[PATCH 6.18 00/13] 6.18.18-rc1 review

[Greg Kroah-Hartman]

This is the start of the stable review cycle for the 6.18.18 release.
There are 13 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Fri, 13 Mar 2026 20:03:15 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.18-rc1.gz
or in the git tree and branch at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
    Linux 6.18.18-rc1

John Johansen <john.johansen@xxxxxxxxxxxxx>
    apparmor: fix race between freeing data and fs accessing it

John Johansen <john.johansen@xxxxxxxxxxxxx>
    apparmor: fix race on rawdata dereference

John Johansen <john.johansen@xxxxxxxxxxxxx>
    apparmor: fix differential encoding verification

John Johansen <john.johansen@xxxxxxxxxxxxx>
    apparmor: fix unprivileged local user can do privileged policy management

John Johansen <john.johansen@xxxxxxxxxxxxx>
    apparmor: Fix double free of ns_name in aa_replace_profiles()

Massimiliano Pellizzer <massimiliano.pellizzer@xxxxxxxxxxxxx>
    apparmor: fix missing bounds check on DEFAULT table in verify_dfa()

Massimiliano Pellizzer <massimiliano.pellizzer@xxxxxxxxxxxxx>
    apparmor: fix side-effect bug in match_char() macro usage

John Johansen <john.johansen@xxxxxxxxxxxxx>
    apparmor: fix: limit the number of levels of policy namespaces

Massimiliano Pellizzer <massimiliano.pellizzer@xxxxxxxxxxxxx>
    apparmor: replace recursive profile removal with iterative approach

Massimiliano Pellizzer <massimiliano.pellizzer@xxxxxxxxxxxxx>
    apparmor: fix memory leak in verify_header

Massimiliano Pellizzer <massimiliano.pellizzer@xxxxxxxxxxxxx>
    apparmor: validate DFA start states are in bounds in unpack_pdb

Victor Nogueira <victor@xxxxxxxxxxxx>
    net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks

Paul Moses <p@xxxxxxx>
    net/sched: act_gate: snapshot parameters with RCU on replace


-------------

Diffstat:

 Makefile                                  |   4 +-
 include/net/act_api.h                     |   1 +
 include/net/tc_act/tc_gate.h              |  33 +++-
 net/sched/act_ct.c                        |   6 +
 net/sched/act_gate.c                      | 267 +++++++++++++++++++++---------
 net/sched/cls_api.c                       |   7 +
 security/apparmor/apparmorfs.c            | 225 +++++++++++++++----------
 security/apparmor/include/label.h         |  16 +-
 security/apparmor/include/lib.h           |  12 ++
 security/apparmor/include/match.h         |   1 +
 security/apparmor/include/policy.h        |  10 +-
 security/apparmor/include/policy_ns.h     |   2 +
 security/apparmor/include/policy_unpack.h |  83 ++++++----
 security/apparmor/label.c                 |  12 +-
 security/apparmor/match.c                 |  58 +++++--
 security/apparmor/policy.c                |  77 +++++++--
 security/apparmor/policy_ns.c             |   2 +
 security/apparmor/policy_unpack.c         |  65 +++++---
 18 files changed, 604 insertions(+), 277 deletions(-)