5 files changed, 16 insertions, 6 deletions

diff --git a/security/Kconfig b/security/Kconfig
index e9c6ac724fef..beb86b500adf 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -103,7 +103,7 @@ config INTEL_TXT
 config LSM_MMAP_MIN_ADDR
         int "Low address space for LSM to protect from user allocation"
         depends on SECURITY && SECURITY_SELINUX
-        default 32768 if ARM
+        default 32768 if ARM || (ARM64 && COMPAT)
         default 65536
         help
           This is the portion of low virtual memory which should be protected
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d46cbc5e335e..2fb2576dc644 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1000,7 +1000,11 @@ static int keyring_detect_cycle_iterator(const void *object,
 
         kenter("{%d}", key->serial);
 
-        BUG_ON(key != ctx->match_data);
+        /* We might get a keyring with matching index-key that is nonetheless a
+         * different keyring. */
+        if (key != ctx->match_data)
+                return 0;
+
         ctx->result = ERR_PTR(-EDEADLK);
         return 1;
 }
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 332ac8a80cf5..2df7b900e259 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -17,6 +17,7 @@
 #include <linux/inet_diag.h>
 #include <linux/xfrm.h>
 #include <linux/audit.h>
+#include <linux/sock_diag.h>
 
 #include "flask.h"
 #include "av_permissions.h"
@@ -78,6 +79,7 @@ static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
 {
         { TCPDIAG_GETSOCK,      NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
         { DCCPDIAG_GETSOCK,     NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+        { SOCK_DIAG_BY_FAMILY,  NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
 };
 
 static struct nlmsg_perm nlmsg_xfrm_perms[] =
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index c0f498842129..9c5cdc2caaef 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -3338,10 +3338,10 @@ static int filename_write_helper(void *key, void *data, void *ptr)
         if (rc)
                 return rc;
 
-        buf[0] = ft->stype;
-        buf[1] = ft->ttype;
-        buf[2] = ft->tclass;
-        buf[3] = otype->otype;
+        buf[0] = cpu_to_le32(ft->stype);
+        buf[1] = cpu_to_le32(ft->ttype);
+        buf[2] = cpu_to_le32(ft->tclass);
+        buf[3] = cpu_to_le32(otype->otype);
 
         rc = put_entry(buf, sizeof(u32), 4, fp);
         if (rc)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c93c21127f0c..5d0144ee8ed6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
         struct context context;
         int rc = 0;
 
+        /* An empty security context is never valid. */
+        if (!scontext_len)
+                return -EINVAL;
+
         if (!ss_initialized) {
                 int i;