Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.4 commit in: /
Date: Sun, 26 Sep 2021 14:16:22
Message-Id: 1632665764.f48809380831c2938a424bafa5ce8f1772159597.mpagano@gentoo
1 commit: f48809380831c2938a424bafa5ce8f1772159597
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sun Sep 26 14:16:04 2021 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sun Sep 26 14:16:04 2021 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f4880938
7
8 Linux patch 4.4.285
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1284_linux-4.4.285.patch | 674 +++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 678 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index b242c5e..bd19b36 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -1179,6 +1179,10 @@ Patch: 1283_linux-4.4.284.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.4.284
23
24 +Patch: 1284_linux-4.4.285.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.4.285
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1284_linux-4.4.285.patch b/1284_linux-4.4.285.patch
33 new file mode 100644
34 index 0000000..99df87c
35 --- /dev/null
36 +++ b/1284_linux-4.4.285.patch
37 @@ -0,0 +1,674 @@
38 +diff --git a/Makefile b/Makefile
39 +index 05fe3ae4e67aa..96cb7da465043 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 4
45 +-SUBLEVEL = 284
46 ++SUBLEVEL = 285
47 + EXTRAVERSION =
48 + NAME = Blurry Fish Butt
49 +
50 +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
51 +index 8b73ef59a8de6..03ad0455931dc 100644
52 +--- a/arch/s390/net/bpf_jit_comp.c
53 ++++ b/arch/s390/net/bpf_jit_comp.c
54 +@@ -596,10 +596,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
55 + EMIT4(0xb9080000, dst_reg, src_reg);
56 + break;
57 + case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */
58 +- if (!imm)
59 +- break;
60 +- /* alfi %dst,imm */
61 +- EMIT6_IMM(0xc20b0000, dst_reg, imm);
62 ++ if (imm != 0) {
63 ++ /* alfi %dst,imm */
64 ++ EMIT6_IMM(0xc20b0000, dst_reg, imm);
65 ++ }
66 + EMIT_ZERO(dst_reg);
67 + break;
68 + case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */
69 +@@ -621,10 +621,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
70 + EMIT4(0xb9090000, dst_reg, src_reg);
71 + break;
72 + case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */
73 +- if (!imm)
74 +- break;
75 +- /* alfi %dst,-imm */
76 +- EMIT6_IMM(0xc20b0000, dst_reg, -imm);
77 ++ if (imm != 0) {
78 ++ /* alfi %dst,-imm */
79 ++ EMIT6_IMM(0xc20b0000, dst_reg, -imm);
80 ++ }
81 + EMIT_ZERO(dst_reg);
82 + break;
83 + case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */
84 +@@ -651,10 +651,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
85 + EMIT4(0xb90c0000, dst_reg, src_reg);
86 + break;
87 + case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */
88 +- if (imm == 1)
89 +- break;
90 +- /* msfi %r5,imm */
91 +- EMIT6_IMM(0xc2010000, dst_reg, imm);
92 ++ if (imm != 1) {
93 ++ /* msfi %r5,imm */
94 ++ EMIT6_IMM(0xc2010000, dst_reg, imm);
95 ++ }
96 + EMIT_ZERO(dst_reg);
97 + break;
98 + case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */
99 +@@ -715,6 +715,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
100 + if (BPF_OP(insn->code) == BPF_MOD)
101 + /* lhgi %dst,0 */
102 + EMIT4_IMM(0xa7090000, dst_reg, 0);
103 ++ else
104 ++ EMIT_ZERO(dst_reg);
105 + break;
106 + }
107 + /* lhi %w0,0 */
108 +@@ -807,10 +809,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
109 + EMIT4(0xb9820000, dst_reg, src_reg);
110 + break;
111 + case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */
112 +- if (!imm)
113 +- break;
114 +- /* xilf %dst,imm */
115 +- EMIT6_IMM(0xc0070000, dst_reg, imm);
116 ++ if (imm != 0) {
117 ++ /* xilf %dst,imm */
118 ++ EMIT6_IMM(0xc0070000, dst_reg, imm);
119 ++ }
120 + EMIT_ZERO(dst_reg);
121 + break;
122 + case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */
123 +@@ -831,10 +833,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
124 + EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0);
125 + break;
126 + case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */
127 +- if (imm == 0)
128 +- break;
129 +- /* sll %dst,imm(%r0) */
130 +- EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
131 ++ if (imm != 0) {
132 ++ /* sll %dst,imm(%r0) */
133 ++ EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
134 ++ }
135 + EMIT_ZERO(dst_reg);
136 + break;
137 + case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */
138 +@@ -856,10 +858,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
139 + EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0);
140 + break;
141 + case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */
142 +- if (imm == 0)
143 +- break;
144 +- /* srl %dst,imm(%r0) */
145 +- EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
146 ++ if (imm != 0) {
147 ++ /* srl %dst,imm(%r0) */
148 ++ EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
149 ++ }
150 + EMIT_ZERO(dst_reg);
151 + break;
152 + case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */
153 +diff --git a/block/blk-throttle.c b/block/blk-throttle.c
154 +index 17bdd6b55bebc..fbd08c4569ced 100644
155 +--- a/block/blk-throttle.c
156 ++++ b/block/blk-throttle.c
157 +@@ -1588,6 +1588,7 @@ int blk_throtl_init(struct request_queue *q)
158 + void blk_throtl_exit(struct request_queue *q)
159 + {
160 + BUG_ON(!q->td);
161 ++ del_timer_sync(&q->td->service_queue.pending_timer);
162 + throtl_shutdown_wq(q);
163 + blkcg_deactivate_policy(q, &blkcg_policy_throtl);
164 + kfree(q->td);
165 +diff --git a/drivers/base/power/wakeirq.c b/drivers/base/power/wakeirq.c
166 +index ee63ccaea8d57..8c05e7a5e777b 100644
167 +--- a/drivers/base/power/wakeirq.c
168 ++++ b/drivers/base/power/wakeirq.c
169 +@@ -320,7 +320,8 @@ void dev_pm_arm_wake_irq(struct wake_irq *wirq)
170 + return;
171 +
172 + if (device_may_wakeup(wirq->dev)) {
173 +- if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED)
174 ++ if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED &&
175 ++ !pm_runtime_status_suspended(wirq->dev))
176 + enable_irq(wirq->irq);
177 +
178 + enable_irq_wake(wirq->irq);
179 +@@ -342,7 +343,8 @@ void dev_pm_disarm_wake_irq(struct wake_irq *wirq)
180 + if (device_may_wakeup(wirq->dev)) {
181 + disable_irq_wake(wirq->irq);
182 +
183 +- if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED)
184 ++ if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED &&
185 ++ !pm_runtime_status_suspended(wirq->dev))
186 + disable_irq_nosync(wirq->irq);
187 + }
188 + }
189 +diff --git a/drivers/dma/Kconfig b/drivers/dma/Kconfig
190 +index e6cd1a32025a9..f450f3d8f63aa 100644
191 +--- a/drivers/dma/Kconfig
192 ++++ b/drivers/dma/Kconfig
193 +@@ -239,7 +239,7 @@ config INTEL_IDMA64
194 +
195 + config INTEL_IOATDMA
196 + tristate "Intel I/OAT DMA support"
197 +- depends on PCI && X86_64
198 ++ depends on PCI && X86_64 && !UML
199 + select DMA_ENGINE
200 + select DMA_ENGINE_RAID
201 + select DCA
202 +diff --git a/drivers/dma/acpi-dma.c b/drivers/dma/acpi-dma.c
203 +index 16d0daa058a54..eef1b93828c23 100644
204 +--- a/drivers/dma/acpi-dma.c
205 ++++ b/drivers/dma/acpi-dma.c
206 +@@ -15,6 +15,7 @@
207 + #include <linux/device.h>
208 + #include <linux/err.h>
209 + #include <linux/module.h>
210 ++#include <linux/kernel.h>
211 + #include <linux/list.h>
212 + #include <linux/mutex.h>
213 + #include <linux/slab.h>
214 +@@ -71,8 +72,14 @@ static int acpi_dma_parse_resource_group(const struct acpi_csrt_group *grp,
215 +
216 + si = (const struct acpi_csrt_shared_info *)&grp[1];
217 +
218 +- /* Match device by MMIO and IRQ */
219 +- if (si->mmio_base_low != mem || si->gsi_interrupt != irq)
220 ++ /* Match device by MMIO */
221 ++ if (si->mmio_base_low != lower_32_bits(mem) ||
222 ++ si->mmio_base_high != upper_32_bits(mem))
223 ++ return 0;
224 ++
225 ++ /* Match device by Linux vIRQ */
226 ++ ret = acpi_register_gsi(NULL, si->gsi_interrupt, si->interrupt_mode, si->interrupt_polarity);
227 ++ if (ret != irq)
228 + return 0;
229 +
230 + dev_dbg(&adev->dev, "matches with %.4s%04X (rev %u)\n",
231 +diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c
232 +index cf8bc068e9b70..381c59279d7f0 100644
233 +--- a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c
234 ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c
235 +@@ -56,7 +56,7 @@ nvkm_control_mthd_pstate_info(struct nvkm_control *ctrl, void *data, u32 size)
236 + args->v0.count = 0;
237 + args->v0.ustate_ac = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE;
238 + args->v0.ustate_dc = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE;
239 +- args->v0.pwrsrc = -ENOSYS;
240 ++ args->v0.pwrsrc = -ENODEV;
241 + args->v0.pstate = NVIF_CONTROL_PSTATE_INFO_V0_PSTATE_UNKNOWN;
242 + }
243 +
244 +diff --git a/drivers/parisc/dino.c b/drivers/parisc/dino.c
245 +index 8524faf28acb6..88e760c88abaa 100644
246 +--- a/drivers/parisc/dino.c
247 ++++ b/drivers/parisc/dino.c
248 +@@ -160,15 +160,6 @@ struct dino_device
249 + (struct dino_device *)__pdata; })
250 +
251 +
252 +-/* Check if PCI device is behind a Card-mode Dino. */
253 +-static int pci_dev_is_behind_card_dino(struct pci_dev *dev)
254 +-{
255 +- struct dino_device *dino_dev;
256 +-
257 +- dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge));
258 +- return is_card_dino(&dino_dev->hba.dev->id);
259 +-}
260 +-
261 + /*
262 + * Dino Configuration Space Accessor Functions
263 + */
264 +@@ -452,6 +443,15 @@ static void quirk_cirrus_cardbus(struct pci_dev *dev)
265 + DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_CIRRUS, PCI_DEVICE_ID_CIRRUS_6832, quirk_cirrus_cardbus );
266 +
267 + #ifdef CONFIG_TULIP
268 ++/* Check if PCI device is behind a Card-mode Dino. */
269 ++static int pci_dev_is_behind_card_dino(struct pci_dev *dev)
270 ++{
271 ++ struct dino_device *dino_dev;
272 ++
273 ++ dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge));
274 ++ return is_card_dino(&dino_dev->hba.dev->id);
275 ++}
276 ++
277 + static void pci_fixup_tulip(struct pci_dev *dev)
278 + {
279 + if (!pci_dev_is_behind_card_dino(dev))
280 +diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c
281 +index 16d45a25284f1..a4c0542f61417 100644
282 +--- a/drivers/thermal/samsung/exynos_tmu.c
283 ++++ b/drivers/thermal/samsung/exynos_tmu.c
284 +@@ -1347,6 +1347,7 @@ static int exynos_tmu_probe(struct platform_device *pdev)
285 + data->sclk = devm_clk_get(&pdev->dev, "tmu_sclk");
286 + if (IS_ERR(data->sclk)) {
287 + dev_err(&pdev->dev, "Failed to get sclk\n");
288 ++ ret = PTR_ERR(data->sclk);
289 + goto err_clk;
290 + } else {
291 + ret = clk_prepare_enable(data->sclk);
292 +diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
293 +index 9d74cd37b3958..154c47282a340 100644
294 +--- a/fs/ceph/caps.c
295 ++++ b/fs/ceph/caps.c
296 +@@ -1545,6 +1545,8 @@ static int __mark_caps_flushing(struct inode *inode,
297 + * try to invalidate mapping pages without blocking.
298 + */
299 + static int try_nonblocking_invalidate(struct inode *inode)
300 ++ __releases(ci->i_ceph_lock)
301 ++ __acquires(ci->i_ceph_lock)
302 + {
303 + struct ceph_inode_info *ci = ceph_inode(inode);
304 + u32 invalidating_gen = ci->i_rdcache_gen;
305 +diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c
306 +index c3b629eec294a..49a148ebbcda9 100644
307 +--- a/fs/nilfs2/sysfs.c
308 ++++ b/fs/nilfs2/sysfs.c
309 +@@ -73,11 +73,9 @@ static const struct sysfs_ops nilfs_##name##_attr_ops = { \
310 + #define NILFS_DEV_INT_GROUP_TYPE(name, parent_name) \
311 + static void nilfs_##name##_attr_release(struct kobject *kobj) \
312 + { \
313 +- struct nilfs_sysfs_##parent_name##_subgroups *subgroups; \
314 +- struct the_nilfs *nilfs = container_of(kobj->parent, \
315 +- struct the_nilfs, \
316 +- ns_##parent_name##_kobj); \
317 +- subgroups = nilfs->ns_##parent_name##_subgroups; \
318 ++ struct nilfs_sysfs_##parent_name##_subgroups *subgroups = container_of(kobj, \
319 ++ struct nilfs_sysfs_##parent_name##_subgroups, \
320 ++ sg_##name##_kobj); \
321 + complete(&subgroups->sg_##name##_kobj_unregister); \
322 + } \
323 + static struct kobj_type nilfs_##name##_ktype = { \
324 +@@ -103,12 +101,12 @@ static int nilfs_sysfs_create_##name##_group(struct the_nilfs *nilfs) \
325 + err = kobject_init_and_add(kobj, &nilfs_##name##_ktype, parent, \
326 + #name); \
327 + if (err) \
328 +- return err; \
329 +- return 0; \
330 ++ kobject_put(kobj); \
331 ++ return err; \
332 + } \
333 + static void nilfs_sysfs_delete_##name##_group(struct the_nilfs *nilfs) \
334 + { \
335 +- kobject_del(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \
336 ++ kobject_put(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \
337 + }
338 +
339 + /************************************************************************
340 +@@ -219,14 +217,14 @@ int nilfs_sysfs_create_snapshot_group(struct nilfs_root *root)
341 + }
342 +
343 + if (err)
344 +- return err;
345 ++ kobject_put(&root->snapshot_kobj);
346 +
347 +- return 0;
348 ++ return err;
349 + }
350 +
351 + void nilfs_sysfs_delete_snapshot_group(struct nilfs_root *root)
352 + {
353 +- kobject_del(&root->snapshot_kobj);
354 ++ kobject_put(&root->snapshot_kobj);
355 + }
356 +
357 + /************************************************************************
358 +@@ -1008,7 +1006,7 @@ int nilfs_sysfs_create_device_group(struct super_block *sb)
359 + err = kobject_init_and_add(&nilfs->ns_dev_kobj, &nilfs_dev_ktype, NULL,
360 + "%s", sb->s_id);
361 + if (err)
362 +- goto free_dev_subgroups;
363 ++ goto cleanup_dev_kobject;
364 +
365 + err = nilfs_sysfs_create_mounted_snapshots_group(nilfs);
366 + if (err)
367 +@@ -1045,9 +1043,7 @@ delete_mounted_snapshots_group:
368 + nilfs_sysfs_delete_mounted_snapshots_group(nilfs);
369 +
370 + cleanup_dev_kobject:
371 +- kobject_del(&nilfs->ns_dev_kobj);
372 +-
373 +-free_dev_subgroups:
374 ++ kobject_put(&nilfs->ns_dev_kobj);
375 + kfree(nilfs->ns_dev_subgroups);
376 +
377 + failed_create_device_group:
378 +diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
379 +index eea9bdeecba27..1d24da658f43e 100644
380 +--- a/include/net/sctp/structs.h
