Merge android-4.4-p.198 (dbd0162) into msm-4.4

* refs/heads/tmp-dbd0162
  Linux 4.4.198
  RDMA/cxgb4: Do not dma memory off of the stack
  net: sched: Fix memory exposure from short TCA_U32_SEL
  PCI: PM: Fix pci_power_up()
  xen/netback: fix error path of xenvif_connect_data()
  cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
  memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
  btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
  CIFS: avoid using MID 0xFFFF
  parisc: Fix vmap memory leak in ioremap()/iounmap()
  xtensa: drop EXPORT_SYMBOL for outs*/ins*
  mm/slub: fix a deadlock in show_slab_objects()
  scsi: zfcp: fix reaction on bit error threshold notification
  drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
  mac80211: Reject malformed SSID elements
  cfg80211: wext: avoid copying malformed SSIDs
  ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
  scsi: core: try to get module before removing device
  USB: ldusb: fix read info leaks
  USB: usblp: fix use-after-free on disconnect
  USB: ldusb: fix memleak on disconnect
  USB: serial: ti_usb_3410_5052: fix port-close races
  usb: udc: lpc32xx: fix bad bit shift operation
  USB: legousbtower: fix memleak on disconnect
  memfd: Fix locking when tagging pins
  ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
  net: avoid potential infinite loop in tc_ctl_action()
  sctp: change sctp_prot .no_autobind with true
  net: bcmgenet: Set phydev->dev_flags only for internal PHYs
  net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
  loop: Add LOOP_SET_DIRECT_IO to compat ioctl
  namespace: fix namespace.pl script to support relative paths
  net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
  mips: Loongson: Fix the link time qualifier of 'serial_exit()'
  nl80211: fix null pointer dereference
  ARM: dts: am4372: Set memory bandwidth limit for DISPC
  ARM: OMAP2+: Fix missing reset done flag for am3 and am43
  scsi: qla2xxx: Fix unbound sleep in fcport delete path.
  scsi: megaraid: disable device when probe failed after enabled device
  scsi: ufs: skip shutdown if hba is not powered
  rtlwifi: Fix potential overflow on P2P code
  ANDROID: clang: update to 9.0.8 based on r365631c
  ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
  ANDROID: refactor build.config files to remove duplication

Conflicts:
	drivers/block/loop.c

Change-Id: I68d2106c6480b9a2573f31302b0c75922f427732
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>

2 files changed, 9 insertions, 2 deletions

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 000fb496eeaa..7907f1fadf7f 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -5240,6 +5240,9 @@ static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
 	if (!rdev->ops->del_mpath)
 		return -EOPNOTSUPP;
 
+	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
+		return -EOPNOTSUPP;
+
 	return rdev_del_mpath(rdev, dev, dst);
 }
 
diff --git a/net/wireless/wext-sme.c b/net/wireless/wext-sme.c
index a4e8af3321d2..98ff9d9e1aa9 100644
--- a/net/wireless/wext-sme.c
+++ b/net/wireless/wext-sme.c
@@ -225,6 +225,7 @@ int cfg80211_mgd_wext_giwessid(struct net_device *dev,
 			       struct iw_point *data, char *ssid)
 {
 	struct wireless_dev *wdev = dev->ieee80211_ptr;
+	int ret = 0;
 
 	/* call only for station! */
 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION))
@@ -242,7 +243,10 @@ int cfg80211_mgd_wext_giwessid(struct net_device *dev,
 		if (ie) {
 			data->flags = 1;
 			data->length = ie[1];
-			memcpy(ssid, ie + 2, data->length);
+			if (data->length > IW_ESSID_MAX_SIZE)
+				ret = -EINVAL;
+			else
+				memcpy(ssid, ie + 2, data->length);
 		}
 		rcu_read_unlock();
 	} else if (wdev->wext.connect.ssid && wdev->wext.connect.ssid_len) {
@@ -252,7 +256,7 @@ int cfg80211_mgd_wext_giwessid(struct net_device *dev,
 	}
 	wdev_unlock(wdev);
 
-	return 0;
+	return ret;
 }
 
 int cfg80211_mgd_wext_siwap(struct net_device *dev,