Linux v4.4-rc3

- Fix for cgroup use after free (rhbz 1282706)
- Disable debugging options.

8 files changed, 165 insertions, 130 deletions

diff --git a/0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch b/0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch
new file mode 100644
index 000000000..f6d32220c
--- /dev/null
+++ b/0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch
@@ -0,0 +1,92 @@
+From befa45e320edbded63b6900c4ba63df7a8db445c Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Mon, 23 Nov 2015 14:55:41 -0500
+Subject: [PATCH] cgroup: make css_set pin its css's to avoid use-afer-free
+
+A css_set represents the relationship between a set of tasks and
+css's.  css_set never pinned the associated css's.  This was okay
+because tasks used to always disassociate immediately (in RCU sense) -
+either a task is moved to a different css_set or exits and never
+accesses css_set again.
+
+Unfortunately, afcf6c8b7544 ("cgroup: add cgroup_subsys->free() method
+and use it to fix pids controller") and patches leading up to it made
+a zombie hold onto its css_set and deref the associated css's on its
+release.  Nothing pins the css's after exit and it might have already
+been freed leading to use-after-free.
+
+ general protection fault: 0000 [#1] PREEMPT SMP
+ task: ffffffff81bf2500 ti: ffffffff81be4000 task.ti: ffffffff81be4000
+ RIP: 0010:[<ffffffff810fa205>]  [<ffffffff810fa205>] pids_cancel.constprop.4+0x5/0x40
+ ...
+ Call Trace:
+  <IRQ>
+  [<ffffffff810fb02d>] ? pids_free+0x3d/0xa0
+  [<ffffffff810f8893>] cgroup_free+0x53/0xe0
+  [<ffffffff8104ed62>] __put_task_struct+0x42/0x130
+  [<ffffffff81053557>] delayed_put_task_struct+0x77/0x130
+  [<ffffffff810c6b34>] rcu_process_callbacks+0x2f4/0x820
+  [<ffffffff810c6af3>] ? rcu_process_callbacks+0x2b3/0x820
+  [<ffffffff81056e54>] __do_softirq+0xd4/0x460
+  [<ffffffff81057369>] irq_exit+0x89/0xa0
+  [<ffffffff81876212>] smp_apic_timer_interrupt+0x42/0x50
+  [<ffffffff818747f4>] apic_timer_interrupt+0x84/0x90
+  <EOI>
+ ...
+ Code: 5b 5d c3 48 89 df 48 c7 c2 c9 f9 ae 81 48 c7 c6 91 2c ae 81 e8 1d 94 0e 00 31 c0 5b 5d c3 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <f0> 48 83 87 e0 00 00 00 ff 78 01 c3 80 3d 08 7a c1 00 00 74 02
+ RIP  [<ffffffff810fa205>] pids_cancel.constprop.4+0x5/0x40
+  RSP <ffff88001fc03e20>
+ ---[ end trace 89a4a4b916b90c49 ]---
+ Kernel panic - not syncing: Fatal exception in interrupt
+ Kernel Offset: disabled
+ ---[ end Kernel panic - not syncing: Fatal exception in interrupt
+
+Fix it by making css_set pin the associate css's until its release.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Reported-by: Dave Jones <davej@codemonkey.org.uk>
+Reported-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
+Link: http://lkml.kernel.org/g/20151120041836.GA18390@codemonkey.org.uk
+Link: http://lkml.kernel.org/g/5652D448.3080002@bmw-carit.de
+Fixes: afcf6c8b7544 ("cgroup: add cgroup_subsys->free() method and use it to fix pids controller")
+---
+ kernel/cgroup.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/kernel/cgroup.c b/kernel/cgroup.c
+index f1603c1..17773d6 100644
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -754,9 +754,11 @@ static void put_css_set_locked(struct css_set *cset)
+ 	if (!atomic_dec_and_test(&cset->refcount))
+ 		return;
+ 
+-	/* This css_set is dead. unlink it and release cgroup refcounts */
+-	for_each_subsys(ss, ssid)
++	/* This css_set is dead. unlink it and release cgroup and css refs */
++	for_each_subsys(ss, ssid) {
+ 		list_del(&cset->e_cset_node[ssid]);
++		css_put(cset->subsys[ssid]);
++	}
+ 	hash_del(&cset->hlist);
+ 	css_set_count--;
+ 
+@@ -1056,9 +1058,13 @@ static struct css_set *find_css_set(struct css_set *old_cset,
+ 	key = css_set_hash(cset->subsys);
+ 	hash_add(css_set_table, &cset->hlist, key);
+ 
+-	for_each_subsys(ss, ssid)
++	for_each_subsys(ss, ssid) {
++		struct cgroup_subsys_state *css = cset->subsys[ssid];
++
+ 		list_add_tail(&cset->e_cset_node[ssid],
+-			      &cset->subsys[ssid]->cgroup->e_csets[ssid]);
++			      &css->cgroup->e_csets[ssid]);
++		css_get(css);
++	}
+ 
+ 	spin_unlock_bh(&css_set_lock);
+ 
+-- 
+2.5.0
+
diff --git a/0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch b/0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
deleted file mode 100644
index 7dab1ff5c..000000000
--- a/0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
-From: Peter Robinson <pbrobinson@gmail.com>
-Date: Sun, 1 Nov 2015 23:54:08 +0000
-Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
-
-Fix issue from two patches overlapping causing a kernel oops
-
-[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
-[ 3569.306272] pgd = dc894000
-[ 3569.309287] [00000088] *pgd=00000000
-[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
-[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
-[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
-[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
-[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
-[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
-[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
-[ 3569.417902] pc : [<bf0ab138>]    lr : [<c0739c54>]    psr: 600f0013
-[ 3569.417902] sp : dbaadf18  ip : 00000003  fp : 7f5d3bbe
-[ 3569.430014] r10: 00000000  r9 : 00000003  r8 : bef21ab8
-[ 3569.435535] r7 : dbbc0f7c  r6 : dbbc0f18  r5 : bef21ab8  r4 : 00000000
-[ 3569.442427] r3 : 00000000  r2 : 00000000  r1 : 8004570a  r0 : dbbc0f18
-[ 3569.449323] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
-[ 3569.456858] Control: 10c5387d  Table: 9c894019  DAC: 00000051
-[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
-[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
-[ 3569.473790] df00:                                                       bef21ab8 dbf60e38
-[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
-[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
-[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
-[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
-[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
-[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
-[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
-[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
-[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
-[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
-[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
-[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
-[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
-
-Cc: <stable@vger.kernel.org> # v4.2+
-Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
----
- drivers/watchdog/omap_wdt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
-index d96bee0..6f17c93 100644
---- a/drivers/watchdog/omap_wdt.c
-+++ b/drivers/watchdog/omap_wdt.c
-@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
- 
- static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
- {
--	struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
-+	struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
- 	void __iomem *base = wdev->base;
- 	u32 value;
- 
--- 
-2.5.0
-
diff --git a/config-arm64 b/config-arm64
index 9f1abd312..bf9c15ff8 100644
--- a/config-arm64
+++ b/config-arm64
@@ -31,6 +31,7 @@ CONFIG_ARM64_ERRATUM_824069=y
 CONFIG_ARM64_ERRATUM_819472=y
 CONFIG_ARM64_ERRATUM_832075=y
 CONFIG_ARM64_ERRATUM_843419=y
+CONFIG_ARM64_ERRATUM_834220=y
 CONFIG_CAVIUM_ERRATUM_22375=y
 CONFIG_CAVIUM_ERRATUM_23154=y
 
diff --git a/config-generic b/config-generic
index 0bccb4525..7f3115ebc 100644
--- a/config-generic
+++ b/config-generic
@@ -1792,13 +1792,13 @@ CONFIG_B43_PCMCIA=y
 CONFIG_B43_SDIO=y
 CONFIG_B43_BCMA=y
 CONFIG_B43_BCMA_PIO=y
-CONFIG_B43_DEBUG=y
+# CONFIG_B43_DEBUG is not set
 CONFIG_B43_PHY_LP=y
 CONFIG_B43_PHY_N=y
 CONFIG_B43_PHY_HT=y
 CONFIG_B43_PHY_G=y
 CONFIG_B43LEGACY=m
-CONFIG_B43LEGACY_DEBUG=y
+# CONFIG_B43LEGACY_DEBUG is not set
 CONFIG_B43LEGACY_DMA=y
 CONFIG_B43LEGACY_PIO=y
 CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
@@ -5039,7 +5039,7 @@ CONFIG_PM_DEBUG=y
 # CONFIG_DPM_WATCHDOG is not set # revisit this in debug
 CONFIG_PM_TRACE=y
 CONFIG_PM_TRACE_RTC=y
-CONFIG_PM_TEST_SUSPEND=y
+# CONFIG_PM_TEST_SUSPEND is not set
 # CONFIG_PM_OPP is not set
 # CONFIG_PM_AUTOSLEEP is not set
 # CONFIG_PM_WAKELOCKS is not set
diff --git a/config-nodebug b/config-nodebug
index 1b93255c0..65e8accd1 100644
--- a/config-nodebug
+++ b/config-nodebug
@@ -2,101 +2,101 @@ CONFIG_SND_VERBOSE_PRINTK=y
 CONFIG_SND_DEBUG=y
 CONFIG_SND_PCM_XRUN_DEBUG=y
 
