Merge branch 'linux-linaro-lsk-v4.4-android' of git://git.linaro.org/kernel/linux-linaro-stable.git

* linux-linaro-lsk-v4.4-android: (395 commits)
  Linux 4.4.126
  net: systemport: Rewrite __bcm_sysport_tx_reclaim()
  net: fec: Fix unbalanced PM runtime calls
  ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
  s390/qeth: on channel error, reject further cmd requests
  s390/qeth: lock read device while queueing next buffer
  s390/qeth: when thread completes, wake up all waiters
  s390/qeth: free netdevice when removing a card
  team: Fix double free in error path
  skbuff: Fix not waking applications when errors are enqueued
  net: Only honor ifindex in IP_PKTINFO if non-0
  netlink: avoid a double skb free in genlmsg_mcast()
  net/iucv: Free memory obtained by kzalloc
  net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface
  net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred
  l2tp: do not accept arbitrary sockets
  ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
  dccp: check sk for closed state in dccp_sendmsg()
  net: Fix hlist corruptions in inet_evict_bucket()
  Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"
  ...

Conflicts:
	include/linux/usb/quirks.h

Change-Id: I125065cef66846e4cdee799f4b34d07c309d353e

3 files changed, 11 insertions, 2 deletions

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index dec607c17b64..6dc4ce47580f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -722,7 +722,7 @@ module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR);
 
 /* Maximum pathname length before accesses will start getting rejected */
 unsigned int aa_g_path_max = 2 * PATH_MAX;
-module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR | S_IWUSR);
+module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR);
 
 /* Determines how paranoid loading of policy is and how much verification
  * on the loaded policy is done.
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 19014293f927..8da7c91b725d 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -206,7 +206,8 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
 		if (opened & FILE_CREATED)
 			iint->flags |= IMA_NEW_FILE;
 		if ((iint->flags & IMA_NEW_FILE) &&
-		    !(iint->flags & IMA_DIGSIG_REQUIRED))
+		    (!(iint->flags & IMA_DIGSIG_REQUIRED) ||
+		     (inode->i_size == 0)))
 			status = INTEGRITY_PASS;
 		goto out;
 	}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index be68992a28cb..c5293ca6a26e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4158,10 +4158,18 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 		u32 sid, node_perm;
 
 		if (family == PF_INET) {
+			if (addrlen < sizeof(struct sockaddr_in)) {
+				err = -EINVAL;
+				goto out;
+			}
 			addr4 = (struct sockaddr_in *)address;
 			snum = ntohs(addr4->sin_port);
 			addrp = (char *)&addr4->sin_addr.s_addr;
 		} else {
+			if (addrlen < SIN6_LEN_RFC2133) {
+				err = -EINVAL;
+				goto out;
+			}
 			addr6 = (struct sockaddr_in6 *)address;
 			snum = ntohs(addr6->sin6_port);
 			addrp = (char *)&addr6->sin6_addr.s6_addr;