Merge branch 'linux-linaro-lsk-v4.4-android' of git://git.linaro.org/kernel/linux-linaro-stable.git

* linux-linaro-lsk-v4.4-android: (812 commits)
  Linux 4.4.167
  mac80211: ignore NullFunc frames in the duplicate detection
  mac80211: fix reordering of buffered broadcast packets
  mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
  mac80211: Clear beacon_int in ieee80211_do_stop
  mac80211_hwsim: Timer should be initialized before device registered
  kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
  tty: serial: 8250_mtk: always resume the device in probe.
  cifs: Fix separator when building path from dentry
  Staging: lustre: remove two build warnings
  xhci: Prevent U1/U2 link pm states if exit latency is too long
  SUNRPC: Fix leak of krb5p encode pages
  virtio/s390: fix race in ccw_io_helper()
  virtio/s390: avoid race on vcdev->config
  ALSA: pcm: Fix interval evaluation with openmin/max
  ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
  ALSA: pcm: Fix starvation on down_write_nonblock()
  ALSA: hda: Add support for AMD Stoney Ridge
  ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
  USB: check usb_get_extra_descriptor for proper size
  ...

Conflicts:
	drivers/gpu/drm/rockchip/rockchip_drm_drv.c
	drivers/usb/host/xhci-ring.c

Change-Id: I4304b0875908403a7d88a0d77da52cea04563c11

2 files changed, 7 insertions, 6 deletions

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 816d175da79a..30aced99bc55 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -26,14 +26,14 @@
 #include "ima.h"
 
 static int valid_policy = 1;
-#define TMPBUFLEN 12
+
 static ssize_t ima_show_htable_value(char __user *buf, size_t count,
 				     loff_t *ppos, atomic_long_t *val)
 {
-	char tmpbuf[TMPBUFLEN];
+	char tmpbuf[32];	/* greater than largest 'long' string value */
 	ssize_t len;
 
-	len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
+	len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val));
 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
 }
 
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index ac1d5b2b1626..a7095372701e 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -808,15 +808,14 @@ long join_session_keyring(const char *name)
 		ret = PTR_ERR(keyring);
 		goto error2;
 	} else if (keyring == new->session_keyring) {
-		key_put(keyring);
 		ret = 0;
-		goto error2;
+		goto error3;
 	}
 
 	/* we've got a keyring - now to install it */
 	ret = install_session_keyring_to_cred(new, keyring);
 	if (ret < 0)
-		goto error2;
+		goto error3;
 
 	commit_creds(new);
 	mutex_unlock(&key_session_mutex);
@@ -826,6 +825,8 @@ long join_session_keyring(const char *name)
 okay:
 	return ret;
 
+error3:
+	key_put(keyring);
 error2:
 	mutex_unlock(&key_session_mutex);
 error: