Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/kernel-alx-legacy/patches-4.9/0119-4.9.20-all-fixes.patch

    Contents of /trunk/kernel-alx-legacy/patches-4.9/0119-4.9.20-all-fixes.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 3608 - (show annotations) (download)
    Fri Aug 14 07:34:29 2020 UTC (3 years, 8 months ago) by niro
    File size: 17310 byte(s) 
    -added kerenl-alx-legacy pkg
    1 diff --git a/Makefile b/Makefile
    2 index ba1c6a8e6a70..44960184701a 100644
    3 --- a/Makefile
    4 +++ b/Makefile
    5 @@ -1,6 +1,6 @@
    6 VERSION = 4
    7 PATCHLEVEL = 9
    8 -SUBLEVEL = 19
    9 +SUBLEVEL = 20
    10 EXTRAVERSION =
    11 NAME = Roaring Lionus
    12
    13 diff --git a/arch/c6x/kernel/ptrace.c b/arch/c6x/kernel/ptrace.c
    14 index 3c494e84444d..a511ac16a8e3 100644
    15 --- a/arch/c6x/kernel/ptrace.c
    16 +++ b/arch/c6x/kernel/ptrace.c
    17 @@ -69,46 +69,6 @@ static int gpr_get(struct task_struct *target,
    18 0, sizeof(*regs));
    19 }
    20
    21 -static int gpr_set(struct task_struct *target,
    22 - const struct user_regset *regset,
    23 - unsigned int pos, unsigned int count,
    24 - const void *kbuf, const void __user *ubuf)
    25 -{
    26 - int ret;
    27 - struct pt_regs *regs = task_pt_regs(target);
    28 -
    29 - /* Don't copyin TSR or CSR */
    30 - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    31 - &regs,
    32 - 0, PT_TSR * sizeof(long));
    33 - if (ret)
    34 - return ret;
    35 -
    36 - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
    37 - PT_TSR * sizeof(long),
    38 - (PT_TSR + 1) * sizeof(long));
    39 - if (ret)
    40 - return ret;
    41 -
    42 - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    43 - &regs,
    44 - (PT_TSR + 1) * sizeof(long),
    45 - PT_CSR * sizeof(long));
    46 - if (ret)
    47 - return ret;
    48 -
    49 - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
    50 - PT_CSR * sizeof(long),
    51 - (PT_CSR + 1) * sizeof(long));
    52 - if (ret)
    53 - return ret;
    54 -
    55 - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    56 - &regs,
    57 - (PT_CSR + 1) * sizeof(long), -1);
    58 - return ret;
    59 -}
    60 -
    61 enum c6x_regset {
    62 REGSET_GPR,
    63 };
    64 @@ -120,7 +80,6 @@ static const struct user_regset c6x_regsets[] = {
    65 .size = sizeof(u32),
    66 .align = sizeof(u32),
    67 .get = gpr_get,
    68 - .set = gpr_set
    69 },
    70 };
    71
    72 diff --git a/arch/h8300/kernel/ptrace.c b/arch/h8300/kernel/ptrace.c
    73 index 92075544a19a..0dc1c8f622bc 100644
    74 --- a/arch/h8300/kernel/ptrace.c
    75 +++ b/arch/h8300/kernel/ptrace.c
    76 @@ -95,7 +95,8 @@ static int regs_get(struct task_struct *target,
    77 long *reg = (long *)&regs;
    78
    79 /* build user regs in buffer */
    80 - for (r = 0; r < ARRAY_SIZE(register_offset); r++)
    81 + BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0);
    82 + for (r = 0; r < sizeof(regs) / sizeof(long); r++)
    83 *reg++ = h8300_get_reg(target, r);
    84
    85 return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
    86 @@ -113,7 +114,8 @@ static int regs_set(struct task_struct *target,
    87 long *reg;
    88
    89 /* build user regs in buffer */
    90 - for (reg = (long *)&regs, r = 0; r < ARRAY_SIZE(register_offset); r++)
    91 + BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0);
    92 + for (reg = (long *)&regs, r = 0; r < sizeof(regs) / sizeof(long); r++)
    93 *reg++ = h8300_get_reg(target, r);
    94
    95 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    96 @@ -122,7 +124,7 @@ static int regs_set(struct task_struct *target,
    97 return ret;
    98
    99 /* write back to pt_regs */
    100 - for (reg = (long *)&regs, r = 0; r < ARRAY_SIZE(register_offset); r++)
    101 + for (reg = (long *)&regs, r = 0; r < sizeof(regs) / sizeof(long); r++)
    102 h8300_put_reg(target, r, *reg++);
    103 return 0;
    104 }
    105 diff --git a/arch/metag/kernel/ptrace.c b/arch/metag/kernel/ptrace.c
    106 index 7563628822bd..5e2dc7defd2c 100644
    107 --- a/arch/metag/kernel/ptrace.c
    108 +++ b/arch/metag/kernel/ptrace.c
    109 @@ -24,6 +24,16 @@
    110 * user_regset definitions.