381 ++++ b/include/net/sctp/structs.h
382 +@@ -469,7 +469,7 @@ struct sctp_af {
383 + int saddr);
384 + void (*from_sk) (union sctp_addr *,
385 + struct sock *sk);
386 +- void (*from_addr_param) (union sctp_addr *,
387 ++ bool (*from_addr_param) (union sctp_addr *,
388 + union sctp_addr_param *,
389 + __be16 port, int iif);
390 + int (*to_addr_param) (const union sctp_addr *,
391 +diff --git a/kernel/profile.c b/kernel/profile.c
392 +index 9cd8e18e6f18e..927a0345e259f 100644
393 +--- a/kernel/profile.c
394 ++++ b/kernel/profile.c
395 +@@ -38,7 +38,8 @@ struct profile_hit {
396 + #define NR_PROFILE_GRP (NR_PROFILE_HIT/PROFILE_GRPSZ)
397 +
398 + static atomic_t *prof_buffer;
399 +-static unsigned long prof_len, prof_shift;
400 ++static unsigned long prof_len;
401 ++static unsigned short int prof_shift;
402 +
403 + int prof_on __read_mostly;
404 + EXPORT_SYMBOL_GPL(prof_on);
405 +@@ -63,8 +64,8 @@ int profile_setup(char *str)
406 + if (str[strlen(sleepstr)] == ',')
407 + str += strlen(sleepstr) + 1;
408 + if (get_option(&str, &par))
409 +- prof_shift = par;
410 +- pr_info("kernel sleep profiling enabled (shift: %ld)\n",
411 ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1);
412 ++ pr_info("kernel sleep profiling enabled (shift: %u)\n",
413 + prof_shift);
414 + #else
415 + pr_warn("kernel sleep profiling requires CONFIG_SCHEDSTATS\n");
416 +@@ -74,21 +75,21 @@ int profile_setup(char *str)
417 + if (str[strlen(schedstr)] == ',')
418 + str += strlen(schedstr) + 1;
419 + if (get_option(&str, &par))
420 +- prof_shift = par;
421 +- pr_info("kernel schedule profiling enabled (shift: %ld)\n",
422 ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1);
423 ++ pr_info("kernel schedule profiling enabled (shift: %u)\n",
424 + prof_shift);
425 + } else if (!strncmp(str, kvmstr, strlen(kvmstr))) {
426 + prof_on = KVM_PROFILING;
427 + if (str[strlen(kvmstr)] == ',')
428 + str += strlen(kvmstr) + 1;
429 + if (get_option(&str, &par))
430 +- prof_shift = par;
431 +- pr_info("kernel KVM profiling enabled (shift: %ld)\n",
432 ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1);
433 ++ pr_info("kernel KVM profiling enabled (shift: %u)\n",
434 + prof_shift);
435 + } else if (get_option(&str, &par)) {
436 +- prof_shift = par;
437 ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1);
438 + prof_on = CPU_PROFILING;
439 +- pr_info("kernel profiling enabled (shift: %ld)\n",
440 ++ pr_info("kernel profiling enabled (shift: %u)\n",
441 + prof_shift);
442 + }
443 + return 1;
444 +@@ -475,7 +476,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
445 + unsigned long p = *ppos;
446 + ssize_t read;
447 + char *pnt;
448 +- unsigned int sample_step = 1 << prof_shift;
449 ++ unsigned long sample_step = 1UL << prof_shift;
450 +
451 + profile_flip_buffers();
452 + if (p >= (prof_len+1)*sizeof(unsigned int))
453 +diff --git a/kernel/sys.c b/kernel/sys.c
454 +index e98664039cb23..ee8d83885367c 100644
455 +--- a/kernel/sys.c
456 ++++ b/kernel/sys.c
457 +@@ -1774,13 +1774,6 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map)
458 +
459 + error = -EINVAL;
460 +
461 +- /*
462 +- * @brk should be after @end_data in traditional maps.