-CONFIG_DEBUG_ATOMIC_SLEEP=y
-
-CONFIG_DEBUG_MUTEXES=y
-CONFIG_DEBUG_RT_MUTEXES=y
-CONFIG_DEBUG_LOCK_ALLOC=y
-CONFIG_LOCK_TORTURE_TEST=m
-CONFIG_PROVE_LOCKING=y
-CONFIG_DEBUG_SPINLOCK=y
-CONFIG_PROVE_RCU=y
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_PROVE_RCU is not set
 # CONFIG_PROVE_RCU_REPEATEDLY is not set
-CONFIG_DEBUG_PER_CPU_MAPS=y
+# CONFIG_DEBUG_PER_CPU_MAPS is not set
 CONFIG_CPUMASK_OFFSTACK=y
 
-CONFIG_CPU_NOTIFIER_ERROR_INJECT=m
+# CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set
 
-CONFIG_FAULT_INJECTION=y
-CONFIG_FAILSLAB=y
-CONFIG_FAIL_PAGE_ALLOC=y
-CONFIG_FAIL_MAKE_REQUEST=y
-CONFIG_FAULT_INJECTION_DEBUG_FS=y
-CONFIG_FAULT_INJECTION_STACKTRACE_FILTER=y
-CONFIG_FAIL_IO_TIMEOUT=y
-CONFIG_FAIL_MMC_REQUEST=y
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_FAILSLAB is not set
+# CONFIG_FAIL_PAGE_ALLOC is not set
+# CONFIG_FAIL_MAKE_REQUEST is not set
+# CONFIG_FAULT_INJECTION_DEBUG_FS is not set
+# CONFIG_FAULT_INJECTION_STACKTRACE_FILTER is not set
+# CONFIG_FAIL_IO_TIMEOUT is not set
+# CONFIG_FAIL_MMC_REQUEST is not set
 
-CONFIG_LOCK_STAT=y
+# CONFIG_LOCK_STAT is not set
 
-CONFIG_DEBUG_STACK_USAGE=y
+# CONFIG_DEBUG_STACK_USAGE is not set
 
-CONFIG_ACPI_DEBUG=y
+# CONFIG_ACPI_DEBUG is not set
 # CONFIG_ACPI_DEBUGGER is not set
 
-CONFIG_DEBUG_SG=y
-CONFIG_DEBUG_PI_LIST=y
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_PI_LIST is not set
 
 # CONFIG_PAGE_EXTENSION is not set
 # CONFIG_PAGE_OWNER is not set
 # CONFIG_DEBUG_PAGEALLOC is not set
 
-CONFIG_DEBUG_OBJECTS=y
+# CONFIG_DEBUG_OBJECTS is not set
 # CONFIG_DEBUG_OBJECTS_SELFTEST is not set
-CONFIG_DEBUG_OBJECTS_FREE=y
-CONFIG_DEBUG_OBJECTS_TIMERS=y
-CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
+# CONFIG_DEBUG_OBJECTS_FREE is not set
+# CONFIG_DEBUG_OBJECTS_TIMERS is not set
+# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
 CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
 
 CONFIG_X86_PTDUMP=y
-CONFIG_ARM64_PTDUMP=y
-CONFIG_EFI_PGT_DUMP=y
+# CONFIG_ARM64_PTDUMP is not set
+# CONFIG_EFI_PGT_DUMP is not set
 
-CONFIG_CAN_DEBUG_DEVICES=y
+# CONFIG_CAN_DEBUG_DEVICES is not set
 
-CONFIG_MODULE_FORCE_UNLOAD=y
+# CONFIG_MODULE_FORCE_UNLOAD is not set
 
 
-CONFIG_DEBUG_NOTIFIERS=y
+# CONFIG_DEBUG_NOTIFIERS is not set
 
-CONFIG_DMA_API_DEBUG=y
+# CONFIG_DMA_API_DEBUG is not set
 
-CONFIG_MMIOTRACE=y
+# CONFIG_MMIOTRACE is not set
 
-CONFIG_DEBUG_CREDENTIALS=y
+# CONFIG_DEBUG_CREDENTIALS is not set
 
 # off in both production debug and nodebug builds,
 #  on in rawhide nodebug builds
-CONFIG_DEBUG_FORCE_WEAK_PER_CPU=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
 
-CONFIG_EXT4_DEBUG=y
+# CONFIG_EXT4_DEBUG is not set
 
 # CONFIG_XFS_WARN is not set
 
-CONFIG_DEBUG_PERF_USE_VMALLOC=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
 
-CONFIG_JBD2_DEBUG=y
+# CONFIG_JBD2_DEBUG is not set
 
-CONFIG_NFSD_FAULT_INJECTION=y
+# CONFIG_NFSD_FAULT_INJECTION is not set
 
-CONFIG_DEBUG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
 
-CONFIG_DRBD_FAULT_INJECTION=y
+# CONFIG_DRBD_FAULT_INJECTION is not set
 
-CONFIG_ATH_DEBUG=y
-CONFIG_CARL9170_DEBUGFS=y
-CONFIG_IWLWIFI_DEVICE_TRACING=y
+# CONFIG_ATH_DEBUG is not set
+# CONFIG_CARL9170_DEBUGFS is not set
+# CONFIG_IWLWIFI_DEVICE_TRACING is not set
 
 # CONFIG_RTLWIFI_DEBUG is not set
 
-CONFIG_DEBUG_OBJECTS_WORK=y
+# CONFIG_DEBUG_OBJECTS_WORK is not set
 
-CONFIG_DMADEVICES_DEBUG=y
+# CONFIG_DMADEVICES_DEBUG is not set
 # CONFIG_DMADEVICES_VDEBUG is not set
 
 CONFIG_PM_ADVANCED_DEBUG=y
 
-CONFIG_CEPH_LIB_PRETTYDEBUG=y
-CONFIG_QUOTA_DEBUG=y
+# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
+# CONFIG_QUOTA_DEBUG is not set
 
 
 CONFIG_KGDB_KDB=y
@@ -104,18 +104,18 @@ CONFIG_KDB_DEFAULT_ENABLE=0x0
 CONFIG_KDB_KEYBOARD=y
 CONFIG_KDB_CONTINUE_CATASTROPHIC=0
 
-CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER=y
+# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
 # CONFIG_PERCPU_TEST is not set
-CONFIG_TEST_LIST_SORT=y
+# CONFIG_TEST_LIST_SORT is not set
 # CONFIG_TEST_STRING_HELPERS is not set
 
-CONFIG_DETECT_HUNG_TASK=y
+# CONFIG_DETECT_HUNG_TASK is not set
 CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
 # CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
 
-CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
+# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set
 
-CONFIG_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
 CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=1024
 # CONFIG_DEBUG_KMEMLEAK_TEST is not set
 CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
@@ -126,4 +126,4 @@ CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
 
 # CONFIG_SPI_DEBUG is not set
 
-CONFIG_X86_DEBUG_STATIC_CPU_HAS=y
+# CONFIG_X86_DEBUG_STATIC_CPU_HAS is not set
diff --git a/config-x86-generic b/config-x86-generic
index dff8775a6..cc67788a6 100644
--- a/config-x86-generic
+++ b/config-x86-generic
@@ -365,7 +365,7 @@ CONFIG_SP5100_TCO=m
 
 # CONFIG_MEMTEST is not set
 # CONFIG_DEBUG_TLBFLUSH is not set
-CONFIG_MAXSMP=y
+# CONFIG_MAXSMP is not set
 
 
 CONFIG_HP_ILO=m
diff --git a/kernel.spec b/kernel.spec
index 7f39a9c4a..8e9ce1fbb 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -65,9 +65,9 @@ Summary: The Linux kernel
 # The next upstream release sublevel (base_sublevel+1)
 %define upstream_sublevel %(echo $((%{base_sublevel} + 1)))
 # The rc snapshot level
-%define rcrev 2
+%define rcrev 3
 # The git snapshot level
-%define gitrev 2
+%define gitrev 0
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -122,7 +122,7 @@ Summary: The Linux kernel
 # Set debugbuildsenabled to 1 for production (build separate debug kernels)
 #  and 0 for rawhide (all kernels are debug kernels).
 # See also 'make debug' and 'make release'.
-%define debugbuildsenabled 0
+%define debugbuildsenabled 1
 
 # Want to build a vanilla kernel build without any non-upstream patches?
 %define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0}
@@ -502,8 +502,6 @@ Patch456: arm64-acpi-drop-expert-patch.patch
 
 Patch457: ARM-tegra-usb-no-reset.patch
 
-Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
-
 Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
 
 Patch463: arm-i.MX6-Utilite-device-dtb.patch
@@ -590,6 +588,9 @@ Patch510: 0001-iwlwifi-Add-new-PCI-IDs-for-the-8260-series.patch
 #CVE-2015-7990 rhbz 1276437 1276438
 Patch511: RDS-fix-race-condition-when-sending-a-message-on-unb.patch
 
+#rhbz 1282706
+Patch512: 0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2033,6 +2034,11 @@ fi
 #
 # 
 %changelog
+* Mon Nov 30 2015 Laura Abbott <labbott@redhat.com> - 4.4.0-0.rc3.git0.1
+- Linux v4.4-rc3
+- Fix for cgroup use after free (rhbz 1282706)
+- Disable debugging options.
+
 * Wed Nov 25 2015 Laura Abbott <labbott@redhat.com> - 4.4.0-0.rc2.git2.1
 - Linux v4.4-rc2-44-g6ffeba9
 
diff --git a/sources b/sources
index 9ad241408..4290552ba 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,3 @@
 58b35794eee3b6d52ce7be39357801e7  linux-4.3.tar.xz
 7c516c9528b9f9aac0136944b0200b7e  perf-man-4.3.tar.gz
-db11195bab1230374cd0ecc8e8ed1420  patch-4.4-rc2.xz
-665dad96bdc1793bf80c2ca671fa9c67  patch-4.4-rc2-git2.xz
+83b0e08492978a49c4b176646c6345b5  patch-4.4-rc3.xz