Merge tag 'v5.10.120' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux into ti-linux-5.10.y

This is the 5.10.120 stable release

* tag 'v5.10.120' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux: (394 commits)
  Linux 5.10.120
  bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
  bpf: Fix potential array overflow in bpf_trampoline_get_progs()
  NFSD: Fix possible sleep during nfsd4_release_lockowner()
  NFS: Memory allocation failures are not server fatal errors
  docs: submitting-patches: Fix crossref to 'The canonical patch format'
  tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
  tpm: Fix buffer access in tpm2_get_tpm_pt()
  HID: multitouch: add quirks to enable Lenovo X12 trackpoint
  HID: multitouch: Add support for Google Whiskers Touchpad
  raid5: introduce MD_BROKEN
  dm verity: set DM_TARGET_IMMUTABLE feature flag
  dm stats: add cond_resched when looping over entries
  dm crypt: make printing of the key constant-time
  dm integrity: fix error code in dm_integrity_ctr()
  ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries
  Bluetooth: hci_qca: Use del_timer_sync() before freeing
  zsmalloc: fix races between asynchronous zspage free and page migration
  crypto: ecrdsa - Fix incorrect use of vli_cmp
  crypto: caam - fix i.MX6SX entropy delay value
  ...

Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>

3 files changed, 7 insertions, 2 deletions

diff --git a/security/security.c b/security/security.c
index d9d42d64f89f..360706cdabab 100644
--- a/security/security.c
+++ b/security/security.c
@@ -59,10 +59,12 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_DEBUGFS] = "debugfs access",
 	[LOCKDOWN_XMON_WR] = "xmon write access",
 	[LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM",
+	[LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM",
 	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
 	[LOCKDOWN_KCORE] = "/proc/kcore access",
 	[LOCKDOWN_KPROBES] = "use of kprobes",
 	[LOCKDOWN_BPF_READ] = "use of bpf to read kernel RAM",
+	[LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM",
 	[LOCKDOWN_PERF] = "unsafe use of perf",
 	[LOCKDOWN_TRACEFS] = "use of tracefs",
 	[LOCKDOWN_XMON_RW] = "xmon read and write access",
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index b69231918686..c4fb57e90b6a 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -123,6 +123,8 @@ static const struct nlmsg_perm nlmsg_xfrm_perms[] =
 	{ XFRM_MSG_NEWSPDINFO,	NETLINK_XFRM_SOCKET__NLMSG_WRITE },
 	{ XFRM_MSG_GETSPDINFO,	NETLINK_XFRM_SOCKET__NLMSG_READ  },
 	{ XFRM_MSG_MAPPING,	NETLINK_XFRM_SOCKET__NLMSG_READ  },
+	{ XFRM_MSG_SETDEFAULT,	NETLINK_XFRM_SOCKET__NLMSG_WRITE },
+	{ XFRM_MSG_GETDEFAULT,	NETLINK_XFRM_SOCKET__NLMSG_READ  },
 };
 
 static const struct nlmsg_perm nlmsg_audit_perms[] =
@@ -186,7 +188,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
 		 * structures at the top of this file with the new mappings
 		 * before updating the BUILD_BUG_ON() macro!
 		 */
-		BUILD_BUG_ON(XFRM_MSG_MAX != XFRM_MSG_MAPPING);
+		BUILD_BUG_ON(XFRM_MSG_MAX != XFRM_MSG_GETDEFAULT);
 		err = nlmsg_perm(nlmsg_type, perm, nlmsg_xfrm_perms,
 				 sizeof(nlmsg_xfrm_perms));
 		break;
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 7335f67ce54e..e8960a59586c 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -178,7 +178,8 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
 			kmem_cache_free(hashtab_node_cachep, cur);
 		}
 	}
-	kmem_cache_free(hashtab_node_cachep, new);
+	kfree(new->htable);
+	memset(new, 0, sizeof(*new));
 	return -ENOMEM;
 }