commit: 5eb31205911054a7ae7164c69c15ae3d55887cc1 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Sun Sep 26 14:15:29 2021 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Sun Sep 26 14:15:29 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5eb31205
Linux patch 4.9.284 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + 1283_linux-4.9.284.patch | 734 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 738 insertions(+) diff --git a/0000_README b/0000_README index 046d9e8..9577890 100644 --- a/0000_README +++ b/0000_README @@ -1175,6 +1175,10 @@ Patch: 1282_linux-4.9.283.patch From: http://www.kernel.org Desc: Linux 4.9.283 +Patch: 1283_linux-4.9.284.patch +From: http://www.kernel.org +Desc: Linux 4.9.284 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1283_linux-4.9.284.patch b/1283_linux-4.9.284.patch new file mode 100644 index 0000000..6c75e45 --- /dev/null +++ b/1283_linux-4.9.284.patch @@ -0,0 +1,734 @@ +diff --git a/Makefile b/Makefile +index ef029a28bb53c..9605f840f94b8 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 9 +-SUBLEVEL = 283 ++SUBLEVEL = 284 + EXTRAVERSION = + NAME = Roaring Lionus + +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c +index 53bb9700cf411..3d88c56d30f91 100644 +--- a/arch/s390/net/bpf_jit_comp.c ++++ b/arch/s390/net/bpf_jit_comp.c +@@ -591,10 +591,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + EMIT4(0xb9080000, dst_reg, src_reg); + break; + case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */ +- if (!imm) +- break; +- /* alfi %dst,imm */ +- EMIT6_IMM(0xc20b0000, dst_reg, imm); ++ if (imm != 0) { ++ /* alfi %dst,imm */ ++ EMIT6_IMM(0xc20b0000, dst_reg, imm); ++ } + EMIT_ZERO(dst_reg); + break; + case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */ +@@ -616,10 +616,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + EMIT4(0xb9090000, dst_reg, src_reg); + break; + case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */ +- if (!imm) +- break; +- /* alfi %dst,-imm */ +- EMIT6_IMM(0xc20b0000, dst_reg, -imm); ++ if (imm != 0) { ++ /* alfi %dst,-imm */ ++ EMIT6_IMM(0xc20b0000, dst_reg, -imm); ++ } + EMIT_ZERO(dst_reg); + break; + case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */ +@@ -646,10 +646,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + EMIT4(0xb90c0000, dst_reg, src_reg); + break; + case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */ +- if (imm == 1) +- break; +- /* msfi %r5,imm */ +- EMIT6_IMM(0xc2010000, dst_reg, imm); ++ if (imm != 1) { ++ /* msfi %r5,imm */ ++ EMIT6_IMM(0xc2010000, dst_reg, imm); ++ } + EMIT_ZERO(dst_reg); + break; + case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */ +@@ -710,6 +710,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + if (BPF_OP(insn->code) == BPF_MOD) + /* lhgi %dst,0 */ + EMIT4_IMM(0xa7090000, dst_reg, 0); ++ else ++ EMIT_ZERO(dst_reg); + break; + } + /* lhi %w0,0 */ +@@ -802,10 +804,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + EMIT4(0xb9820000, dst_reg, src_reg); + break; + case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */ +- if (!imm) +- break; +- /* xilf %dst,imm */ +- EMIT6_IMM(0xc0070000, dst_reg, imm); ++ if (imm != 0) { ++ /* xilf %dst,imm */ ++ EMIT6_IMM(0xc0070000, dst_reg, imm); ++ } + EMIT_ZERO(dst_reg); + break; + case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */ +@@ -826,10 +828,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0); + break; + case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */ +- if (imm == 0) +- break; +- /* sll %dst,imm(%r0) */ +- EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); ++ if (imm != 0) { ++ /* sll %dst,imm(%r0) */ ++ EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); ++ } + EMIT_ZERO(dst_reg); + break; + case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */ +@@ -851,10 +853,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i + EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0); + break; + case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */ +- if (imm == 0) +- break; +- /* srl %dst,imm(%r0) */ +- EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); ++ if (imm != 0) { ++ /* srl %dst,imm(%r0) */ ++ EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); ++ } + EMIT_ZERO(dst_reg); + break; + case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */ +diff --git a/block/blk-throttle.c b/block/blk-throttle.c +index 3a4c9a3c1427f..6435dc25be0aa 100644 +--- a/block/blk-throttle.c ++++ b/block/blk-throttle.c +@@ -1584,6 +1584,7 @@ int blk_throtl_init(struct request_queue *q) + void blk_throtl_exit(struct request_queue *q) + { + BUG_ON(!q->td); ++ del_timer_sync(&q->td->service_queue.pending_timer); + throtl_shutdown_wq(q); + blkcg_deactivate_policy(q, &blkcg_policy_throtl); + kfree(q->td); +diff --git a/drivers/base/power/wakeirq.c b/drivers/base/power/wakeirq.c +index ee63ccaea8d57..8c05e7a5e777b 100644 +--- a/drivers/base/power/wakeirq.c ++++ b/drivers/base/power/wakeirq.c +@@ -320,7 +320,8 @@ void dev_pm_arm_wake_irq(struct wake_irq *wirq) + return; + + if (device_may_wakeup(wirq->dev)) { +- if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED) ++ if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && ++ !pm_runtime_status_suspended(wirq->dev)) + enable_irq(wirq->irq); + + enable_irq_wake(wirq->irq); +@@ -342,7 +343,8 @@ void dev_pm_disarm_wake_irq(struct wake_irq *wirq) + if (device_may_wakeup(wirq->dev)) { + disable_irq_wake(wirq->irq); + +- if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED) ++ if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && ++ !pm_runtime_status_suspended(wirq->dev)) + disable_irq_nosync(wirq->irq); + } + } +diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c +index 15eb1501915ca..ef9515e9f213f 100644 +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -816,7 +816,7 @@ static void talitos_unregister_rng(struct device *dev) + * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP + */ + #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1) +-#ifdef CONFIG_CRYPTO_DEV_TALITOS_SEC2 ++#ifdef CONFIG_CRYPTO_DEV_TALITOS2 + #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE) + #else + #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE) +diff --git a/drivers/dma/Kconfig b/drivers/dma/Kconfig +index b0f798244a897..9a6da9b2dad35 100644 +--- a/drivers/dma/Kconfig ++++ b/drivers/dma/Kconfig +@@ -238,7 +238,7 @@ config INTEL_IDMA64 + + config INTEL_IOATDMA + tristate "Intel I/OAT DMA support" +- depends on PCI && X86_64 ++ depends on PCI && X86_64 && !UML + select DMA_ENGINE + select DMA_ENGINE_RAID + select DCA +diff --git a/drivers/dma/acpi-dma.c b/drivers/dma/acpi-dma.c +index 4a748c3435d7d..02149742b334c 100644 +--- a/drivers/dma/acpi-dma.c ++++ b/drivers/dma/acpi-dma.c +@@ -72,10 +72,14 @@ static int acpi_dma_parse_resource_group(const struct acpi_csrt_group *grp, + + si = (const struct acpi_csrt_shared_info *)&grp[1]; + +- /* Match device by MMIO and IRQ */ ++ /* Match device by MMIO */ + if (si->mmio_base_low != lower_32_bits(mem) || +- si->mmio_base_high != upper_32_bits(mem) || +- si->gsi_interrupt != irq) ++ si->mmio_base_high != upper_32_bits(mem)) ++ return 0; ++ ++ /* Match device by Linux vIRQ */ ++ ret = acpi_register_gsi(NULL, si->gsi_interrupt, si->interrupt_mode, si->interrupt_polarity); ++ if (ret != irq) + return 0; + + dev_dbg(&adev->dev, "matches with %.4s%04X (rev %u)\n", +diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dma.c +index f00652585ee31..d88c53ff7bb69 100644 +--- a/drivers/dma/xilinx/xilinx_dma.c ++++ b/drivers/dma/xilinx/xilinx_dma.c +@@ -2578,7 +2578,7 @@ static int xilinx_dma_probe(struct platform_device *pdev) + xdev->ext_addr = false; + + /* Set the dma mask bits */ +- dma_set_mask(xdev->dev, DMA_BIT_MASK(addr_width)); ++ dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); + + /* Initialize the DMA engine */ + xdev->common.dev = &pdev->dev; +diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c +index b0ece71aefdee..ce774579c89d1 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c +@@ -57,7 +57,7 @@ nvkm_control_mthd_pstate_info(struct nvkm_control *ctrl, void *data, u32 size) + args->v0.count = 0; + args->v0.ustate_ac = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; + args->v0.ustate_dc = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; +- args->v0.pwrsrc = -ENOSYS; ++ args->v0.pwrsrc = -ENODEV; + args->v0.pstate = NVIF_CONTROL_PSTATE_INFO_V0_PSTATE_UNKNOWN; + } + +diff --git a/drivers/parisc/dino.c b/drivers/parisc/dino.c +index d842ae5310f71..bbcff6ae61d66 100644 +--- a/drivers/parisc/dino.c ++++ b/drivers/parisc/dino.c +@@ -160,15 +160,6 @@ struct dino_device + (struct dino_device *)__pdata; }) + + +-/* Check if PCI device is behind a Card-mode Dino. */ +-static int pci_dev_is_behind_card_dino(struct pci_dev *dev) +-{ +- struct dino_device *dino_dev; +- +- dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge)); +- return is_card_dino(&dino_dev->hba.dev->id); +-} +- + /* + * Dino Configuration Space Accessor Functions + */ +@@ -452,6 +443,15 @@ static void quirk_cirrus_cardbus(struct pci_dev *dev) + DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_CIRRUS, PCI_DEVICE_ID_CIRRUS_6832, quirk_cirrus_cardbus ); + + #ifdef CONFIG_TULIP ++/* Check if PCI device is behind a Card-mode Dino. */ ++static int pci_dev_is_behind_card_dino(struct pci_dev *dev) ++{ ++ struct dino_device *dino_dev; ++ ++ dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge)); ++ return is_card_dino(&dino_dev->hba.dev->id); ++} ++ + static void pci_fixup_tulip(struct pci_dev *dev) + { + if (!pci_dev_is_behind_card_dino(dev)) +diff --git a/drivers/pwm/pwm-lpc32xx.c b/drivers/pwm/pwm-lpc32xx.c +index a9b3cff96aaca..ed8e9406b4af2 100644 +--- a/drivers/pwm/pwm-lpc32xx.c ++++ b/drivers/pwm/pwm-lpc32xx.c +@@ -124,17 +124,17 @@ static int lpc32xx_pwm_probe(struct platform_device *pdev) + lpc32xx->chip.npwm = 1; + lpc32xx->chip.base = -1; + ++ /* If PWM is disabled, configure the output to the default value */ ++ val = readl(lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); ++ val &= ~PWM_PIN_LEVEL; ++ writel(val, lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); ++ + ret = pwmchip_add(&lpc32xx->chip); + if (ret < 0) { + dev_err(&pdev->dev, "failed to add PWM chip, error %d\n", ret); + return ret; + } + +- /* When PWM is disable, configure the output to the default value */ +- val = readl(lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); +- val &= ~PWM_PIN_LEVEL; +- writel(val, lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); +- + platform_set_drvdata(pdev, lpc32xx); + + return 0; +diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c +index 22c481f2ae4f1..2a35b99cf628e 100644 +--- a/drivers/staging/android/ion/ion_system_heap.c ++++ b/drivers/staging/android/ion/ion_system_heap.c +@@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap, + + page = ion_page_pool_alloc(pool); + +- if (cached) ++ if (page && cached) + ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order, + DMA_BIDIRECTIONAL); + return page; +diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c +index c974cb5fb9580..02510c191c7db 100644 +--- a/drivers/thermal/samsung/exynos_tmu.c ++++ b/drivers/thermal/samsung/exynos_tmu.c +@@ -1372,6 +1372,7 @@ static int exynos_tmu_probe(struct platform_device *pdev) + data->sclk = devm_clk_get(&pdev->dev, "tmu_sclk"); + if (IS_ERR(data->sclk)) { + dev_err(&pdev->dev, "Failed to get sclk\n"); ++ ret = PTR_ERR(data->sclk); + goto err_clk; + } else { + ret = clk_prepare_enable(data->sclk); +diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c +index 0eb2ada032c74..839bccbcc9d65 100644 +--- a/fs/ceph/caps.c ++++ b/fs/ceph/caps.c +@@ -1572,6 +1572,8 @@ static int __mark_caps_flushing(struct inode *inode, + * try to invalidate mapping pages without blocking. + */ + static int try_nonblocking_invalidate(struct inode *inode) ++ __releases(ci->i_ceph_lock) ++ __acquires(ci->i_ceph_lock) + { + struct ceph_inode_info *ci = ceph_inode(inode); + u32 invalidating_gen = ci->i_rdcache_gen; +diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c +index e9903bceb2bf1..33fba75aa9f38 100644 +--- a/fs/nilfs2/sysfs.c ++++ b/fs/nilfs2/sysfs.c +@@ -73,11 +73,9 @@ static const struct sysfs_ops nilfs_##name##_attr_ops = { \ + #define NILFS_DEV_INT_GROUP_TYPE(name, parent_name) \ + static void nilfs_##name##_attr_release(struct kobject *kobj) \ + { \ +- struct nilfs_sysfs_##parent_name##_subgroups *subgroups; \ +- struct the_nilfs *nilfs = container_of(kobj->parent, \ +- struct the_nilfs, \ +- ns_##parent_name##_kobj); \ +- subgroups = nilfs->ns_##parent_name##_subgroups; \ ++ struct nilfs_sysfs_##parent_name##_subgroups *subgroups = container_of(kobj, \ ++ struct nilfs_sysfs_##parent_name##_subgroups, \ ++ sg_##name##_kobj); \ + complete(&subgroups->sg_##name##_kobj_unregister); \ + } \ + static struct kobj_type nilfs_##name##_ktype = { \ +@@ -103,12 +101,12 @@ static int nilfs_sysfs_create_##name##_group(struct the_nilfs *nilfs) \ + err = kobject_init_and_add(kobj, &nilfs_##name##_ktype, parent, \ + #name); \ + if (err) \ +- return err; \ +- return 0; \ ++ kobject_put(kobj); \ ++ return err; \ + } \ + static void nilfs_sysfs_delete_##name##_group(struct the_nilfs *nilfs) \ + { \ +- kobject_del(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \ ++ kobject_put(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \ + } + + /************************************************************************ +@@ -219,14 +217,14 @@ int nilfs_sysfs_create_snapshot_group(struct nilfs_root *root) + } + + if (err) +- return err; ++ kobject_put(&root->snapshot_kobj); + +- return 0; ++ return err; + } + + void nilfs_sysfs_delete_snapshot_group(struct nilfs_root *root) + { +- kobject_del(&root->snapshot_kobj); ++ kobject_put(&root->snapshot_kobj); + } + + /************************************************************************ +@@ -1010,7 +1008,7 @@ int nilfs_sysfs_create_device_group(struct super_block *sb) + err = kobject_init_and_add(&nilfs->ns_dev_kobj, &nilfs_dev_ktype, NULL, + "%s", sb->s_id); + if (err) +- goto free_dev_subgroups; ++ goto cleanup_dev_kobject; + + err = nilfs_sysfs_create_mounted_snapshots_group(nilfs); + if (err) +@@ -1047,9 +1045,7 @@ delete_mounted_snapshots_group: + nilfs_sysfs_delete_mounted_snapshots_group(nilfs); + + cleanup_dev_kobject: +- kobject_del(&nilfs->ns_dev_kobj); +- +-free_dev_subgroups: ++ kobject_put(&nilfs->ns_dev_kobj); + kfree(nilfs->ns_dev_subgroups); + + failed_create_device_group: +diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h +index b46133a41f55e..c0707e9bd9186 