Merge android-4.4.172 (b3e9e81) into msm-4.4

* refs/heads/tmp-b3e9e81
  Linux 4.4.172
  ipmi:ssif: Fix handling of multi-part return messages
  net: speed up skb_rbtree_purge()
  mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
  mm/page-writeback.c: don't break integrity writeback on ->writepage() error
  ocfs2: fix panic due to unrecovered local alloc
  scsi: megaraid: fix out-of-bound array accesses
  sysfs: Disable lockdep for driver bind/unbind files
  ALSA: bebob: fix model-id of unit for Apogee Ensemble
  dm snapshot: Fix excessive memory usage and workqueue stalls
  dm kcopyd: Fix bug causing workqueue stalls
  perf parse-events: Fix unchecked usage of strncpy()
  perf svghelper: Fix unchecked usage of strncpy()
  perf intel-pt: Fix error with config term "pt=0"
  mmc: atmel-mci: do not assume idle after atmci_request_end
  kconfig: fix memory leak when EOF is encountered in quotation
  kconfig: fix file name and line number of warn_ignored_character()
  clk: imx6q: reset exclusive gates on init
  scsi: target: use consistent left-aligned ASCII INQUIRY data
  net: call sk_dst_reset when set SO_DONTROUTE
  media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
  powerpc/pseries/cpuidle: Fix preempt warning
  pstore/ram: Do not treat empty buffers as valid
  jffs2: Fix use of uninitialized delayed_work, lockdep breakage
  arm64: perf: set suppress_bind_attrs flag to true
  MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
  writeback: don't decrement wb->refcnt if !wb->bdi
  e1000e: allow non-monotonic SYSTIM readings
  platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
  xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
  ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
  ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
  r8169: Add support for new Realtek Ethernet
  media: vb2: be sure to unlock mutex on errors
  drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
  loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
  loop: Get rid of loop_index_mutex
  loop: Fold __loop_release into loop_release
  block/loop: Use global lock for ioctl() operation.
  tipc: fix uninit-value in tipc_nl_compat_doit
  tipc: fix uninit-value in tipc_nl_compat_name_table_dump
  tipc: fix uninit-value in tipc_nl_compat_link_set
  tipc: fix uninit-value in tipc_nl_compat_bearer_enable
  tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
  sctp: allocate sctp_sockaddr_entry with kzalloc
  selinux: fix GPF on invalid policy
  sunrpc: handle ENOMEM in rpcb_getport_async
  media: vb2: vb2_mmap: move lock up
  LSM: Check for NULL cred-security on free
  media: vivid: set min width/height to a value > 0
  media: vivid: fix error handling of kthread_run
  omap2fb: Fix stack memory disclosure
  Disable MSI also when pcie-octeon.pcie_disable on
  mfd: tps6586x: Handle interrupts on suspend
  mips: fix n32 compat_ipc_parse_version
  scsi: sd: Fix cache_type_store()
  Yama: Check for pid death before checking ancestry
  btrfs: wait on ordered extents on abort cleanup
  crypto: authenc - fix parsing key with misaligned rta_len
  crypto: authencesn - Avoid twice completion call in decrypt path
  ip: on queued skb use skb_header_pointer instead of pskb_may_pull
  packet: Do not leak dev refcounts on error exit
  net: bridge: fix a bug on using a neighbour cache entry without checking its state
  ipv6: fix kernel-infoleak in ipv6_local_error()
  arm64: Don't trap host pointer auth use to EL2
  arm64/kvm: consistently handle host HCR_EL2 flags
  proc: Remove empty line in /proc/self/status
  media: em28xx: Fix misplaced reset of dev->v4l::field_count
  f2fs: fix validation of the block count in sanity_check_raw_super
  f2fs: fix missing up_read
  f2fs: fix invalid memory access
  f2fs: fix to do sanity check with cp_pack_start_sum
  f2fs: fix to do sanity check with block address in main area v2
  f2fs: fix to do sanity check with block address in main area
  f2fs: fix to do sanity check with reserved blkaddr of inline inode
  f2fs: fix to do sanity check with node footer and iblocks
  f2fs: Add sanity_check_inode() function
  f2fs: fix to do sanity check with user_block_count
  f2fs: fix to do sanity check with secs_per_zone
  f2fs: introduce and spread verify_blkaddr
  f2fs: clean up with is_valid_blkaddr()
  f2fs: enhance sanity_check_raw_super() to avoid potential overflow
  f2fs: sanity check on sit entry
  f2fs: check blkaddr more accuratly before issue a bio
  f2fs: return error during fill_super
  f2fs: fix race condition in between free nid allocator/initializer
  f2fs: free meta pages if sanity check for ckpt is failed
  f2fs: detect wrong layout
  f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
  f2fs: put directory inodes before checkpoint in roll-forward recovery
  f2fs: introduce get_checkpoint_version for cleanup
  f2fs: use crc and cp version to determine roll-forward recovery
  f2fs: avoid unneeded loop in build_sit_entries
  f2fs: not allow to write illegal blkaddr
  f2fs: fix to avoid reading out encrypted data in page cache
  f2fs: fix inode cache leak
  f2fs: factor out fsync inode entry operations
  f2fs: remove an obsolete variable
  f2fs: give -EINVAL for norecovery and rw mount
  f2fs: fix to convert inline directory correctly
  f2fs: move sanity checking of cp into get_valid_checkpoint
  f2fs: cover more area with nat_tree_lock
  f2fs: clean up argument of recover_data
  can: gw: ensure DLC boundaries after CAN frame modification
  tty/ldsem: Wake up readers after timed out down_write()
  UPSTREAM: dm: do not allow readahead to limit IO size
  UPSTREAM: readahead: stricter check for bdi io_pages
  UPSTREAM: mm: don't cap request size based on read-ahead setting
  ANDROID: Fix cuttlefish redundant vsock connection.
  UPSTREAM: loop: drop caches if offset or block_size are changed

Conflicts:
	arch/arm64/kvm/hyp.S

Fixed compilation issue due to variable 'backing_dev_info',
which got changed to pointer in downstream.

Change-Id: I8baa569fe9fc13ed5a7e863e5ad1fb8cf1cd469e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>

2 files changed, 12 insertions, 4 deletions

diff --git a/crypto/authenc.c b/crypto/authenc.c
index b7290c5b1eaa..5c25005ff398 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
 		return -EINVAL;
 	if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
 		return -EINVAL;
-	if (RTA_PAYLOAD(rta) < sizeof(*param))
+
+	/*
+	 * RTA_OK() didn't align the rtattr's payload when validating that it
+	 * fits in the buffer.  Yet, the keys should start on the next 4-byte
+	 * aligned boundary.  To avoid confusion, require that the rtattr
+	 * payload be exactly the param struct, which has a 4-byte aligned size.
+	 */
+	if (RTA_PAYLOAD(rta) != sizeof(*param))
 		return -EINVAL;
+	BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
 
 	param = RTA_DATA(rta);
 	keys->enckeylen = be32_to_cpu(param->enckeylen);
 
-	key += RTA_ALIGN(rta->rta_len);
-	keylen -= RTA_ALIGN(rta->rta_len);
+	key += rta->rta_len;
+	keylen -= rta->rta_len;
 
 	if (keylen < keys->enckeylen)
 		return -EINVAL;
diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index fa0c4567f697..5fdf3e532310 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -276,7 +276,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq,
 	struct aead_request *req = areq->data;
 
 	err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);
-	aead_request_complete(req, err);
+	authenc_esn_request_complete(req, err);
 }
 
 static int crypto_authenc_esn_decrypt(struct aead_request *req)