    111 */
    112
    113 +static unsigned long user_txstatus(const struct pt_regs *regs)
    114 +{
    115 + unsigned long data = (unsigned long)regs->ctx.Flags;
    116 +
    117 + if (regs->ctx.SaveMask & TBICTX_CBUF_BIT)
    118 + data |= USER_GP_REGS_STATUS_CATCH_BIT;
    119 +
    120 + return data;
    121 +}
    122 +
    123 int metag_gp_regs_copyout(const struct pt_regs *regs,
    124 unsigned int pos, unsigned int count,
    125 void *kbuf, void __user *ubuf)
    126 @@ -62,9 +72,7 @@ int metag_gp_regs_copyout(const struct pt_regs *regs,
    127 if (ret)
    128 goto out;
    129 /* TXSTATUS */
    130 - data = (unsigned long)regs->ctx.Flags;
    131 - if (regs->ctx.SaveMask & TBICTX_CBUF_BIT)
    132 - data |= USER_GP_REGS_STATUS_CATCH_BIT;
    133 + data = user_txstatus(regs);
    134 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
    135 &data, 4*25, 4*26);
    136 if (ret)
    137 @@ -119,6 +127,7 @@ int metag_gp_regs_copyin(struct pt_regs *regs,
    138 if (ret)
    139 goto out;
    140 /* TXSTATUS */
    141 + data = user_txstatus(regs);
    142 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    143 &data, 4*25, 4*26);
    144 if (ret)
    145 @@ -244,6 +253,8 @@ int metag_rp_state_copyin(struct pt_regs *regs,
    146 unsigned long long *ptr;
    147 int ret, i;
    148
    149 + if (count < 4*13)
    150 + return -EINVAL;
    151 /* Read the entire pipeline before making any changes */
    152 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    153 &rp, 0, 4*13);
    154 @@ -303,7 +314,7 @@ static int metag_tls_set(struct task_struct *target,
    155 const void *kbuf, const void __user *ubuf)
    156 {
    157 int ret;
    158 - void __user *tls;
    159 + void __user *tls = target->thread.tls_ptr;
    160
    161 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1);
    162 if (ret)
    163 diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
    164 index a92994d60e91..bf83dc1eecfb 100644
    165 --- a/arch/mips/kernel/ptrace.c
    166 +++ b/arch/mips/kernel/ptrace.c
    167 @@ -485,7 +485,8 @@ static int fpr_set(struct task_struct *target,
    168 &target->thread.fpu,
    169 0, sizeof(elf_fpregset_t));
    170
    171 - for (i = 0; i < NUM_FPU_REGS; i++) {
    172 + BUILD_BUG_ON(sizeof(fpr_val) != sizeof(elf_fpreg_t));
    173 + for (i = 0; i < NUM_FPU_REGS && count >= sizeof(elf_fpreg_t); i++) {
    174 err = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    175 &fpr_val, i * sizeof(elf_fpreg_t),
    176 (i + 1) * sizeof(elf_fpreg_t));
    177 diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c
    178 index ac082dd8c67d..7037ca3b4328 100644
    179 --- a/arch/sparc/kernel/ptrace_64.c
    180 +++ b/arch/sparc/kernel/ptrace_64.c
    181 @@ -313,7 +313,7 @@ static int genregs64_set(struct task_struct *target,
    182 }
    183
    184 if (!ret) {
    185 - unsigned long y;
    186 + unsigned long y = regs->y;
    187
    188 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
    189 &y,
    190 diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h
    191 index c2b8d24a235c..6226cb0eca23 100644
    192 --- a/arch/x86/include/asm/kvm_page_track.h
    193 +++ b/arch/x86/include/asm/kvm_page_track.h
    194 @@ -35,6 +35,7 @@ struct kvm_page_track_notifier_node {
    195 };
    196
    197 void kvm_page_track_init(struct kvm *kvm);
    198 +void kvm_page_track_cleanup(struct kvm *kvm);
    199
    200 void kvm_page_track_free_memslot(struct kvm_memory_slot *free,
    201 struct kvm_memory_slot *dont);
    202 diff --git a/arch/x86/kvm/page_track.c b/arch/x86/kvm/page_track.c
    203 index b431539c3714..85024e0cfaa5 100644
    204 --- a/arch/x86/kvm/page_track.c
    205 +++ b/arch/x86/kvm/page_track.c
    206 @@ -156,6 +156,14 @@ bool kvm_page_track_is_active(struct kvm_vcpu *vcpu, gfn_t gfn,
    207 return !!ACCESS_ONCE(slot->arch.gfn_track[mode][index]);
    208 }
    209
    210 +void kvm_page_track_cleanup(struct kvm *kvm)
    211 +{
    212 + struct kvm_page_track_notifier_head *head;
    213 +
    214 + head = &kvm->arch.track_notifier_head;
    215 + cleanup_srcu_struct(&head->track_srcu);
    216 +}
    217 +
    218 void kvm_page_track_init(struct kvm *kvm)
    219 {
    220 struct kvm_page_track_notifier_head *head;
    221 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
    222 index 731044efb195..e5bc139d1ba7 100644
    223 --- a/arch/x86/kvm/x86.c
    224 +++ b/arch/x86/kvm/x86.c
    225 @@ -7976,6 +7976,7 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
    226 kvm_free_vcpus(kvm);
    227 kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
    228 kvm_mmu_uninit_vm(kvm);
    229 + kvm_page_track_cleanup(kvm);
    230 }
    231
    232 void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
    233 diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c
    234 index 775c88303017..bedce3453dd3 100644
    235 --- a/drivers/pinctrl/qcom/pinctrl-msm.c
    236 +++ b/drivers/pinctrl/qcom/pinctrl-msm.c
    237 @@ -594,10 +594,6 @@ static void msm_gpio_irq_unmask(struct irq_data *d)
    238
    239 spin_lock_irqsave(&pctrl->lock, flags);
    240
    241 - val = readl(pctrl->regs + g->intr_status_reg);
    242 - val &= ~BIT(g->intr_status_bit);
    243 - writel(val, pctrl->regs + g->intr_status_reg);
    244 -
    245 val = readl(pctrl->regs + g->intr_cfg_reg);
    246 val |= BIT(g->intr_enable_bit);
    247 writel(val, pctrl->regs + g->intr_cfg_reg);
    248 diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c
    249 index 338575fb2d27..358feca54945 100644
    250 --- a/drivers/usb/musb/musb_core.c
    251 +++ b/drivers/usb/musb/musb_core.c
    252 @@ -2467,8 +2467,8 @@ static int musb_remove(struct platform_device *pdev)
    253 pm_runtime_get_sync(musb->controller);
    254 musb_host_cleanup(musb);
    255 musb_gadget_cleanup(musb);
    256 - spin_lock_irqsave(&musb->lock, flags);
    257 musb_platform_disable(musb);
    258 + spin_lock_irqsave(&musb->lock, flags);
    259 musb_generic_disable(musb);
    260 spin_unlock_irqrestore(&musb->lock, flags);
    261 musb_writeb(musb->mregs, MUSB_DEVCTL, 0);
    262 diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
    263 index 9d2738e9217f..2c2e6792f7e0 100644
    264 --- a/drivers/virtio/virtio_balloon.c
    265 +++ b/drivers/virtio/virtio_balloon.c
    266 @@ -427,6 +427,8 @@ static int init_vqs(struct virtio_balloon *vb)
    267 * Prime this virtqueue with one buffer so the hypervisor can
    268 * use it to signal us later (it can't be broken yet!).
    269 */
    270 + update_balloon_stats(vb);
    271 +
    272 sg_init_one(&sg, vb->stats, sizeof vb->stats);
    273 if (virtqueue_add_outbuf(vb->stats_vq, &sg, 1, vb, GFP_KERNEL)
    274 < 0)
    275 diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
    276 index 98f87fe8f186..61cfccea77bc 100644
    277 --- a/fs/crypto/crypto.c
    278 +++ b/fs/crypto/crypto.c
    279 @@ -352,7 +352,6 @@ EXPORT_SYMBOL(fscrypt_zeroout_range);
    280 static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
    281 {
    282 struct dentry *dir;
    283 - struct fscrypt_info *ci;
    284 int dir_has_key, cached_with_key;
    285
    286 if (flags & LOOKUP_RCU)
    287 @@ -364,18 +363,11 @@ static int fscrypt_d_revalidate(struct dentry *dentry, unsigned int flags)
    288 return 0;
    289 }
    290
    291 - ci = d_inode(dir)->i_crypt_info;
    292 - if (ci && ci->ci_keyring_key &&
    293 - (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
    294 - (1 << KEY_FLAG_REVOKED) |
    295 - (1 << KEY_FLAG_DEAD))))
    296 - ci = NULL;
    297 -
    298 /* this should eventually be an flag in d_flags */
    299 spin_lock(&dentry->d_lock);
    300 cached_with_key = dentry->d_flags & DCACHE_ENCRYPTED_WITH_KEY;
    301 spin_unlock(&dentry->d_lock);
    302 - dir_has_key = (ci != NULL);
    303 + dir_has_key = (d_inode(dir)->i_crypt_info != NULL);
    304 dput(dir);
    305
    306 /*
    307 diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
    308 index 9b774f4b50c8..80bb956e14e5 100644
    309 --- a/fs/crypto/fname.c
    310 +++ b/fs/crypto/fname.c
    311 @@ -350,7 +350,7 @@ int fscrypt_setup_filename(struct inode *dir, const struct qstr *iname,
    312 fname->disk_name.len = iname->len;
    313 return 0;
    314 }
    315 - ret = get_crypt_info(dir);
    316 + ret = fscrypt_get_encryption_info(dir);
    317 if (ret && ret != -EOPNOTSUPP)
    318 return ret;
    319
    320 diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
    321 index 67fb6d8876d0..bb4606368eb1 100644
    322 --- a/fs/crypto/keyinfo.c
    323 +++ b/fs/crypto/keyinfo.c
    324 @@ -99,6 +99,7 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
    325 kfree(full_key_descriptor);
    326 if (IS_ERR(keyring_key))
    327 return PTR_ERR(keyring_key);
    328 + down_read(&keyring_key->sem);
    329
    330 if (keyring_key->type != &key_type_logon) {
    331 printk_once(KERN_WARNING
    332 @@ -106,11 +107,9 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
    333 res = -ENOKEY;
    334 goto out;
    335 }
    336 - down_read(&keyring_key->sem);
    337 ukp = user_key_payload(keyring_key);
    338 if (ukp->datalen != sizeof(struct fscrypt_key)) {
    339 res = -EINVAL;
    340 - up_read(&keyring_key->sem);
    341 goto out;
    342 }
    343 master_key = (struct fscrypt_key *)ukp->data;
    344 @@ -121,17 +120,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
    345 "%s: key size incorrect: %d\n",
    346 __func__, master_key->size);
    347 res = -ENOKEY;
    348 - up_read(&keyring_key->sem);
    349 goto out;
    350 }
    351 res = derive_key_aes(ctx->nonce, master_key->raw, raw_key);
    352 - up_read(&keyring_key->sem);
    353 - if (res)
    354 - goto out;
    355 -
    356 - crypt_info->ci_keyring_key = keyring_key;
    357 - return 0;
    358 out:
    359 + up_read(&keyring_key->sem);
    360 key_put(keyring_key);
    361 return res;
    362 }
    363 @@ -173,12 +166,11 @@ static void put_crypt_info(struct fscrypt_info *ci)