100644 +--- a/include/net/sctp/structs.h ++++ b/include/net/sctp/structs.h +@@ -470,7 +470,7 @@ struct sctp_af { + int saddr); + void (*from_sk) (union sctp_addr *, + struct sock *sk); +- void (*from_addr_param) (union sctp_addr *, ++ bool (*from_addr_param) (union sctp_addr *, + union sctp_addr_param *, + __be16 port, int iif); + int (*to_addr_param) (const union sctp_addr *, +diff --git a/kernel/profile.c b/kernel/profile.c +index 2dbccf2d806c6..9c78e3ab4b420 100644 +--- a/kernel/profile.c ++++ b/kernel/profile.c +@@ -38,7 +38,8 @@ struct profile_hit { + #define NR_PROFILE_GRP (NR_PROFILE_HIT/PROFILE_GRPSZ) + + static atomic_t *prof_buffer; +-static unsigned long prof_len, prof_shift; ++static unsigned long prof_len; ++static unsigned short int prof_shift; + + int prof_on __read_mostly; + EXPORT_SYMBOL_GPL(prof_on); +@@ -64,8 +65,8 @@ int profile_setup(char *str) + if (str[strlen(sleepstr)] == ',') + str += strlen(sleepstr) + 1; + if (get_option(&str, &par)) +- prof_shift = par; +- pr_info("kernel sleep profiling enabled (shift: %ld)\n", ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); ++ pr_info("kernel sleep profiling enabled (shift: %u)\n", + prof_shift); + #else + pr_warn("kernel sleep profiling requires CONFIG_SCHEDSTATS\n"); +@@ -75,21 +76,21 @@ int profile_setup(char *str) + if (str[strlen(schedstr)] == ',') + str += strlen(schedstr) + 1; + if (get_option(&str, &par)) +- prof_shift = par; +- pr_info("kernel schedule profiling enabled (shift: %ld)\n", ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); ++ pr_info("kernel schedule profiling enabled (shift: %u)\n", + prof_shift); + } else if (!strncmp(str, kvmstr, strlen(kvmstr))) { + prof_on = KVM_PROFILING; + if (str[strlen(kvmstr)] == ',') + str += strlen(kvmstr) + 1; + if (get_option(&str, &par)) +- prof_shift = par; +- pr_info("kernel KVM profiling enabled (shift: %ld)\n", ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); ++ pr_info("kernel KVM profiling enabled (shift: %u)\n", + prof_shift); + } else if (get_option(&str, &par)) { +- prof_shift = par; ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); + prof_on = CPU_PROFILING; +- pr_info("kernel profiling enabled (shift: %ld)\n", ++ pr_info("kernel profiling enabled (shift: %u)\n", + prof_shift); + } + return 1; +@@ -465,7 +466,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) + unsigned long p = *ppos; + ssize_t read; + char *pnt; +- unsigned int sample_step = 1 << prof_shift; ++ unsigned long sample_step = 1UL << prof_shift; + + profile_flip_buffers(); + if (p >= (prof_len+1)*sizeof(unsigned int)) +diff --git a/kernel/sys.c b/kernel/sys.c +index 546cdc911dad4..2e1def48ed73b 100644 +--- a/kernel/sys.c ++++ b/kernel/sys.c +@@ -1774,13 +1774,6 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map) + + error = -EINVAL; + +- /* +- * @brk should be after @end_data in traditional maps. +- */ +- if (prctl_map->start_brk <= prctl_map->end_data || +- prctl_map->brk <= prctl_map->end_data) +- goto out; +- + /* + * Neither we should allow to override limits if they set. + */ +diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c +index f88911cffa1ad..c6a46e8e9eda5 100644 +--- a/net/9p/trans_virtio.c ++++ b/net/9p/trans_virtio.c +@@ -602,7 +602,7 @@ static int p9_virtio_probe(struct virtio_device *vdev) + chan->vc_wq = kmalloc(sizeof(wait_queue_head_t), GFP_KERNEL); + if (!chan->vc_wq) { + err = -ENOMEM; +- goto out_free_tag; ++ goto out_remove_file; + } + init_waitqueue_head(chan->vc_wq); + chan->ring_bufs_avail = 1; +@@ -620,6 +620,8 @@ static int p9_virtio_probe(struct virtio_device *vdev) + + return 0; + ++out_remove_file: ++ sysfs_remove_file(&vdev->dev.kobj, &dev_attr_mount_tag.attr); + out_free_tag: + kfree(tag); + out_free_vq: +diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c +index dc4335d817d80..dd9532c5c19dd 100644 +--- a/net/sctp/bind_addr.c ++++ b/net/sctp/bind_addr.c +@@ -285,20 +285,16 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, + rawaddr = (union sctp_addr_param *)raw_addr_list; + + af = sctp_get_af_specific(param_type2af(param->type)); +- if (unlikely(!af)) { ++ if (unlikely(!af) || ++ !af->from_addr_param(&addr, rawaddr, htons(port), 0)) { + retval = -EINVAL; +- sctp_bind_addr_clean(bp); +- break; ++ goto out_err; + } + +- af->from_addr_param(&addr, rawaddr, htons(port), 0); + retval = sctp_add_bind_addr(bp, &addr, sizeof(addr), + SCTP_ADDR_SRC, gfp); +- if (retval) { +- /* Can't finish building the list, clean up. */ +- sctp_bind_addr_clean(bp); +- break; +- } ++ if (retval) ++ goto out_err; + + len = ntohs(param->length); + addrs_len -= len; +@@ -306,6 +302,12 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, + } + + return retval; ++ ++out_err: ++ if (retval) ++ sctp_bind_addr_clean(bp); ++ ++ return retval; + } + + /******************************************************************** +diff --git a/net/sctp/input.c b/net/sctp/input.c +index 8f4574c4aa6ca..9c1670b4a687d 100644 +--- a/net/sctp/input.c ++++ b/net/sctp/input.c +@@ -1051,7 +1051,8 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct net *net, + if (!af) + continue; + +- af->from_addr_param(paddr, params.addr, sh->source, 0); ++ if (!af->from_addr_param(paddr, params.addr, sh->source, 0)) ++ continue; + + asoc = __sctp_lookup_association(net, laddr, paddr, transportp); + if (asoc) +@@ -1087,6 +1088,9 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( + union sctp_addr_param *param; + union sctp_addr paddr; + ++ if (ntohs(ch->length) < sizeof(*asconf) + sizeof(struct sctp_paramhdr)) ++ return NULL; ++ + /* Skip over the ADDIP header and find the Address parameter */ + param = (union sctp_addr_param *)(asconf + 1); + +@@ -1094,7 +1098,8 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( + if (unlikely(!af)) + return NULL; + +- af->from_addr_param(&paddr, param, peer_port, 0); ++ if (af->from_addr_param(&paddr, param, peer_port, 0)) ++ return NULL; + + return __sctp_lookup_association(net, laddr, &paddr, transportp); + } +diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c +index 50bc8c4ca9068..01337204d2b6f 100644 +--- a/net/sctp/ipv6.c ++++ b/net/sctp/ipv6.c +@@ -490,15 +490,20 @@ static void sctp_v6_to_sk_daddr(union sctp_addr *addr, struct sock *sk) + } + + /* Initialize a sctp_addr from an address parameter. */ +-static void sctp_v6_from_addr_param(union sctp_addr *addr, ++static bool sctp_v6_from_addr_param(union sctp_addr *addr, + union sctp_addr_param *param, + __be16 port, int iif) + { ++ if (ntohs(param->v6.param_hdr.length) < sizeof(struct sctp_ipv6addr_param)) ++ return false; ++ + addr->v6.sin6_family = AF_INET6; + addr->v6.sin6_port = port; + addr->v6.sin6_flowinfo = 0; /* BUG */ + addr->v6.sin6_addr = param->v6.addr; + addr->v6.sin6_scope_id = iif; ++ ++ return true; + } + + /* Initialize an address parameter from a sctp_addr and return the length +diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c +index b1932fd125dad..02afbe5710083 100644 +--- a/net/sctp/protocol.c ++++ b/net/sctp/protocol.c +@@ -274,14 +274,19 @@ static void sctp_v4_to_sk_daddr(union sctp_addr *addr, struct sock *sk) + } + + /* Initialize a sctp_addr from an address parameter. */ +-static void sctp_v4_from_addr_param(union sctp_addr *addr, ++static bool sctp_v4_from_addr_param(union sctp_addr *addr, + union sctp_addr_param *param, + __be16 port, int iif) + { ++ if (ntohs(param->v4.param_hdr.length) < sizeof(struct sctp_ipv4addr_param)) ++ return false; ++ + addr->v4.sin_family = AF_INET; + addr->v4.sin_port = port; + addr->v4.sin_addr.s_addr = param->v4.addr.s_addr; + memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); ++ ++ return true; + } + + /* Initialize an address parameter from a sctp_addr and return the length +diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c +index 0c5aff3bb5391..2e2802f047005 100644 +--- a/net/sctp/sm_make_chunk.c ++++ b/net/sctp/sm_make_chunk.c +@@ -2155,9 +2155,16 @@ static sctp_ierror_t sctp_verify_param(struct net *net, + break; + + case SCTP_PARAM_SET_PRIMARY: +- if (net->sctp.addip_enable) +- break; +- goto fallthrough; ++ if (!net->sctp.addip_enable) ++ goto fallthrough; ++ ++ if (ntohs(param.p->length) < sizeof(struct sctp_addip_param) + ++ sizeof(struct sctp_paramhdr)) { ++ sctp_process_inv_paramlength(asoc, param.p, ++ chunk, err_chunk); ++ retval = SCTP_IERROR_ABORT; ++ } ++ break; + + case SCTP_PARAM_HOST_NAME_ADDRESS: + /* Tell the peer, we won't support this param. */ +@@ -2335,11 +2342,13 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, + + /* Process the initialization parameters. */ + sctp_walk_params(param, peer_init, init_hdr.params) { +- if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || +- param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { ++ if (!src_match && ++ (param.p->type == SCTP_PARAM_IPV4_ADDRESS || ++ param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { + af = sctp_get_af_specific(param_type2af(param.p->type)); +- af->from_addr_param(&addr, param.addr, +- chunk->sctp_hdr->source, 0); ++ if (!af->from_addr_param(&addr, param.addr, ++ chunk->sctp_hdr->source, 0)) ++ continue; + if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) + src_match = 1; + } +@@ -2533,7 +2542,8 @@ static int sctp_process_param(struct sctp_association *asoc, + break; + do_addr_param: + af = sctp_get_af_specific(param_type2af(param.p->type)); +- af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); ++ if (!af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0)) ++ break; + scope = sctp_scope(peer_addr); + if (sctp_in_scope(net, &addr, scope)) + if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) +@@ -2626,15 +2636,13 @@ do_addr_param: + addr_param = param.v + sizeof(sctp_addip_param_t); + + af = sctp_get_af_specific(param_type2af(addr_param->p.type)); +- if (af == NULL) ++ if (!af) + break; + +- af->from_addr_param(&addr, addr_param, +- htons(asoc->peer.port), 0); ++ if (!af->from_addr_param(&addr, addr_param, ++ htons(asoc->peer.port), 0)) ++ break; + +- /* if the address is invalid, we can't process it. +- * XXX: see spec for what to do. +- */ + if (!af->addr_valid(&addr, NULL, NULL)) + break; + +@@ -3046,7 +3054,8 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, + if (unlikely(!af)) + return SCTP_ERROR_DNS_FAILED; + +- af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); ++ if (!af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0)) ++ return SCTP_ERROR_DNS_FAILED; + + /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast + * or multicast address. +@@ -3311,7 +3320,8 @@ static void sctp_asconf_param_success(struct sctp_association *asoc, + + /* We have checked the packet before, so we do not check again. */ + af = sctp_get_af_specific(param_type2af(addr_param->p.type)); +- af->from_addr_param(&addr, addr_param, htons(bp->port), 0); ++ if (!af->from_addr_param(&addr, addr_param, htons(bp->port), 0)) ++ return; + + switch (asconf_param->param_hdr.type) { + case SCTP_PARAM_ADD_IP:
