--- /dev/null
+From 867de40c4c23e6d7f89f9ce4272a5d1b1484c122 Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Mon, 21 Jun 2021 14:48:29 -0400
+Subject: dm writecache: write at least 4k when committing
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 867de40c4c23e6d7f89f9ce4272a5d1b1484c122 upstream.
+
+SSDs perform badly with sub-4k writes (because they perfrorm
+read-modify-write internally), so make sure writecache writes at least
+4k when committing.
+
+Fixes: 991bd8d7bc78 ("dm writecache: commit just one block, not a full page")
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-writecache.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/md/dm-writecache.c
++++ b/drivers/md/dm-writecache.c
+@@ -532,7 +532,11 @@ static void ssd_commit_superblock(struct
+
+ region.bdev = wc->ssd_dev->bdev;
+ region.sector = 0;
+- region.count = wc->block_size >> SECTOR_SHIFT;
++ region.count = max(4096U, wc->block_size) >> SECTOR_SHIFT;
++
++ if (unlikely(region.sector + region.count > wc->metadata_sectors))
++ region.count = wc->metadata_sectors - region.sector;
++
+ region.sector += wc->start_sector;
+
+ req.bi_op = REQ_OP_WRITE;
--- /dev/null
+From 0ecb51824e838372e01330752503ddf9c0430ef7 Mon Sep 17 00:00:00 2001
+From: Thomas Zimmermann <tzimmermann@suse.de>
+Date: Thu, 29 Apr 2021 12:50:57 +0200
+Subject: drm/ast: Remove reference to struct drm_device.pdev
+
+From: Thomas Zimmermann <tzimmermann@suse.de>
+
+commit 0ecb51824e838372e01330752503ddf9c0430ef7 upstream.
+
+Using struct drm_device.pdev is deprecated. Upcast with to_pci_dev()
+from struct drm_device.dev to get the PCI device structure.
+
+v9:
+ * fix remaining pdev references
+
+Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
+Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>
+Fixes: ba4e0339a6a3 ("drm/ast: Fixed CVE for DP501")
+Cc: KuoHsiang Chou <kuohsiang_chou@aspeedtech.com>
+Cc: kernel test robot <lkp@intel.com>
+Cc: Thomas Zimmermann <tzimmermann@suse.de>
+Cc: Dave Airlie <airlied@redhat.com>
+Cc: dri-devel@lists.freedesktop.org
+Link: https://patchwork.freedesktop.org/patch/msgid/20210429105101.25667-2-tzimmermann@suse.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/ast/ast_main.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/gpu/drm/ast/ast_main.c
++++ b/drivers/gpu/drm/ast/ast_main.c
+@@ -411,7 +411,6 @@ struct ast_private *ast_device_create(co
+ return ast;
+ dev = &ast->base;
+
+- dev->pdev = pdev;
+ pci_set_drvdata(pdev, dev);
+
+ ast->regs = pcim_iomap(pdev, 1, 0);
+@@ -453,8 +452,8 @@ struct ast_private *ast_device_create(co
+
+ /* map reserved buffer */
+ ast->dp501_fw_buf = NULL;
+- if (dev->vram_mm->vram_size < pci_resource_len(dev->pdev, 0)) {
+- ast->dp501_fw_buf = pci_iomap_range(dev->pdev, 0, dev->vram_mm->vram_size, 0);
++ if (dev->vram_mm->vram_size < pci_resource_len(pdev, 0)) {
++ ast->dp501_fw_buf = pci_iomap_range(pdev, 0, dev->vram_mm->vram_size, 0);
+ if (!ast->dp501_fw_buf)
+ drm_info(dev, "failed to map reserved buffer!\n");
+ }
--- /dev/null
+From 61bb4a1c417e5b95d9edb4f887f131de32e419cb Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Fri, 2 Jul 2021 12:45:02 -0400
+Subject: ext4: fix possible UAF when remounting r/o a mmp-protected file system
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit 61bb4a1c417e5b95d9edb4f887f131de32e419cb upstream.
+
+After commit 618f003199c6 ("ext4: fix memory leak in
+ext4_fill_super"), after the file system is remounted read-only, there
+is a race where the kmmpd thread can exit, causing sbi->s_mmp_tsk to
+point at freed memory, which the call to ext4_stop_mmpd() can trip
+over.
