Merge 4.4.196 into android-4.4-p

Changes in 4.4.196
	video: ssd1307fb: Start page range at page_offset
	gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
	ipmi_si: Only schedule continuously in the thread in maintenance mode
	clk: qoriq: Fix -Wunused-const-variable
	clk: sirf: Don't reference clk_init_data after registration
	powerpc/rtas: use device model APIs and serialization during LPM
	powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
	powerpc/pseries/mobility: use cond_resched when updating device tree
	pinctrl: tegra: Fix write barrier placement in pmx_writel
	vfio_pci: Restore original state on release
	powerpc/64s/exception: machine check use correct cfar for late handler
	powerpc/pseries: correctly track irq state in default idle
	scsi: core: Reduce memory required for SCSI logging
	mfd: intel-lpss: Remove D3cold delay
	ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
	HID: apple: Fix stuck function keys when using FN
	security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
	fat: work around race with userspace's read via blockdev while mounting
	hypfs: Fix error number left in struct pointer member
	ocfs2: wait for recovering done after direct unlock request
	kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
	ANDROID: binder: remove waitqueue when thread exits.
	ANDROID: binder: synchronize_rcu() when using POLLFREE.
	hso: fix NULL-deref on tty open
	ipv6: drop incoming packets having a v4mapped source address
	net: ipv4: avoid mixed n_redirects and rate_tokens usage
	net: qlogic: Fix memory leak in ql_alloc_large_buffers
	nfc: fix memory leak in llcp_sock_bind()
	sch_dsmark: fix potential NULL deref in dsmark_init()
	xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
	net/rds: Fix error handling in rds_ib_add_one()
	sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
	Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
	smack: use GFP_NOFS while holding inode_smack::smk_lock
	NFC: fix attrs checks in netlink interface
	Linux 4.4.196

Change-Id: I7e03bb3ca1865988df014b8e38336b76430842a9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

2 files changed, 7 insertions, 4 deletions

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index a283f9e796c1..0df316c62005 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -474,7 +474,7 @@ char *smk_parse_smack(const char *string, int len)
 	if (i == 0 || i >= SMK_LONGLABEL)
 		return ERR_PTR(-EINVAL);
 
-	smack = kzalloc(i + 1, GFP_KERNEL);
+	smack = kzalloc(i + 1, GFP_NOFS);
 	if (smack == NULL)
 		return ERR_PTR(-ENOMEM);
 
@@ -545,7 +545,7 @@ struct smack_known *smk_import_entry(const char *string, int len)
 	if (skp != NULL)
 		goto freeout;
 
-	skp = kzalloc(sizeof(*skp), GFP_KERNEL);
+	skp = kzalloc(sizeof(*skp), GFP_NOFS);
 	if (skp == NULL) {
 		skp = ERR_PTR(-ENOMEM);
 		goto freeout;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 9db7c80a74aa..716433e63052 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -268,7 +268,7 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip,
 	if (ip->i_op->getxattr == NULL)
 		return ERR_PTR(-EOPNOTSUPP);
 
-	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
+	buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
 	if (buffer == NULL)
 		return ERR_PTR(-ENOMEM);
 
@@ -932,7 +932,8 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm)
 
 		if (rc != 0)
 			return rc;
-	} else if (bprm->unsafe)
+	}
+	if (bprm->unsafe & ~LSM_UNSAFE_PTRACE)
 		return -EPERM;
 
 	bsp->smk_task = isp->smk_task;
@@ -3986,6 +3987,8 @@ access_check:
 			skp = smack_ipv6host_label(&sadd);
 		if (skp == NULL)
 			skp = smack_net_ambient;
+		if (skb == NULL)
+			break;
 #ifdef CONFIG_AUDIT
 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
 		ad.a.u.net->family = sk->sk_family;