Merge android-4.4.172 (b3e9e81) into msm-4.4

* refs/heads/tmp-b3e9e81
  Linux 4.4.172
  ipmi:ssif: Fix handling of multi-part return messages
  net: speed up skb_rbtree_purge()
  mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
  mm/page-writeback.c: don't break integrity writeback on ->writepage() error
  ocfs2: fix panic due to unrecovered local alloc
  scsi: megaraid: fix out-of-bound array accesses
  sysfs: Disable lockdep for driver bind/unbind files
  ALSA: bebob: fix model-id of unit for Apogee Ensemble
  dm snapshot: Fix excessive memory usage and workqueue stalls
  dm kcopyd: Fix bug causing workqueue stalls
  perf parse-events: Fix unchecked usage of strncpy()
  perf svghelper: Fix unchecked usage of strncpy()
  perf intel-pt: Fix error with config term "pt=0"
  mmc: atmel-mci: do not assume idle after atmci_request_end
  kconfig: fix memory leak when EOF is encountered in quotation
  kconfig: fix file name and line number of warn_ignored_character()
  clk: imx6q: reset exclusive gates on init
  scsi: target: use consistent left-aligned ASCII INQUIRY data
  net: call sk_dst_reset when set SO_DONTROUTE
  media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
  powerpc/pseries/cpuidle: Fix preempt warning
  pstore/ram: Do not treat empty buffers as valid
  jffs2: Fix use of uninitialized delayed_work, lockdep breakage
  arm64: perf: set suppress_bind_attrs flag to true
  MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
  writeback: don't decrement wb->refcnt if !wb->bdi
  e1000e: allow non-monotonic SYSTIM readings
  platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
  xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
  ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
  ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
  r8169: Add support for new Realtek Ethernet
  media: vb2: be sure to unlock mutex on errors
  drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
  loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
  loop: Get rid of loop_index_mutex
  loop: Fold __loop_release into loop_release
  block/loop: Use global lock for ioctl() operation.
  tipc: fix uninit-value in tipc_nl_compat_doit
  tipc: fix uninit-value in tipc_nl_compat_name_table_dump
  tipc: fix uninit-value in tipc_nl_compat_link_set
  tipc: fix uninit-value in tipc_nl_compat_bearer_enable
  tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
  sctp: allocate sctp_sockaddr_entry with kzalloc
  selinux: fix GPF on invalid policy
  sunrpc: handle ENOMEM in rpcb_getport_async
  media: vb2: vb2_mmap: move lock up
  LSM: Check for NULL cred-security on free
  media: vivid: set min width/height to a value > 0
  media: vivid: fix error handling of kthread_run
  omap2fb: Fix stack memory disclosure
  Disable MSI also when pcie-octeon.pcie_disable on
  mfd: tps6586x: Handle interrupts on suspend
  mips: fix n32 compat_ipc_parse_version
  scsi: sd: Fix cache_type_store()
  Yama: Check for pid death before checking ancestry
  btrfs: wait on ordered extents on abort cleanup
  crypto: authenc - fix parsing key with misaligned rta_len
  crypto: authencesn - Avoid twice completion call in decrypt path
  ip: on queued skb use skb_header_pointer instead of pskb_may_pull
  packet: Do not leak dev refcounts on error exit
  net: bridge: fix a bug on using a neighbour cache entry without checking its state
  ipv6: fix kernel-infoleak in ipv6_local_error()
  arm64: Don't trap host pointer auth use to EL2
  arm64/kvm: consistently handle host HCR_EL2 flags
  proc: Remove empty line in /proc/self/status
  media: em28xx: Fix misplaced reset of dev->v4l::field_count
  f2fs: fix validation of the block count in sanity_check_raw_super
  f2fs: fix missing up_read
  f2fs: fix invalid memory access
  f2fs: fix to do sanity check with cp_pack_start_sum
  f2fs: fix to do sanity check with block address in main area v2
  f2fs: fix to do sanity check with block address in main area
  f2fs: fix to do sanity check with reserved blkaddr of inline inode
  f2fs: fix to do sanity check with node footer and iblocks
  f2fs: Add sanity_check_inode() function
  f2fs: fix to do sanity check with user_block_count
  f2fs: fix to do sanity check with secs_per_zone
  f2fs: introduce and spread verify_blkaddr
  f2fs: clean up with is_valid_blkaddr()
  f2fs: enhance sanity_check_raw_super() to avoid potential overflow
  f2fs: sanity check on sit entry
  f2fs: check blkaddr more accuratly before issue a bio
  f2fs: return error during fill_super
  f2fs: fix race condition in between free nid allocator/initializer
  f2fs: free meta pages if sanity check for ckpt is failed
  f2fs: detect wrong layout
  f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
  f2fs: put directory inodes before checkpoint in roll-forward recovery
  f2fs: introduce get_checkpoint_version for cleanup
  f2fs: use crc and cp version to determine roll-forward recovery
  f2fs: avoid unneeded loop in build_sit_entries
  f2fs: not allow to write illegal blkaddr
  f2fs: fix to avoid reading out encrypted data in page cache
  f2fs: fix inode cache leak
  f2fs: factor out fsync inode entry operations
  f2fs: remove an obsolete variable
  f2fs: give -EINVAL for norecovery and rw mount
  f2fs: fix to convert inline directory correctly
  f2fs: move sanity checking of cp into get_valid_checkpoint
  f2fs: cover more area with nat_tree_lock
  f2fs: clean up argument of recover_data
  can: gw: ensure DLC boundaries after CAN frame modification
  tty/ldsem: Wake up readers after timed out down_write()
  UPSTREAM: dm: do not allow readahead to limit IO size
  UPSTREAM: readahead: stricter check for bdi io_pages
  UPSTREAM: mm: don't cap request size based on read-ahead setting
  ANDROID: Fix cuttlefish redundant vsock connection.
  UPSTREAM: loop: drop caches if offset or block_size are changed

Conflicts:
	arch/arm64/kvm/hyp.S

Fixed compilation issue due to variable 'backing_dev_info',
which got changed to pointer in downstream.

Change-Id: I8baa569fe9fc13ed5a7e863e5ad1fb8cf1cd469e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>

3 files changed, 12 insertions, 2 deletions

diff --git a/security/security.c b/security/security.c
index b636dd5caa77..e60d560e45f8 100644
--- a/security/security.c
+++ b/security/security.c
@@ -870,6 +870,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 
 void security_cred_free(struct cred *cred)
 {
+	/*
+	 * There is a failure case in prepare_creds() that
+	 * may result in a call here with ->security being NULL.
+	 */
+	if (unlikely(cred->security == NULL))
+		return;
+
 	call_void_hook(cred_free, cred);
 }
 
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 992a31530825..965a55eacaba 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -726,7 +726,8 @@ static int sens_destroy(void *key, void *datum, void *p)
 	kfree(key);
 	if (datum) {
 		levdatum = datum;
-		ebitmap_destroy(&levdatum->level->cat);
+		if (levdatum->level)
+			ebitmap_destroy(&levdatum->level->cat);
 		kfree(levdatum->level);
 	}
 	kfree(datum);
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index cb6ed10816d4..0a8808954bd8 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -288,7 +288,9 @@ static int yama_ptrace_access_check(struct task_struct *child,
 			break;
 		case YAMA_SCOPE_RELATIONAL:
 			rcu_read_lock();
-			if (!task_is_descendant(current, child) &&
+			if (!pid_alive(child))
+				rc = -EPERM;
+			if (!rc && !task_is_descendant(current, child) &&
 			    !ptracer_exception_found(current, child) &&
 			    !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
 				rc = -EPERM;