound readings Bjørn Mork (1): cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind Calvin Owens (1): sg: Fix double-free when drives detach during SG_IO David Howells (2): ASN.1: Fix non-match detection failure on data overrun KEYS: Fix ASN.1 indefinite length object parsing Eric Dumazet (2): ipv6: sctp: add rcu protection around np->opt ipv6: sctp: fix lockdep splat in sctp_v6_get_dst() Hangbin Liu (1): net/ipv6: add sysctl option accept_ra_min_hop_limit Jann Horn (1): sched: panic on corrupted stack end Kangjie Lu (3): ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS ALSA: timer: Fix leak in events via snd_timer_user_ccallback ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt Keno Fischer (1): mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp Lukas Czerner (1): ext4: fix potential use after free in __ext4_journal_stop Mark Rutland (1): arm64: make sys_call_table const Peter Hurley (1): tty: Prevent ldisc drivers from re-using stale tty fields Peter Zijlstra (2): perf: Fix event->ctx locking perf: Fix race in swevent hash Rainer Weikusat (1): af_unix: Guard against other == sk in unix_dgram_sendmsg Suzuki K. Poulose (1): arm64: perf: reject groups spanning multiple HW PMUs Takashi Iwai (3): ALSA: seq: Fix race at timer setup and close ALSA: timer: Fix race among timer ioctls xc2028: Fix use-after-free bug properly WANG Cong (1): ppp: defer netns reference release for ppp channel Documentation/networking/ip-sysctl.txt | 8 + arch/arm64/kernel/perf_event.c | 21 ++- arch/arm64/kernel/sys.c | 2 +- drivers/hid/hid-core.c | 3 + drivers/media/tuners/tuner-xc2028.c | 37 ++--- drivers/net/ppp/ppp_generic.c | 5 +- drivers/net/usb/cdc_ncm.c | 20 +-- drivers/scsi/sg.c | 8 +- drivers/tty/tty_ldisc.c | 7 + fs/ext4/ext4_jbd2.c | 6 +- include/linux/ipv6.h | 1 + include/uapi/linux/ipv6.h | 1 + kernel/events/core.c | 264 ++++++++++++++++++++++++++------- kernel/sched/core.c | 3 +- lib/asn1_decoder.c | 21 +-- mm/huge_memory.c | 12 +- net/ipv6/addrconf.c | 10 ++ net/ipv6/ndisc.c | 16 +- net/sctp/ipv6.c | 16 +- net/unix/af_unix.c | 7 +- sound/core/seq/seq_queue.c | 2 + sound/core/timer.c | 35 +++-- 22 files changed, 360 insertions(+), 145 deletions(-) -- 2.7.4