commit: 4b38ac2afb82a199ef71796c5885599f3e188e93 Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> AuthorDate: Fri Apr 16 11:20:13 2021 +0000 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> CommitDate: Fri Apr 16 11:20:25 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=4b38ac2a
Linux patch 4.4.267 Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org> 0000_README | 4 + 1266_linux-4.4.267.patch | 849 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 853 insertions(+) diff --git a/0000_README b/0000_README index 926141b..074f637 100644 --- a/0000_README +++ b/0000_README @@ -1107,6 +1107,10 @@ Patch: 1265_linux-4.4.266.patch From: http://www.kernel.org Desc: Linux 4.4.266 +Patch: 1266_linux-4.4.267.patch +From: http://www.kernel.org +Desc: Linux 4.4.267 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1266_linux-4.4.267.patch b/1266_linux-4.4.267.patch new file mode 100644 index 0000000..cfafcbf --- /dev/null +++ b/1266_linux-4.4.267.patch @@ -0,0 +1,849 @@ +diff --git a/Makefile b/Makefile +index 8863ee364e7e7..8a564934a742e 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 4 +-SUBLEVEL = 266 ++SUBLEVEL = 267 + EXTRAVERSION = + NAME = Blurry Fish Butt + +diff --git a/arch/ia64/include/asm/ptrace.h b/arch/ia64/include/asm/ptrace.h +index 845143990a1d6..9d3d4fb87a7a3 100644 +--- a/arch/ia64/include/asm/ptrace.h ++++ b/arch/ia64/include/asm/ptrace.h +@@ -53,8 +53,7 @@ + + static inline unsigned long user_stack_pointer(struct pt_regs *regs) + { +- /* FIXME: should this be bspstore + nr_dirty regs? */ +- return regs->ar_bspstore; ++ return regs->r12; + } + + static inline int is_syscall_success(struct pt_regs *regs) +@@ -78,11 +77,6 @@ static inline long regs_return_value(struct pt_regs *regs) + unsigned long __ip = instruction_pointer(regs); \ + (__ip & ~3UL) + ((__ip & 3UL) << 2); \ + }) +-/* +- * Why not default? Because user_stack_pointer() on ia64 gives register +- * stack backing store instead... +- */ +-#define current_user_stack_pointer() (current_pt_regs()->r12) + + /* given a pointer to a task_struct, return the user's pt_regs */ + # define task_pt_regs(t) (((struct pt_regs *) ((char *) (t) + IA64_STK_OFFSET)) - 1) +diff --git a/arch/s390/kernel/cpcmd.c b/arch/s390/kernel/cpcmd.c +index 7f768914fb4f9..c15546c6fb66d 100644 +--- a/arch/s390/kernel/cpcmd.c ++++ b/arch/s390/kernel/cpcmd.c +@@ -37,10 +37,12 @@ static int diag8_noresponse(int cmdlen) + + static int diag8_response(int cmdlen, char *response, int *rlen) + { ++ unsigned long _cmdlen = cmdlen | 0x40000000L; ++ unsigned long _rlen = *rlen; + register unsigned long reg2 asm ("2") = (addr_t) cpcmd_buf; + register unsigned long reg3 asm ("3") = (addr_t) response; +- register unsigned long reg4 asm ("4") = cmdlen | 0x40000000L; +- register unsigned long reg5 asm ("5") = *rlen; ++ register unsigned long reg4 asm ("4") = _cmdlen; ++ register unsigned long reg5 asm ("5") = _rlen; + + asm volatile( + " sam31\n" +diff --git a/drivers/char/agp/Kconfig b/drivers/char/agp/Kconfig +index c528f96ee204f..07de755ca30c5 100644 +--- a/drivers/char/agp/Kconfig ++++ b/drivers/char/agp/Kconfig +@@ -124,7 +124,7 @@ config AGP_HP_ZX1 + + config AGP_PARISC + tristate "HP Quicksilver AGP support" +- depends on AGP && PARISC && 64BIT ++ depends on AGP && PARISC && 64BIT && IOMMU_SBA + help + This option gives you AGP GART support for the HP Quicksilver + AGP bus adapter on HP PA-RISC machines (Ok, just on the C8000 +diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c +index 53c068f90b376..c46fff3a32feb 100644 +--- a/drivers/clk/clk.c ++++ b/drivers/clk/clk.c +@@ -2870,32 +2870,28 @@ EXPORT_SYMBOL_GPL(clk_notifier_register); + */ + int clk_notifier_unregister(struct clk *clk, struct notifier_block *nb) + { +- struct clk_notifier *cn = NULL; +- int ret = -EINVAL; ++ struct clk_notifier *cn; ++ int ret = -ENOENT; + + if (!clk || !nb) + return -EINVAL; + + clk_prepare_lock(); + +- list_for_each_entry(cn, &clk_notifier_list, node) +- if (cn->clk == clk) +- break; +- +- if (cn->clk == clk) { +- ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); ++ list_for_each_entry(cn, &clk_notifier_list, node) { ++ if (cn->clk == clk) { ++ ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); + +- clk->core->notifier_count--; ++ clk->core->notifier_count--; + +- /* XXX the notifier code should handle this better */ +- if (!cn->notifier_head.head) { +- srcu_cleanup_notifier_head(&cn->notifier_head); +- list_del(&cn->node); +- kfree(cn); ++ /* XXX the notifier code should handle this better */ ++ if (!cn->notifier_head.head) { ++ srcu_cleanup_notifier_head(&cn->notifier_head); ++ list_del(&cn->node); ++ kfree(cn); ++ } ++ break; + } +- +- } else { +- ret = -ENOENT; + } + + clk_prepare_unlock(); +diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c +index aa7a6e6a15b65..14918896811d6 100644 +--- a/drivers/clk/socfpga/clk-gate.c ++++ b/drivers/clk/socfpga/clk-gate.c +@@ -107,7 +107,7 @@ static unsigned long socfpga_clk_recalc_rate(struct clk_hw *hwclk, + val = readl(socfpgaclk->div_reg) >> socfpgaclk->shift; + val &= GENMASK(socfpgaclk->width - 1, 0); + /* Check for GPIO_DB_CLK by its offset */ +- if ((int) socfpgaclk->div_reg & SOCFPGA_GPIO_DB_CLK_OFFSET) ++ if ((uintptr_t) socfpgaclk->div_reg & SOCFPGA_GPIO_DB_CLK_OFFSET) + div = val + 1; + else + div = (1 << val); +diff --git a/drivers/gpu/drm/imx/imx-ldb.c b/drivers/gpu/drm/imx/imx-ldb.c +index b9dc2ef64ed88..74585ba165018 100644 +--- a/drivers/gpu/drm/imx/imx-ldb.c ++++ b/drivers/gpu/drm/imx/imx-ldb.c +@@ -217,6 +217,11 @@ static void imx_ldb_encoder_commit(struct drm_encoder *encoder) + int dual = ldb->ldb_ctrl & LDB_SPLIT_MODE_EN; + int mux = imx_drm_encoder_get_mux_id(imx_ldb_ch->child, encoder); + ++ if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) { ++ dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux); ++ return; ++ } ++ + drm_panel_prepare(imx_ldb_ch->panel); + + if (dual) { +@@ -267,6 +272,11 @@ static void imx_ldb_encoder_mode_set(struct drm_encoder *encoder, + unsigned long di_clk = mode->clock * 1000; + int mux = imx_drm_encoder_get_mux_id(imx_ldb_ch->child, encoder); + ++ if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) { ++ dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux); ++ return; ++ } ++ + if (mode->clock > 170000) { + dev_warn(ldb->dev, + "%s: mode exceeds 170 MHz pixel clock\n", __func__); +diff --git a/drivers/iio/light/hid-sensor-prox.c b/drivers/iio/light/hid-sensor-prox.c +index 45ca056f019ed..63041dcec7afd 100644 +--- a/drivers/iio/light/hid-sensor-prox.c ++++ b/drivers/iio/light/hid-sensor-prox.c +@@ -37,6 +37,9 @@ struct prox_state { + struct hid_sensor_common common_attributes; + struct hid_sensor_hub_attribute_info prox_attr; + u32 human_presence; ++ int scale_pre_decml; ++ int scale_post_decml; ++ int scale_precision; + }; + + /* Channel definitions */ +@@ -105,8 +108,9 @@ static int prox_read_raw(struct iio_dev *indio_dev, + ret_type = IIO_VAL_INT; + break; + case IIO_CHAN_INFO_SCALE: +- *val = prox_state->prox_attr.units; +- ret_type = IIO_VAL_INT; ++ *val = prox_state->scale_pre_decml; ++ *val2 = prox_state->scale_post_decml; ++ ret_type = prox_state->scale_precision; + break; + case IIO_CHAN_INFO_OFFSET: + *val = hid_sensor_convert_exponent( +@@ -240,6 +244,12 @@ static int prox_parse_report(struct platform_device *pdev, + st->common_attributes.sensitivity.index, + st->common_attributes.sensitivity.report_id); + } ++ ++ st->scale_precision = hid_sensor_format_scale( ++ hsdev->usage, ++ &st->prox_attr, ++ &st->scale_pre_decml, &st->scale_post_decml); ++ + return ret; + } + +diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c +index 8d75161854eec..f422a8a2528b9 100644 +--- a/drivers/infiniband/hw/cxgb4/cm.c ++++ b/drivers/infiniband/hw/cxgb4/cm.c +@@ -3447,7 +3447,8 @@ int c4iw_destroy_listen(struct iw_cm_id *cm_id) + c4iw_init_wr_wait(&ep->com.wr_wait); + err = cxgb4_remove_server( + ep->com.dev->rdev.lldi.ports[0], ep->stid, +- ep->com.dev->rdev.lldi.rxq_ids[0], true); ++ ep->com.dev->rdev.lldi.rxq_ids[0], ++ ep->com.local_addr.ss_family == AF_INET6); + if (err) + goto done; + err = c4iw_wait_for_reply(&ep->com.dev->rdev, &ep->com.wr_wait, +diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_core.c b/drivers/net/can/usb/peak_usb/pcan_usb_core.c +index 7b148174eb760..620db93ab9a3d 100644 +--- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c ++++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c +@@ -882,7 +882,7 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter, + if (dev->adapter->dev_set_bus) { + err = dev->adapter->dev_set_bus(dev, 0); + if (err) +- goto lbl_unregister_candev; ++ goto adap_dev_free; + } + + /* get device number early */ +@@ -894,6 +894,10 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter, + + return 0; + ++adap_dev_free: ++ if (dev->adapter->dev_free) ++ dev->adapter->dev_free(dev); ++ + lbl_unregister_candev: + unregister_candev(netdev); + +diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c +index bc00fa5e864f3..fb135797688a2 100644 +--- a/drivers/net/ethernet/freescale/gianfar.c ++++ b/drivers/net/ethernet/freescale/gianfar.c +@@ -485,7 +485,11 @@ static struct net_device_stats *gfar_get_stats(struct net_device *dev) + + static int gfar_set_mac_addr(struct net_device *dev, void *p) + { +- eth_mac_addr(dev, p); ++ int ret; ++ ++ ret = eth_mac_addr(dev, p); ++ if (ret) ++ return ret; + + gfar_set_mac_for_addr(dev, 0, dev->dev_addr); + +diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c +index d5e0e2aedc557..9b3ab60c35566 100644 +--- a/drivers/net/ieee802154/atusb.c ++++ b/drivers/net/ieee802154/atusb.c +@@ -340,6 +340,7 @@ static int atusb_alloc_urbs(struct atusb *atusb, int n) + return -ENOMEM; + } + usb_anchor_urb(urb, &atusb->idle_urbs); ++ usb_free_urb(urb); + n--; + } + return 0; +diff --git a/drivers/net/tun.c b/drivers/net/tun.c +index 2b7a3631b8824..7622f390ef1a7 100644 +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -71,6 +71,14 @@ + #include <net/sock.h> + #include <linux/seq_file.h> + #include <linux/uio.h> ++#include <linux/ieee802154.h> ++#include <linux/if_ltalk.h> ++#include <uapi/linux/if_fddi.h> ++#include <uapi/linux/if_hippi.h> ++#include <uapi/linux/if_fc.h> ++#include <net/ax25.h> ++#include <net/rose.h> ++#include <net/6lowpan.h> + + #include <asm/uaccess.h> + +@@ -1888,6 +1896,45 @@ unlock: + return ret; + } + ++/* Return correct value for tun->dev->addr_len based on tun->dev->type. */ ++static unsigned char tun_get_addr_len(unsigned short type) ++{ ++ switch (type) { ++ case ARPHRD_IP6GRE: ++ case ARPHRD_TUNNEL6: ++ return sizeof(struct in6_addr); ++ case ARPHRD_IPGRE: ++ case ARPHRD_TUNNEL: ++ case ARPHRD_SIT: ++ return 4; ++ case ARPHRD_ETHER: ++ return ETH_ALEN; ++ case ARPHRD_IEEE802154: ++ case ARPHRD_IEEE802154_MONITOR: ++ return IEEE802154_EXTENDED_ADDR_LEN; ++ case ARPHRD_PHONET_PIPE: ++ case ARPHRD_PPP: ++ case ARPHRD_NONE: ++ return 0; ++ case ARPHRD_6LOWPAN: ++ return EUI64_ADDR_LEN; ++ case ARPHRD_FDDI: ++ return FDDI_K_ALEN; ++ case ARPHRD_HIPPI: ++ return HIPPI_ALEN; ++ case ARPHRD_IEEE802: ++ return FC_ALEN; ++ case ARPHRD_ROSE: ++ return ROSE_ADDR_LEN; ++ case ARPHRD_NETROM: ++ return AX25_ADDR_LEN; ++ case ARPHRD_LOCALTLK: ++ return LTALK_ALEN; ++ default: ++ return 0; ++ } ++} ++ + static long __tun_chr_ioctl(struct file *file, unsigned int cmd, + unsigned long arg, int ifreq_len) + { +@@ -2026,6 +2073,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, + ret = -EBUSY; + } else { + tun->dev->type = (int) arg; ++ tun->dev->addr_len = tun_get_addr_len(tun->dev->type); + tun_debug(KERN_INFO, tun, "linktype set to %d\n", + tun->dev->type); + ret = 0; +diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c +index d1e68b4835953..56bf952de411d 100644 +--- a/drivers/xen/events/events_base.c ++++ b/drivers/xen/events/events_base.c +@@ -222,7 +222,7 @@ static int xen_irq_info_common_setup(struct irq_info *info, + info->evtchn = evtchn; + info->cpu = cpu; + info->mask_reason = EVT_MASK_REASON_EXPLICIT; +- spin_lock_init(&info->lock); ++ raw_spin_lock_init(&info->lock); + + ret = set_evtchn_to_irq(evtchn, irq); + if (ret < 0) +@@ -374,28 +374,28 @@ static void do_mask(struct irq_info *info, u8 reason) + { + unsigned long flags; + +- spin_lock_irqsave(&info->lock, flags); ++ raw_spin_lock_irqsave(&info->lock, flags); + + if (!info->mask_reason) + mask_evtchn(info->evtchn); + + info->mask_reason |= reason; + +- spin_unlock_irqrestore(&info->lock, flags); ++ raw_spin_unlock_irqrestore(&info->lock, flags); + } + + static void do_unmask(struct irq_info *info, u8 reason) + { + unsigned long flags; + +- spin_lock_irqsave(&info->lock, flags); ++ raw_spin_lock_irqsave(&info->lock, flags); + + info->mask_reason &= ~reason; + + if (!info->mask_reason) + unmask_evtchn(info->evtchn); + +- spin_unlock_irqrestore(&info->lock, flags); ++ raw_spin_unlock_irqrestore(&info->lock, flags); + } + + #ifdef CONFIG_X86 +@@ -1779,7 +1779,7 @@ static void lateeoi_ack_dynirq(struct irq_data *data) + + if (VALID_EVTCHN(evtchn)) { + do_mask(info, EVT_MASK_REASON_EOI_PENDING); +- event_handler_exit(info); ++ ack_dynirq(data); + } + } + +@@ -1790,7 +1790,7 @@ static void lateeoi_mask_ack_dynirq(struct irq_data *data) + + if (VALID_EVTCHN(evtchn)) { + do_mask(info, EVT_MASK_REASON_EXPLICIT); +- event_handler_exit(info); ++ ack_dynirq(data); + } + } + +diff --git a/drivers/xen/events/events_internal.h b/drivers/xen/events/events_internal.h +index 3df6f28b75e69..cc37b711491ce 100644 +--- a/drivers/xen/events/events_internal.h ++++ b/drivers/xen/events/events_internal.h +@@ -47,7 +47,7 @@ struct irq_info { + unsigned short eoi_cpu; /* EOI must happen on this cpu */ + unsigned int irq_epoch; /* If eoi_cpu valid: irq_epoch of event */ + u64 eoi_time; /* Time in jiffies when to EOI. */ +- spinlock_t lock; ++ raw_spinlock_t lock; + + union { + unsigned short virq; +diff --git a/fs/direct-io.c b/fs/direct-io.c +index 44f49d86d714a..49c06f3cd952a 100644 +--- a/fs/direct-io.c ++++ b/fs/direct-io.c +@@ -780,6 +780,7 @@ submit_page_section(struct dio *dio, struct dio_submit *sdio, struct page *page, + struct buffer_head *map_bh) + { + int ret = 0; ++ int boundary = sdio->boundary; /* dio_send_cur_page may clear it */ + + if (dio->rw & WRITE) { + /* +@@ -818,10 +819,10 @@ submit_page_section(struct dio *dio, struct dio_submit *sdio, struct page *page, + sdio->cur_page_fs_offset = sdio->block_in_file << sdio->blkbits; + out: + /* +- * If sdio->boundary then we want to schedule the IO now to ++ * If boundary then we want to schedule the IO now to + * avoid metadata seeks. + */ +- if (sdio->boundary) { ++ if (boundary) { + ret = dio_send_cur_page(dio, sdio, map_bh); + if (sdio->bio) + dio_bio_submit(dio, sdio); +diff --git a/include/net/red.h b/include/net/red.h +index b3ab5c6bfa83f..117a3654d3194 100644 +--- a/include/net/red.h ++++ b/include/net/red.h +@@ -170,9 +170,9 @@ static inline void red_set_vars(struct red_vars *v) + static inline bool red_check_params(u32 qth_min, u32 qth_max, u8 Wlog, + u8 Scell_log, u8 *stab) + { +- if (fls(qth_min) + Wlog > 32) ++ if (fls(qth_min) + Wlog >= 32) + return false; +- if (fls(qth_max) + Wlog > 32) ++ if (fls(qth_max) + Wlog >= 32) + return false; + if (Scell_log >= 32) + return false; +diff --git a/kernel/workqueue.c b/kernel/workqueue.c +index 6b293804cd734..a2de597604e68 100644 +--- a/kernel/workqueue.c ++++ b/kernel/workqueue.c +@@ -1351,7 +1351,6 @@ static void __queue_work(int cpu, struct workqueue_struct *wq, + */ + WARN_ON_ONCE(!irqs_disabled()); + +- debug_work_activate(work); + + /* if draining, only works from the same workqueue are allowed */ + if (unlikely(wq->flags & __WQ_DRAINING) && +@@ -1430,6 +1429,7 @@ retry: + worklist = &pwq->delayed_works; + } + ++ debug_work_activate(work); + insert_work(pwq, work, worklist, work_flags); + + spin_unlock(&pwq->pool->lock); +diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c +index 06f366d234ffb..5f976485e8c64 100644 +--- a/net/batman-adv/translation-table.c ++++ b/net/batman-adv/translation-table.c +@@ -871,6 +871,7 @@ batadv_tt_prepare_tvlv_local_data(struct batadv_priv *bat_priv, + + tt_vlan->vid = htons(vlan->vid); + tt_vlan->crc = htonl(vlan->tt.crc); ++ tt_vlan->reserved = 0; + + tt_vlan++; + } +diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c +index 3503c38954f9f..76691a07a2e08 100644 +--- a/net/ieee802154/nl-mac.c ++++ b/net/ieee802154/nl-mac.c +@@ -557,9 +557,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info, + desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]); + + if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) { +- if (!info->attrs[IEEE802154_ATTR_PAN_ID] && +- !(info->attrs[IEEE802154_ATTR_SHORT_ADDR] || +- info->attrs[IEEE802154_ATTR_HW_ADDR])) ++ if (!info->attrs[IEEE802154_ATTR_PAN_ID]) + return -EINVAL; + + desc->device_addr.pan_id = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_PAN_ID]); +@@ -568,6 +566,9 @@ ieee802154_llsec_parse_key_id(struct genl_info *info, + desc->device_addr.mode = IEEE802154_ADDR_SHORT; + desc->device_addr.short_addr = nla_get_shortaddr(info->attrs[IEEE802154_ATTR_SHORT_ADDR]); + } else { ++ if (!info->attrs[IEEE802154_ATTR_HW_ADDR]) ++ return -EINVAL; ++ + desc->device_addr.mode = IEEE802154_ADDR_LONG; + desc->device_addr.extended_addr = nla_get_hwaddr(info->attrs[IEEE802154_ATTR_HW_ADDR]); + } +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 16ef0d9f566e8..c23c08f49c3c3 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -843,8 +843,13 @@ nl802154_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags, + goto nla_put_failure; + + #ifdef CONFIG_IEEE802154_NL802154_EXPERIMENTAL ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ goto out; ++ + if (nl802154_get_llsec_params(msg, rdev, wpan_dev) < 0) + goto nla_put_failure; ++ ++out: + #endif /* CONFIG_IEEE802154_NL802154_EXPERIMENTAL */ + + genlmsg_end(msg, hdr); +@@ -1367,6 +1372,9 @@ static int nl802154_set_llsec_params(struct sk_buff *skb, + u32 changed = 0; + int ret; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (info->attrs[NL802154_ATTR_SEC_ENABLED]) { + u8 enabled; + +@@ -1527,7 +1535,8 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info) + struct ieee802154_llsec_key_id id = { }; + u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { }; + +- if (nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, ++ if (!info->attrs[NL802154_ATTR_SEC_KEY] || ++ nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, + info->attrs[NL802154_ATTR_SEC_KEY], + nl802154_key_policy)) + return -EINVAL; +@@ -1577,7 +1586,8 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info) + struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1]; + struct ieee802154_llsec_key_id id; + +- if (nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, ++ if (!info->attrs[NL802154_ATTR_SEC_KEY] || ++ nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX, + info->attrs[NL802154_ATTR_SEC_KEY], + nl802154_key_policy)) + return -EINVAL; +@@ -1745,7 +1755,8 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info) + struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1]; + __le64 extended_addr; + +- if (nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX, ++ if (!info->attrs[NL802154_ATTR_SEC_DEVICE] || ++ nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX, + info->attrs[NL802154_ATTR_SEC_DEVICE], + nl802154_dev_policy)) + return -EINVAL; +@@ -1905,7 +1916,8 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info + struct ieee802154_llsec_device_key key; + __le64 extended_addr; + +- if (nla_parse_nested(attrs, NL802154_DEVKEY_ATTR_MAX, ++ if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] || ++ nla_parse_nested(attrs, NL802154_DEVKEY_ATTR_MAX, + info->attrs[NL802154_ATTR_SEC_DEVKEY], + nl802154_devkey_policy)) + return -EINVAL; +@@ -2080,6 +2092,9 @@ static int nl802154_del_llsec_seclevel(struct sk_buff *skb, + struct wpan_dev *wpan_dev = dev->ieee802154_ptr; + struct ieee802154_llsec_seclevel sl; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (!info->attrs[NL802154_ATTR_SEC_LEVEL] || + llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL], + &sl) < 0) +diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c +index 574697326ebc9..ea164fd61a7c6 100644 +--- a/net/ipv4/netfilter/arp_tables.c ++++ b/net/ipv4/netfilter/arp_tables.c +@@ -1349,6 +1349,8 @@ static int translate_compat_table(struct net *net, + if (!newinfo) + goto out_unlock; + ++ memset(newinfo->entries, 0, size); ++ + newinfo->number = compatr->num_entries; + for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + newinfo->hook_entry[i] = compatr->hook_entry[i]; +diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c +index 53d664a7774c4..684003063174d 100644 +--- a/net/ipv4/netfilter/ip_tables.c ++++ b/net/ipv4/netfilter/ip_tables.c +@@ -1610,6 +1610,8 @@ translate_compat_table(struct net *net, + if (!newinfo) + goto out_unlock; + ++ memset(newinfo->entries, 0, size); ++ + newinfo->number = compatr->num_entries; + for (i = 0; i < NF_INET_NUMHOOKS; i++) { + newinfo->hook_entry[i] = compatr->hook_entry[i]; +diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c +index f563cf3fcc4c3..3057356cfdff5 100644 +--- a/net/ipv6/netfilter/ip6_tables.c ++++ b/net/ipv6/netfilter/ip6_tables.c +@@ -1617,6 +1617,8 @@ translate_compat_table(struct net *net, + if (!newinfo) + goto out_unlock; + ++ memset(newinfo->entries, 0, size); ++ + newinfo->number = compatr->num_entries; + for (i = 0; i < NF_INET_NUMHOOKS; i++) { + newinfo->hook_entry[i] = compatr->hook_entry[i]; +diff --git a/net/ipv6/route.c b/net/ipv6/route.c +index 50eba77f5a0d2..f06a768787460 100644 +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -2980,9 +2980,11 @@ static int ip6_route_multipath_add(struct fib6_config *cfg) + * nexthops have been replaced by first new, the rest should + * be added to it. + */ +- cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | +- NLM_F_REPLACE); +- cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; ++ if (cfg->fc_nlinfo.nlh) { ++ cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | ++ NLM_F_REPLACE); ++ cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; ++ } + nhn++; + } + +diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c +index a13d02b7cee47..55ed8a97b33fa 100644 +--- a/net/mac802154/llsec.c ++++ b/net/mac802154/llsec.c +@@ -158,7 +158,7 @@ err_tfm0: + crypto_free_blkcipher(key->tfm0); + err_tfm: + for (i = 0; i < ARRAY_SIZE(key->tfm); i++) +- if (key->tfm[i]) ++ if (!IS_ERR_OR_NULL(key->tfm[i])) + crypto_free_aead(key->tfm[i]); + + kzfree(key); +diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c +index 8caae1c5d93df..7e261fab7ef8d 100644 +--- a/net/netfilter/x_tables.c ++++ b/net/netfilter/x_tables.c +@@ -568,7 +568,7 @@ void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, + { + const struct xt_match *match = m->u.kernel.match; + struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m; +- int pad, off = xt_compat_match_offset(match); ++ int off = xt_compat_match_offset(match); + u_int16_t msize = cm->u.user.match_size; + char name[sizeof(m->u.user.name)]; + +@@ -578,9 +578,6 @@ void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, + match->compat_from_user(m->data, cm->data); + else + memcpy(m->data, cm->data, msize - sizeof(*cm)); +- pad = XT_ALIGN(match->matchsize) - match->matchsize; +- if (pad > 0) +- memset(m->data + match->matchsize, 0, pad); + + msize += off; + m->u.user.match_size = msize; +@@ -926,7 +923,7 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, + { + const struct xt_target *target = t->u.kernel.target; + struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t; +- int pad, off = xt_compat_target_offset(target); ++ int off = xt_compat_target_offset(target); + u_int16_t tsize = ct->u.user.target_size; + char name[sizeof(t->u.user.name)]; + +@@ -936,9 +933,6 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, + target->compat_from_user(t->data, ct->data); + else + memcpy(t->data, ct->data, tsize - sizeof(*ct)); +- pad = XT_ALIGN(target->targetsize) - target->targetsize; +- if (pad > 0) +- memset(t->data + target->targetsize, 0, pad); + + tsize += off; + t->u.user.target_size = tsize; +diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c +index 44d6b8355eab7..2f8d38d0802ac 100644 +--- a/net/nfc/llcp_sock.c ++++ b/net/nfc/llcp_sock.c +@@ -119,11 +119,13 @@ static int llcp_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) + llcp_sock->service_name_len, + GFP_KERNEL); + if (!llcp_sock->service_name) { ++ nfc_llcp_local_put(llcp_sock->local); + ret = -ENOMEM; + goto put_dev; + } + llcp_sock->ssap = nfc_llcp_get_sdp_ssap(local, llcp_sock); + if (llcp_sock->ssap == LLCP_SAP_MAX) { ++ nfc_llcp_local_put(llcp_sock->local); + kfree(llcp_sock->service_name); + llcp_sock->service_name = NULL; + ret = -EADDRINUSE; +@@ -677,6 +679,10 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, + ret = -EISCONN; + goto error; + } ++ if (sk->sk_state == LLCP_CONNECTING) { ++ ret = -EINPROGRESS; ++ goto error; ++ } + + dev = nfc_get_device(addr->dev_idx); + if (dev == NULL) { +@@ -708,6 +714,7 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, + llcp_sock->local = nfc_llcp_local_get(local); + llcp_sock->ssap = nfc_llcp_get_local_ssap(local); + if (llcp_sock->ssap == LLCP_SAP_MAX) { ++ nfc_llcp_local_put(llcp_sock->local); + ret = -ENOMEM; + goto put_dev; + } +@@ -745,8 +752,11 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, + + sock_unlink: + nfc_llcp_put_ssap(local, llcp_sock->ssap); ++ nfc_llcp_local_put(llcp_sock->local); + + nfc_llcp_sock_unlink(&local->connecting_sockets, sk); ++ kfree(llcp_sock->service_name); ++ llcp_sock->service_name = NULL; + + put_dev: + nfc_put_device(dev); +diff --git a/net/sched/sch_teql.c b/net/sched/sch_teql.c +index e02687185a594..a7ecf626e9982 100644 +--- a/net/sched/sch_teql.c ++++ b/net/sched/sch_teql.c +@@ -138,6 +138,9 @@ teql_destroy(struct Qdisc *sch) + struct teql_sched_data *dat = qdisc_priv(sch); + struct teql_master *master = dat->m; + ++ if (!master) ++ return; ++ + prev = master->slaves; + if (prev) { + do { +diff --git a/net/tipc/socket.c b/net/tipc/socket.c +index 65171f8e8c45a..0e5bb03c64254 100644 +--- a/net/tipc/socket.c ++++ b/net/tipc/socket.c +@@ -763,7 +763,7 @@ void tipc_sk_mcast_rcv(struct net *net, struct sk_buff_head *arrvq, + spin_lock_bh(&inputq->lock); + if (skb_peek(arrvq) == skb) { + skb_queue_splice_tail_init(&tmpq, inputq); +- kfree_skb(__skb_dequeue(arrvq)); ++ __skb_dequeue(arrvq); + } + spin_unlock_bh(&inputq->lock); + __skb_queue_purge(&tmpq); +diff --git a/net/wireless/sme.c b/net/wireless/sme.c +index 18b4a652cf41f..784f1ee24e596 100644 +--- a/net/wireless/sme.c ++++ b/net/wireless/sme.c +@@ -507,7 +507,7 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev, + if (wdev->current_bss) + return -EALREADY; + +- if (WARN_ON(wdev->conn)) ++ if (wdev->conn) + return -EINPROGRESS; + + wdev->conn = kzalloc(sizeof(*wdev->conn), GFP_KERNEL); +diff --git a/sound/drivers/aloop.c b/sound/drivers/aloop.c +index 847f70348d4d5..cc600aa0f6c78 100644 +--- a/sound/drivers/aloop.c ++++ b/sound/drivers/aloop.c +@@ -1062,6 +1062,14 @@ static int loopback_mixer_new(struct loopback *loopback, int notify) + return -ENOMEM; + kctl->id.device = dev; + kctl->id.subdevice = substr; ++ ++ /* Add the control before copying the id so that ++ * the numid field of the id is set in the copy. ++ */ ++ err = snd_ctl_add(card, kctl); ++ if (err < 0) ++ return err; ++ + switch (idx) { + case ACTIVE_IDX: + setup->active_id = kctl->id; +@@ -1078,9 +1086,6 @@ static int loopback_mixer_new(struct loopback *loopback, int notify) + default: + break; + } +- err = snd_ctl_add(card, kctl); +- if (err < 0) +- return err; + } + } + } +diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c +index 2a51212d5e499..e86fd1b38448e 100644 +--- a/tools/perf/util/map.c ++++ b/tools/perf/util/map.c +@@ -88,8 +88,7 @@ static inline bool replace_android_lib(const char *filename, char *newfilename) + if (!strncmp(filename, "/system/lib/", 12)) { + char *ndk, *app; + const char *arch; +- size_t ndk_length; +- size_t app_length; ++ int ndk_length, app_length; + + ndk = getenv("NDK_ROOT"); + app = getenv("APP_PLATFORM"); +@@ -117,8 +116,8 @@ static inline bool replace_android_lib(const char *filename, char *newfilename) + if (new_length > PATH_MAX) + return false; + snprintf(newfilename, new_length, +- "%s/platforms/%s/arch-%s/usr/lib/%s", +- ndk, app, arch, libname); ++ "%.*s/platforms/%.*s/arch-%s/usr/lib/%s", ++ ndk_length, ndk, app_length, app, arch, libname); + + return true; + }