463 +- */
464 +- if (prctl_map->start_brk <= prctl_map->end_data ||
465 +- prctl_map->brk <= prctl_map->end_data)
466 +- goto out;
467 +-
468 + /*
469 + * Neither we should allow to override limits if they set.
470 + */
471 +diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
472 +index 5892bd1457d4f..252a4c22898e9 100644
473 +--- a/net/9p/trans_virtio.c
474 ++++ b/net/9p/trans_virtio.c
475 +@@ -605,7 +605,7 @@ static int p9_virtio_probe(struct virtio_device *vdev)
476 + chan->vc_wq = kmalloc(sizeof(wait_queue_head_t), GFP_KERNEL);
477 + if (!chan->vc_wq) {
478 + err = -ENOMEM;
479 +- goto out_free_tag;
480 ++ goto out_remove_file;
481 + }
482 + init_waitqueue_head(chan->vc_wq);
483 + chan->ring_bufs_avail = 1;
484 +@@ -623,6 +623,8 @@ static int p9_virtio_probe(struct virtio_device *vdev)
485 +
486 + return 0;
487 +
488 ++out_remove_file:
489 ++ sysfs_remove_file(&vdev->dev.kobj, &dev_attr_mount_tag.attr);
490 + out_free_tag:
491 + kfree(tag);
492 + out_free_vq:
493 +diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
494 +index 664215448d09f..40fd399a10356 100644
495 +--- a/net/sctp/bind_addr.c
496 ++++ b/net/sctp/bind_addr.c
497 +@@ -284,19 +284,15 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list,
498 + rawaddr = (union sctp_addr_param *)raw_addr_list;
499 +
500 + af = sctp_get_af_specific(param_type2af(param->type));
501 +- if (unlikely(!af)) {
502 ++ if (unlikely(!af) ||
503 ++ !af->from_addr_param(&addr, rawaddr, htons(port), 0)) {
504 + retval = -EINVAL;
505 +- sctp_bind_addr_clean(bp);
506 +- break;
507 ++ goto out_err;
508 + }
509 +
510 +- af->from_addr_param(&addr, rawaddr, htons(port), 0);
511 + retval = sctp_add_bind_addr(bp, &addr, SCTP_ADDR_SRC, gfp);
512 +- if (retval) {
513 +- /* Can't finish building the list, clean up. */
514 +- sctp_bind_addr_clean(bp);
515 +- break;
516 +- }
517 ++ if (retval)
518 ++ goto out_err;
519 +
520 + len = ntohs(param->length);
521 + addrs_len -= len;
522 +@@ -304,6 +300,12 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list,
523 + }
524 +
525 + return retval;
526 ++
527 ++out_err:
528 ++ if (retval)
529 ++ sctp_bind_addr_clean(bp);
530 ++
531 ++ return retval;
532 + }
533 +
534 + /********************************************************************
535 +diff --git a/net/sctp/input.c b/net/sctp/input.c
536 +index 9dcc18db99186..3f0b8aafc21ae 100644
537 +--- a/net/sctp/input.c
538 ++++ b/net/sctp/input.c
539 +@@ -972,7 +972,8 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct net *net,
540 + if (!af)
541 + continue;
542 +
543 +- af->from_addr_param(paddr, params.addr, sh->source, 0);
544 ++ if (!af->from_addr_param(paddr, params.addr, sh->source, 0))
545 ++ continue;
546 +
547 + asoc = __sctp_lookup_association(net, laddr, paddr, &transport);
548 + if (asoc)
549 +@@ -1008,6 +1009,9 @@ static struct sctp_association *__sctp_rcv_asconf_lookup(
550 + union sctp_addr_param *param;
551 + union sctp_addr paddr;
552 +
553 ++ if (ntohs(ch->length) < sizeof(*asconf) + sizeof(struct sctp_paramhdr))
554 ++ return NULL;
555 ++
556 + /* Skip over the ADDIP header and find the Address parameter */
557 + param = (union sctp_addr_param *)(asconf + 1);
558 +
559 +@@ -1015,7 +1019,8 @@ static struct sctp_association *__sctp_rcv_asconf_lookup(
560 + if (unlikely(!af))
561 + return NULL;
562 +
563 +- af->from_addr_param(&paddr, param, peer_port, 0);
564 ++ if (af->from_addr_param(&paddr, param, peer_port, 0))
565 ++ return NULL;
566 +
567 + return __sctp_lookup_association(net, laddr, &paddr, transportp);
568 + }
569 +diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
570 +index 1a6849add0e34..62c729402a049 100644
571 +--- a/net/sctp/ipv6.c
572 ++++ b/net/sctp/ipv6.c
573 +@@ -488,15 +488,20 @@ static void sctp_v6_to_sk_daddr(union sctp_addr *addr, struct sock *sk)
574 + }
575 +
576 + /* Initialize a sctp_addr from an address parameter. */
577 +-static void sctp_v6_from_addr_param(union sctp_addr *addr,
578 ++static bool sctp_v6_from_addr_param(union sctp_addr *addr,
579 + union sctp_addr_param *param,
580 + __be16 port, int iif)
581 + {
582 ++ if (ntohs(param->v6.param_hdr.length) < sizeof(struct sctp_ipv6addr_param))
583 ++ return false;
584 ++
585 + addr->v6.sin6_family = AF_INET6;
586 + addr->v6.sin6_port = port;
587 + addr->v6.sin6_flowinfo = 0; /* BUG */
588 + addr->v6.sin6_addr = param->v6.addr;
589 + addr->v6.sin6_scope_id = iif;
590 ++
591 ++ return true;
592 + }
593 +
594 + /* Initialize an address parameter from a sctp_addr and return the length
595 +diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
596 +index 8c62792658b62..510b805aab2de 100644
597 +--- a/net/sctp/protocol.c
598 ++++ b/net/sctp/protocol.c
599 +@@ -272,14 +272,19 @@ static void sctp_v4_to_sk_daddr(union sctp_addr *addr, struct sock *sk)
600 + }
601 +
602 + /* Initialize a sctp_addr from an address parameter. */
603 +-static void sctp_v4_from_addr_param(union sctp_addr *addr,
604 ++static bool sctp_v4_from_addr_param(union sctp_addr *addr,
605 + union sctp_addr_param *param,
606 + __be16 port, int iif)
607 + {
608 ++ if (ntohs(param->v4.param_hdr.length) < sizeof(struct sctp_ipv4addr_param))
609 ++ return false;
610 ++
611 + addr->v4.sin_family = AF_INET;
612 + addr->v4.sin_port = port;
613 + addr->v4.sin_addr.s_addr = param->v4.addr.s_addr;
614 + memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero));
615 ++
616 ++ return true;
617 + }
618 +
619 + /* Initialize an address parameter from a sctp_addr and return the length
620 +diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
621 +index 9de03d2e5da9f..d31e0d6c641bb 100644
622 +--- a/net/sctp/sm_make_chunk.c
623 ++++ b/net/sctp/sm_make_chunk.c
624 +@@ -2146,9 +2146,16 @@ static sctp_ierror_t sctp_verify_param(struct net *net,
625 + break;
626 +
627 + case SCTP_PARAM_SET_PRIMARY:
628 +- if (net->sctp.addip_enable)
629 +- break;
630 +- goto fallthrough;
631 ++ if (!net->sctp.addip_enable)
632 ++ goto fallthrough;
633 ++
634 ++ if (ntohs(param.p->length) < sizeof(struct sctp_addip_param) +
635 ++ sizeof(struct sctp_paramhdr)) {