+
+Fix this by only allowing kmmpd() to exit when it is stopped via
+ext4_stop_mmpd().
+
+Link: https://lore.kernel.org/r/20210707002433.3719773-1-tytso@mit.edu
+Reported-by: Ye Bin <yebin10@huawei.com>
+Bug-Report-Link: <20210629143603.2166962-1-yebin10@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/mmp.c | 31 +++++++++++++++----------------
+ fs/ext4/super.c | 6 +++++-
+ 2 files changed, 20 insertions(+), 17 deletions(-)
+
+--- a/fs/ext4/mmp.c
++++ b/fs/ext4/mmp.c
+@@ -156,7 +156,12 @@ static int kmmpd(void *data)
+ memcpy(mmp->mmp_nodename, init_utsname()->nodename,
+ sizeof(mmp->mmp_nodename));
+
+- while (!kthread_should_stop()) {
++ while (!kthread_should_stop() && !sb_rdonly(sb)) {
++ if (!ext4_has_feature_mmp(sb)) {
++ ext4_warning(sb, "kmmpd being stopped since MMP feature"
++ " has been disabled.");
++ goto wait_to_exit;
++ }
+ if (++seq > EXT4_MMP_SEQ_MAX)
+ seq = 1;
+
+@@ -177,16 +182,6 @@ static int kmmpd(void *data)
+ failed_writes++;
+ }
+
+- if (!(le32_to_cpu(es->s_feature_incompat) &
+- EXT4_FEATURE_INCOMPAT_MMP)) {
+- ext4_warning(sb, "kmmpd being stopped since MMP feature"
+- " has been disabled.");
+- goto exit_thread;
+- }
+-
+- if (sb_rdonly(sb))
+- break;
+-
+ diff = jiffies - last_update_time;
+ if (diff < mmp_update_interval * HZ)
+ schedule_timeout_interruptible(mmp_update_interval *
+@@ -207,7 +202,7 @@ static int kmmpd(void *data)
+ ext4_error_err(sb, -retval,
+ "error reading MMP data: %d",
+ retval);
+- goto exit_thread;
++ goto wait_to_exit;
+ }
+
+ mmp_check = (struct mmp_struct *)(bh_check->b_data);
+@@ -221,7 +216,7 @@ static int kmmpd(void *data)
+ ext4_error_err(sb, EBUSY, "abort");
+ put_bh(bh_check);
+ retval = -EBUSY;
+- goto exit_thread;
++ goto wait_to_exit;
+ }
+ put_bh(bh_check);
+ }
+@@ -244,7 +239,13 @@ static int kmmpd(void *data)
+
+ retval = write_mmp_block(sb, bh);
+
+-exit_thread:
++wait_to_exit:
++ while (!kthread_should_stop()) {
++ set_current_state(TASK_INTERRUPTIBLE);
++ if (!kthread_should_stop())
++ schedule();
++ }
++ set_current_state(TASK_RUNNING);
+ return retval;
+ }
+
+@@ -391,5 +392,3 @@ failed:
+ brelse(bh);
+ return 1;
+ }
+-
+-
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -5996,7 +5996,6 @@ static int ext4_remount(struct super_blo
+ */
+ ext4_mark_recovery_complete(sb, es);
+ }
+- ext4_stop_mmpd(sbi);
+ } else {
+ /* Make sure we can mount this feature set readwrite */
+ if (ext4_has_feature_readonly(sb) ||
+@@ -6110,6 +6109,9 @@ static int ext4_remount(struct super_blo
+ if (!test_opt(sb, BLOCK_VALIDITY) && sbi->s_system_blks)
+ ext4_release_system_zone(sb);
+
++ if (!ext4_has_feature_mmp(sb) || sb_rdonly(sb))
++ ext4_stop_mmpd(sbi);
++
+ /*
+ * Some options can be enabled by ext4 and/or by VFS mount flag
+ * either way we need to make sure it matches in both *flags and
+@@ -6143,6 +6145,8 @@ restore_opts:
+ for (i = 0; i < EXT4_MAXQUOTAS; i++)
+ kfree(to_free[i]);
+ #endif
++ if (!ext4_has_feature_mmp(sb) || sb_rdonly(sb))
++ ext4_stop_mmpd(sbi);
+ kfree(orig_data);
+ return err;
+ }
--- /dev/null
+From cad83c968c2ebe97905f900326988ed37146c347 Mon Sep 17 00:00:00 2001
+From: Chao Yu <yuchao0@huawei.com>
+Date: Fri, 7 May 2021 18:10:38 +0800
+Subject: f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances
+
+From: Chao Yu <yuchao0@huawei.com>
+
+commit cad83c968c2ebe97905f900326988ed37146c347 upstream.
+
+As syzbot reported, there is an use-after-free issue during f2fs recovery:
+
+Use-after-free write at 0xffff88823bc16040 (in kfence-#10):
+ kmem_cache_destroy+0x1f/0x120 mm/slab_common.c:486
+ f2fs_recover_fsync_data+0x75b0/0x8380 fs/f2fs/recovery.c:869
+ f2fs_fill_super+0x9393/0xa420 fs/f2fs/super.c:3945
+ mount_bdev+0x26c/0x3a0 fs/super.c:1367
+ legacy_get_tree+0xea/0x180 fs/fs_context.c:592
+ vfs_get_tree+0x86/0x270 fs/super.c:1497
+ do_new_mount fs/namespace.c:2905 [inline]
+ path_mount+0x196f/0x2be0 fs/namespace.c:3235
+ do_mount fs/namespace.c:3248 [inline]
+ __do_sys_mount fs/namespace.c:3456 [inline]
+ __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3433
+ do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+The root cause is multi f2fs filesystem instances can race on accessing
+global fsync_entry_slab pointer, result in use-after-free issue of slab
+cache, fixes to init/destroy this slab cache only once during module
+init/destroy procedure to avoid this issue.
+
+Reported-by: syzbot+9d90dad32dd9727ed084@syzkaller.appspotmail.com
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/f2fs.h | 2 ++
+ fs/f2fs/recovery.c | 23 ++++++++++++++---------
+ fs/f2fs/super.c | 8 +++++++-
+ 3 files changed, 23 insertions(+), 10 deletions(-)
+
+--- a/fs/f2fs/f2fs.h
++++ b/fs/f2fs/f2fs.h
+@@ -3566,6 +3566,8 @@ void f2fs_destroy_garbage_collection_cac
+ */
+ int f2fs_recover_fsync_data(struct f2fs_sb_info *sbi, bool check_only);
+ bool f2fs_space_for_roll_forward(struct f2fs_sb_info *sbi);
++int __init f2fs_create_recovery_cache(void);
++void f2fs_destroy_recovery_cache(void);
+
+ /*
+ * debug.c
+--- a/fs/f2fs/recovery.c
++++ b/fs/f2fs/recovery.c
+@@ -788,13 +788,6 @@ int f2fs_recover_fsync_data(struct f2fs_
+ quota_enabled = f2fs_enable_quota_files(sbi, s_flags & SB_RDONLY);
+ #endif
+
+- fsync_entry_slab = f2fs_kmem_cache_create("f2fs_fsync_inode_entry",
+- sizeof(struct fsync_inode_entry));
+- if (!fsync_entry_slab) {
+- err = -ENOMEM;
+- goto out;
+- }
+-
+ INIT_LIST_HEAD(&inode_list);
+ INIT_LIST_HEAD(&tmp_inode_list);
+ INIT_LIST_HEAD(&dir_list);
+@@ -867,8 +860,6 @@ skip:
+ }
+ }
+
+- kmem_cache_destroy(fsync_entry_slab);
+-out:
+ #ifdef CONFIG_QUOTA
+ /* Turn quotas off */
+ if (quota_enabled)
+@@ -878,3 +869,17 @@ out:
+
+ return ret ? ret : err;
+ }
++
++int __init f2fs_create_recovery_cache(void)
++{
++ fsync_entry_slab = f2fs_kmem_cache_create("f2fs_fsync_inode_entry",
++ sizeof(struct fsync_inode_entry));
++ if (!fsync_entry_slab)
++ return -ENOMEM;
++ return 0;
++}
++
++void f2fs_destroy_recovery_cache(void)
++{
++ kmem_cache_destroy(fsync_entry_slab);
++}
+--- a/fs/f2fs/super.c
++++ b/fs/f2fs/super.c
+@@ -4227,9 +4227,12 @@ static int __init init_f2fs_fs(void)
+ err = f2fs_create_checkpoint_caches();
+ if (err)
+ goto free_segment_manager_caches;
+- err = f2fs_create_extent_cache();
++ err = f2fs_create_recovery_cache();
+ if (err)
+ goto free_checkpoint_caches;
++ err = f2fs_create_extent_cache();
++ if (err)
++ goto free_recovery_cache;
+ err = f2fs_create_garbage_collection_cache();
+ if (err)
+ goto free_extent_cache;
+@@ -4278,6 +4281,8 @@ free_garbage_collection_cache:
+ f2fs_destroy_garbage_collection_cache();
+ free_extent_cache:
+ f2fs_destroy_extent_cache();
++free_recovery_cache:
++ f2fs_destroy_recovery_cache();
+ free_checkpoint_caches:
+ f2fs_destroy_checkpoint_caches();
+ free_segment_manager_caches:
+@@ -4303,6 +4308,7 @@ static void __exit exit_f2fs_fs(void)
+ f2fs_exit_sysfs();
+ f2fs_destroy_garbage_collection_cache();
+ f2fs_destroy_extent_cache();
++ f2fs_destroy_recovery_cache();
+ f2fs_destroy_checkpoint_caches();
+ f2fs_destroy_segment_manager_caches();
+ f2fs_destroy_node_manager_caches();
--- /dev/null
+From 9d574f985fe33efd6911f4d752de6f485a1ea732 Mon Sep 17 00:00:00 2001
+From: Pavel Skripkin <paskripkin@gmail.com>
+Date: Sun, 6 Jun 2021 17:24:05 +0300
+Subject: jfs: fix GPF in diFree
+
+From: Pavel Skripkin <paskripkin@gmail.com>
+
+commit 9d574f985fe33efd6911f4d752de6f485a1ea732 upstream.
+
+Avoid passing inode with
+JFS_SBI(inode->i_sb)->ipimap == NULL to
+diFree()[1]. GFP will appear:
+
+ struct inode *ipimap = JFS_SBI(ip->i_sb)->ipimap;
+ struct inomap *imap = JFS_IP(ipimap)->i_imap;
+
+JFS_IP() will return invalid pointer when ipimap == NULL
+
+Call Trace:
+ diFree+0x13d/0x2dc0 fs/jfs/jfs_imap.c:853 [1]
+ jfs_evict_inode+0x2c9/0x370 fs/jfs/inode.c:154
+ evict+0x2ed/0x750 fs/inode.c:578
+ iput_final fs/inode.c:1654 [inline]
+ iput.part.0+0x3fe/0x820 fs/inode.c:1680
+ iput+0x58/0x70 fs/inode.c:1670
+
+Reported-and-tested-by: syzbot+0a89a7b56db04c21a656@syzkaller.appspotmail.com
+Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/jfs/inode.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/jfs/inode.c
++++ b/fs/jfs/inode.c
+@@ -151,7 +151,8 @@ void jfs_evict_inode(struct inode *inode
+ if (test_cflag(COMMIT_Freewmap, inode))
+ jfs_free_zero_link(inode);
+
+- diFree(inode);
++ if (JFS_SBI(inode->i_sb)->ipimap)
++ diFree(inode);
+
+ /*
+ * Free the inode from the quota allocation.
--- /dev/null
+From 7b53cca764f9b291b7907fcd39d9e66ad728ee0b Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Mon, 14 Jun 2021 12:34:03 +0200
+Subject: media: v4l2-core: explicitly clear ioctl input data
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 7b53cca764f9b291b7907fcd39d9e66ad728ee0b upstream.
+
+As seen from a recent syzbot bug report, mistakes in the compat ioctl
+implementation can lead to uninitialized kernel stack data getting used
+as input for driver ioctl handlers.
+
+The reported bug is now fixed, but it's possible that other related
+bugs are still present or get added in the future. As the drivers need
+to check user input already, the possible impact is fairly low, but it
+might still cause an information leak.
+
+To be on the safe side, always clear the entire ioctl buffer before
+calling the conversion handler functions that are meant to initialize
+them.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/media/v4l2-core/v4l2-ioctl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/media/v4l2-core/v4l2-ioctl.c
++++ b/drivers/media/v4l2-core/v4l2-ioctl.c
+@@ -3124,8 +3124,10 @@ static int video_get_user(void __user *a
+ if (copy_from_user(parg, (void __user *)arg, n))
+ err = -EFAULT;
+ } else if (in_compat_syscall()) {
++ memset(parg, 0, n);
+ err = v4l2_compat_get_user(arg, parg, cmd);
+ } else {
++ memset(parg, 0, n);
+ #if !defined(CONFIG_64BIT) && defined(CONFIG_COMPAT_32BIT_TIME)
+ switch (cmd) {
+ case VIDIOC_QUERYBUF_TIME32:
--- /dev/null
+From 884af72c90016cfccd5717439c86b48702cbf184 Mon Sep 17 00:00:00 2001
+From: Zou Wei <zou_wei@huawei.com>
+Date: Tue, 8 Jun 2021 14:34:08 +0800
+Subject: pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
+
+From: Zou Wei <zou_wei@huawei.com>
+
+commit 884af72c90016cfccd5717439c86b48702cbf184 upstream.
+
+Add the missing unlock before return from function mcp23s08_irq()
+in the error handling case.
+
+v1-->v2:
+ remove the "return IRQ_HANDLED" line
+
+Fixes: 897120d41e7a ("pinctrl: mcp23s08: fix race condition in irq handler")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Zou Wei <zou_wei@huawei.com>
+Link: https://lore.kernel.org/r/1623134048-56051-1-git-send-email-zou_wei@huawei.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/pinctrl-mcp23s08.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pinctrl/pinctrl-mcp23s08.c
++++ b/drivers/pinctrl/pinctrl-mcp23s08.c
+@@ -353,7 +353,7 @@ static irqreturn_t mcp23s08_irq(int irq,
+
+ if (intf == 0) {
+ /* There is no interrupt pending */
+- return IRQ_HANDLED;
++ goto unlock;
+ }
+
+ if (mcp_read(mcp, MCP_INTCAP, &intcap))
s390-vdso-rename-vdso64_lbase-to-vdso_lbase.patch
s390-vdso-add-minimal-compat-vdso.patch
s390-signal-switch-to-using-vdso-for-sigreturn-and-syscall-restart.patch
+dm-writecache-write-at-least-4k-when-committing.patch
+pinctrl-mcp23s08-fix-missing-unlock-on-error-in-mcp23s08_irq.patch
+drm-ast-remove-reference-to-struct-drm_device.pdev.patch
+ext4-fix-possible-uaf-when-remounting-r-o-a-mmp-protected-file-system.patch
+jfs-fix-gpf-in-difree.patch
+media-v4l2-core-explicitly-clear-ioctl-input-data.patch
+smackfs-restrict-bytes-count-in-smk_set_cipso.patch
+f2fs-fix-to-avoid-racing-on-fsync_entry_slab-by-multi-filesystem-instances.patch
--- /dev/null
+From 49ec114a6e62d8d320037ce71c1aaf9650b3cafd Mon Sep 17 00:00:00 2001
+From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
+Date: Mon, 12 Apr 2021 22:45:50 +0900
+Subject: smackfs: restrict bytes count in smk_set_cipso()
+
+From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
+
+commit 49ec114a6e62d8d320037ce71c1aaf9650b3cafd upstream.
+
+Oops, I failed to update subject line.
+
+From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Date: Mon, 12 Apr 2021 22:25:06 +0900
+Subject: smackfs: restrict bytes count in smk_set_cipso()
+
+Commit 7ef4c19d245f3dc2 ("smackfs: restrict bytes count in smackfs write
+functions") missed that count > SMK_CIPSOMAX check applies to only
+format == SMK_FIXED24_FMT case.
+
+Reported-by: syzbot <syzbot+77c53db50c9fff774e8e@syzkaller.appspotmail.com>
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/smack/smackfs.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/security/smack/smackfs.c
++++ b/security/smack/smackfs.c
+@@ -855,6 +855,8 @@ static ssize_t smk_set_cipso(struct file
+ if (format == SMK_FIXED24_FMT &&
+ (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
+ return -EINVAL;
++ if (count > PAGE_SIZE)
++ return -EINVAL;
+
+ data = memdup_user_nul(buf, count);
+ if (IS_ERR(data))
projects / thirdparty / kernel / stable-queue.git / commitdiff