    364 if (!ci)
    365 return;
    366
    367 - key_put(ci->ci_keyring_key);
    368 crypto_free_skcipher(ci->ci_ctfm);
    369 kmem_cache_free(fscrypt_info_cachep, ci);
    370 }
    371
    372 -int get_crypt_info(struct inode *inode)
    373 +int fscrypt_get_encryption_info(struct inode *inode)
    374 {
    375 struct fscrypt_info *crypt_info;
    376 struct fscrypt_context ctx;
    377 @@ -188,21 +180,15 @@ int get_crypt_info(struct inode *inode)
    378 u8 *raw_key = NULL;
    379 int res;
    380
    381 + if (inode->i_crypt_info)
    382 + return 0;
    383 +
    384 res = fscrypt_initialize();
    385 if (res)
    386 return res;
    387
    388 if (!inode->i_sb->s_cop->get_context)
    389 return -EOPNOTSUPP;
    390 -retry:
    391 - crypt_info = ACCESS_ONCE(inode->i_crypt_info);
    392 - if (crypt_info) {
    393 - if (!crypt_info->ci_keyring_key ||
    394 - key_validate(crypt_info->ci_keyring_key) == 0)
    395 - return 0;
    396 - fscrypt_put_encryption_info(inode, crypt_info);
    397 - goto retry;
    398 - }
    399
    400 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
    401 if (res < 0) {
    402 @@ -230,7 +216,6 @@ int get_crypt_info(struct inode *inode)
    403 crypt_info->ci_data_mode = ctx.contents_encryption_mode;
    404 crypt_info->ci_filename_mode = ctx.filenames_encryption_mode;
    405 crypt_info->ci_ctfm = NULL;
    406 - crypt_info->ci_keyring_key = NULL;
    407 memcpy(crypt_info->ci_master_key, ctx.master_key_descriptor,
    408 sizeof(crypt_info->ci_master_key));
    409
    410 @@ -285,14 +270,8 @@ int get_crypt_info(struct inode *inode)
    411 if (res)
    412 goto out;
    413
    414 - kzfree(raw_key);
    415 - raw_key = NULL;
    416 - if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) != NULL) {
    417 - put_crypt_info(crypt_info);
    418 - goto retry;
    419 - }
    420 - return 0;
    421 -
    422 + if (cmpxchg(&inode->i_crypt_info, NULL, crypt_info) == NULL)
    423 + crypt_info = NULL;
    424 out:
    425 if (res == -ENOKEY)
    426 res = 0;
    427 @@ -300,6 +279,7 @@ int get_crypt_info(struct inode *inode)
    428 kzfree(raw_key);
    429 return res;
    430 }
    431 +EXPORT_SYMBOL(fscrypt_get_encryption_info);
    432
    433 void fscrypt_put_encryption_info(struct inode *inode, struct fscrypt_info *ci)
    434 {
    435 @@ -317,17 +297,3 @@ void fscrypt_put_encryption_info(struct inode *inode, struct fscrypt_info *ci)
    436 put_crypt_info(ci);
    437 }
    438 EXPORT_SYMBOL(fscrypt_put_encryption_info);
    439 -
    440 -int fscrypt_get_encryption_info(struct inode *inode)
    441 -{
    442 - struct fscrypt_info *ci = inode->i_crypt_info;
    443 -
    444 - if (!ci ||
    445 - (ci->ci_keyring_key &&
    446 - (ci->ci_keyring_key->flags & ((1 << KEY_FLAG_INVALIDATED) |
    447 - (1 << KEY_FLAG_REVOKED) |
    448 - (1 << KEY_FLAG_DEAD)))))
    449 - return get_crypt_info(inode);
    450 - return 0;
    451 -}
    452 -EXPORT_SYMBOL(fscrypt_get_encryption_info);
    453 diff --git a/include/linux/fscrypto.h b/include/linux/fscrypto.h
    454 index ff8b11b26f31..f6dfc2950f76 100644
    455 --- a/include/linux/fscrypto.h
    456 +++ b/include/linux/fscrypto.h
    457 @@ -79,7 +79,6 @@ struct fscrypt_info {
    458 u8 ci_filename_mode;
    459 u8 ci_flags;
    460 struct crypto_skcipher *ci_ctfm;
    461 - struct key *ci_keyring_key;
    462 u8 ci_master_key[FS_KEY_DESCRIPTOR_SIZE];
    463 };
    464
    465 @@ -256,7 +255,6 @@ extern int fscrypt_has_permitted_context(struct inode *, struct inode *);
    466 extern int fscrypt_inherit_context(struct inode *, struct inode *,
    467 void *, bool);
    468 /* keyinfo.c */
    469 -extern int get_crypt_info(struct inode *);
    470 extern int fscrypt_get_encryption_info(struct inode *);
    471 extern void fscrypt_put_encryption_info(struct inode *, struct fscrypt_info *);
    472
    473 diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
    474 index 37e2449186c4..c95c5122b105 100644
    475 --- a/kernel/sched/deadline.c
    476 +++ b/kernel/sched/deadline.c
    477 @@ -1729,12 +1729,11 @@ static void switched_to_dl(struct rq *rq, struct task_struct *p)
    478 #ifdef CONFIG_SMP
    479 if (tsk_nr_cpus_allowed(p) > 1 && rq->dl.overloaded)
    480 queue_push_tasks(rq);
    481 -#else
    482 +#endif
    483 if (dl_task(rq->curr))
    484 check_preempt_curr_dl(rq, p, 0);
    485 else
    486 resched_curr(rq);
    487 -#endif
    488 }
    489 }
    490
    491 diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
    492 index 2516b8df6dbb..f139f22ce30d 100644
    493 --- a/kernel/sched/rt.c
    494 +++ b/kernel/sched/rt.c
    495 @@ -2198,10 +2198,9 @@ static void switched_to_rt(struct rq *rq, struct task_struct *p)
    496 #ifdef CONFIG_SMP
    497 if (tsk_nr_cpus_allowed(p) > 1 && rq->rt.overloaded)
    498 queue_push_tasks(rq);
    499 -#else
    500 +#endif /* CONFIG_SMP */
    501 if (p->prio < rq->curr->prio)
    502 resched_curr(rq);
    503 -#endif /* CONFIG_SMP */
    504 }
    505 }
    506
    507 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
    508 index 5bf7e1bfeac7..e0437a7aa1a2 100644
    509 --- a/net/xfrm/xfrm_policy.c
    510 +++ b/net/xfrm/xfrm_policy.c
    511 @@ -3062,6 +3062,11 @@ static int __net_init xfrm_net_init(struct net *net)
    512 {
    513 int rv;
    514
    515 + /* Initialize the per-net locks here */
    516 + spin_lock_init(&net->xfrm.xfrm_state_lock);
    517 + spin_lock_init(&net->xfrm.xfrm_policy_lock);
    518 + mutex_init(&net->xfrm.xfrm_cfg_mutex);
    519 +
    520 rv = xfrm_statistics_init(net);
    521 if (rv < 0)
    522 goto out_statistics;
    523 @@ -3078,11 +3083,6 @@ static int __net_init xfrm_net_init(struct net *net)
    524 if (rv < 0)
    525 goto out;
    526
    527 - /* Initialize the per-net locks here */
    528 - spin_lock_init(&net->xfrm.xfrm_state_lock);
    529 - spin_lock_init(&net->xfrm.xfrm_policy_lock);
    530 - mutex_init(&net->xfrm.xfrm_cfg_mutex);
    531 -
    532 return 0;
    533
    534 out:
    535 diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
    536 index 671a1d0333f0..a7e27e1140dd 100644
    537 --- a/net/xfrm/xfrm_user.c
    538 +++ b/net/xfrm/xfrm_user.c
    539 @@ -412,7 +412,14 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es
    540 up = nla_data(rp);
    541 ulen = xfrm_replay_state_esn_len(up);
    542
    543 - if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
    544 + /* Check the overall length and the internal bitmap length to avoid
    545 + * potential overflow. */
    546 + if (nla_len(rp) < ulen ||
    547 + xfrm_replay_state_esn_len(replay_esn) != ulen ||
    548 + replay_esn->bmp_len != up->bmp_len)
    549 + return -EINVAL;
    550 +
    551 + if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)
    552 return -EINVAL;
    553
    554 return 0;