636 ++ sctp_process_inv_paramlength(asoc, param.p,
637 ++ chunk, err_chunk);
638 ++ retval = SCTP_IERROR_ABORT;
639 ++ }
640 ++ break;
641 +
642 + case SCTP_PARAM_HOST_NAME_ADDRESS:
643 + /* Tell the peer, we won't support this param. */
644 +@@ -2326,11 +2333,13 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
645 +
646 + /* Process the initialization parameters. */
647 + sctp_walk_params(param, peer_init, init_hdr.params) {
648 +- if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
649 +- param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
650 ++ if (!src_match &&
651 ++ (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
652 ++ param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
653 + af = sctp_get_af_specific(param_type2af(param.p->type));
654 +- af->from_addr_param(&addr, param.addr,
655 +- chunk->sctp_hdr->source, 0);
656 ++ if (!af->from_addr_param(&addr, param.addr,
657 ++ chunk->sctp_hdr->source, 0))
658 ++ continue;
659 + if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
660 + src_match = 1;
661 + }
662 +@@ -2524,7 +2533,8 @@ static int sctp_process_param(struct sctp_association *asoc,
663 + break;
664 + do_addr_param:
665 + af = sctp_get_af_specific(param_type2af(param.p->type));
666 +- af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
667 ++ if (!af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0))
668 ++ break;
669 + scope = sctp_scope(peer_addr);
670 + if (sctp_in_scope(net, &addr, scope))
671 + if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
672 +@@ -2617,15 +2627,13 @@ do_addr_param:
673 + addr_param = param.v + sizeof(sctp_addip_param_t);
674 +
675 + af = sctp_get_af_specific(param_type2af(addr_param->p.type));
676 +- if (af == NULL)
677 ++ if (!af)
678 + break;
679 +
680 +- af->from_addr_param(&addr, addr_param,
681 +- htons(asoc->peer.port), 0);
682 ++ if (!af->from_addr_param(&addr, addr_param,
683 ++ htons(asoc->peer.port), 0))
684 ++ break;
685 +
686 +- /* if the address is invalid, we can't process it.
687 +- * XXX: see spec for what to do.
688 +- */
689 + if (!af->addr_valid(&addr, NULL, NULL))
690 + break;
691 +
692 +@@ -3035,7 +3043,8 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
693 + if (unlikely(!af))
694 + return SCTP_ERROR_DNS_FAILED;
695 +
696 +- af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
697 ++ if (!af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0))
698 ++ return SCTP_ERROR_DNS_FAILED;
699 +
700 + /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast
701 + * or multicast address.
702 +@@ -3301,7 +3310,8 @@ static void sctp_asconf_param_success(struct sctp_association *asoc,
703 +
704 + /* We have checked the packet before, so we do not check again. */
705 + af = sctp_get_af_specific(param_type2af(addr_param->p.type));
706 +- af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
707 ++ if (!af->from_addr_param(&addr, addr_param, htons(bp->port), 0))
708 ++ return;
709 +
710 + switch (asconf_param->param_hdr.type) {
711 + case SCTP_PARAM_ADD_IP: