Linux v4.4-rc4-48-gaa53685

4 files changed, 17 insertions, 109 deletions

diff --git a/0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch b/0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch
deleted file mode 100644
index f6d32220c..000000000
--- a/0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From befa45e320edbded63b6900c4ba63df7a8db445c Mon Sep 17 00:00:00 2001
-From: Tejun Heo <tj@kernel.org>
-Date: Mon, 23 Nov 2015 14:55:41 -0500
-Subject: [PATCH] cgroup: make css_set pin its css's to avoid use-afer-free
-
-A css_set represents the relationship between a set of tasks and
-css's.  css_set never pinned the associated css's.  This was okay
-because tasks used to always disassociate immediately (in RCU sense) -
-either a task is moved to a different css_set or exits and never
-accesses css_set again.
-
-Unfortunately, afcf6c8b7544 ("cgroup: add cgroup_subsys->free() method
-and use it to fix pids controller") and patches leading up to it made
-a zombie hold onto its css_set and deref the associated css's on its
-release.  Nothing pins the css's after exit and it might have already
-been freed leading to use-after-free.
-
- general protection fault: 0000 [#1] PREEMPT SMP
- task: ffffffff81bf2500 ti: ffffffff81be4000 task.ti: ffffffff81be4000
- RIP: 0010:[<ffffffff810fa205>]  [<ffffffff810fa205>] pids_cancel.constprop.4+0x5/0x40
- ...
- Call Trace:
-  <IRQ>
-  [<ffffffff810fb02d>] ? pids_free+0x3d/0xa0
-  [<ffffffff810f8893>] cgroup_free+0x53/0xe0
-  [<ffffffff8104ed62>] __put_task_struct+0x42/0x130
-  [<ffffffff81053557>] delayed_put_task_struct+0x77/0x130
-  [<ffffffff810c6b34>] rcu_process_callbacks+0x2f4/0x820
-  [<ffffffff810c6af3>] ? rcu_process_callbacks+0x2b3/0x820
-  [<ffffffff81056e54>] __do_softirq+0xd4/0x460
-  [<ffffffff81057369>] irq_exit+0x89/0xa0
-  [<ffffffff81876212>] smp_apic_timer_interrupt+0x42/0x50
-  [<ffffffff818747f4>] apic_timer_interrupt+0x84/0x90
-  <EOI>
- ...
- Code: 5b 5d c3 48 89 df 48 c7 c2 c9 f9 ae 81 48 c7 c6 91 2c ae 81 e8 1d 94 0e 00 31 c0 5b 5d c3 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <f0> 48 83 87 e0 00 00 00 ff 78 01 c3 80 3d 08 7a c1 00 00 74 02
- RIP  [<ffffffff810fa205>] pids_cancel.constprop.4+0x5/0x40
-  RSP <ffff88001fc03e20>
- ---[ end trace 89a4a4b916b90c49 ]---
- Kernel panic - not syncing: Fatal exception in interrupt
- Kernel Offset: disabled
- ---[ end Kernel panic - not syncing: Fatal exception in interrupt
-
-Fix it by making css_set pin the associate css's until its release.
-
-Signed-off-by: Tejun Heo <tj@kernel.org>
-Reported-by: Dave Jones <davej@codemonkey.org.uk>
-Reported-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
-Link: http://lkml.kernel.org/g/20151120041836.GA18390@codemonkey.org.uk
-Link: http://lkml.kernel.org/g/5652D448.3080002@bmw-carit.de
-Fixes: afcf6c8b7544 ("cgroup: add cgroup_subsys->free() method and use it to fix pids controller")
----
- kernel/cgroup.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index f1603c1..17773d6 100644
---- a/kernel/cgroup.c
-+++ b/kernel/cgroup.c
-@@ -754,9 +754,11 @@ static void put_css_set_locked(struct css_set *cset)
- 	if (!atomic_dec_and_test(&cset->refcount))
- 		return;
- 
--	/* This css_set is dead. unlink it and release cgroup refcounts */
--	for_each_subsys(ss, ssid)
-+	/* This css_set is dead. unlink it and release cgroup and css refs */
-+	for_each_subsys(ss, ssid) {
- 		list_del(&cset->e_cset_node[ssid]);
-+		css_put(cset->subsys[ssid]);
-+	}
- 	hash_del(&cset->hlist);
- 	css_set_count--;
- 
-@@ -1056,9 +1058,13 @@ static struct css_set *find_css_set(struct css_set *old_cset,
- 	key = css_set_hash(cset->subsys);
- 	hash_add(css_set_table, &cset->hlist, key);
- 
--	for_each_subsys(ss, ssid)
-+	for_each_subsys(ss, ssid) {
-+		struct cgroup_subsys_state *css = cset->subsys[ssid];
-+
- 		list_add_tail(&cset->e_cset_node[ssid],
--			      &cset->subsys[ssid]->cgroup->e_csets[ssid]);
-+			      &css->cgroup->e_csets[ssid]);
-+		css_get(css);
-+	}
- 
- 	spin_unlock_bh(&css_set_lock);
- 
--- 
-2.5.0
-
diff --git a/gitrev b/gitrev
index 1be57f253..e85ae3e49 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-62ea1ec5e17fe36e2c728bc534f9f78b216dfe83
+aa53685549a2cfb5f175b0c4a20bc9aa1e5a1b85
diff --git a/kbuild-AFTER_LINK.patch b/kbuild-AFTER_LINK.patch
index 7a18fd241..805b6eef8 100644
--- a/kbuild-AFTER_LINK.patch
+++ b/kbuild-AFTER_LINK.patch
@@ -1,4 +1,4 @@
-From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
+From a9488dbeccf188f0bd83b9d5704892f2c0f97fdc Mon Sep 17 00:00:00 2001
 From: Roland McGrath <roland@redhat.com>
 Date: Mon, 6 Oct 2008 23:03:03 -0700
 Subject: [PATCH] kbuild: AFTER_LINK
@@ -21,10 +21,10 @@ Signed-off-by: Roland McGrath <roland@redhat.com>
  7 files changed, 17 insertions(+), 7 deletions(-)
 
 diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
-index f6fe17d88da5..eb6ddbf37f30 100644
+index b467fd0..feeff5e 100644
 --- a/arch/arm64/kernel/vdso/Makefile
 +++ b/arch/arm64/kernel/vdso/Makefile
-@@ -52,7 +52,8 @@ $(obj-vdso): %.o: %.S FORCE
+@@ -55,7 +55,8 @@ $(obj-vdso): %.o: %.S FORCE
  
  # Actual build commands
  quiet_cmd_vdsold = VDSOL   $@
@@ -35,7 +35,7 @@ index f6fe17d88da5..eb6ddbf37f30 100644
        cmd_vdsoas = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/powerpc/kernel/vdso32/Makefile b/arch/powerpc/kernel/vdso32/Makefile
-index 53e6c9b979ec..e427844e9bb0 100644
+index 6abffb7..7b103bb 100644
 --- a/arch/powerpc/kernel/vdso32/Makefile
 +++ b/arch/powerpc/kernel/vdso32/Makefile
 @@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@@ -49,7 +49,7 @@ index 53e6c9b979ec..e427844e9bb0 100644
        cmd_vdso32as = $(CROSS32CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/powerpc/kernel/vdso64/Makefile b/arch/powerpc/kernel/vdso64/Makefile
-index effca9404b17..713891a92d23 100644
+index 8c8f2ae..a743ebe 100644
 --- a/arch/powerpc/kernel/vdso64/Makefile
 +++ b/arch/powerpc/kernel/vdso64/Makefile
 @@ -36,7 +36,8 @@ $(obj-vdso64): %.o: %.S
@@ -63,7 +63,7 @@ index effca9404b17..713891a92d23 100644
        cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
-index ee8a18e50a25..63e33fa049f8 100644
+index ee8a18e..63e33fa 100644
 --- a/arch/s390/kernel/vdso32/Makefile
 +++ b/arch/s390/kernel/vdso32/Makefile
 @@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@@ -77,7 +77,7 @@ index ee8a18e50a25..63e33fa049f8 100644
        cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
-index c4b03f9ed228..550450fc2f95 100644
+index c4b03f9..550450f 100644
 --- a/arch/s390/kernel/vdso64/Makefile
 +++ b/arch/s390/kernel/vdso64/Makefile
 @@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
@@ -91,10 +91,10 @@ index c4b03f9ed228..550450fc2f95 100644
        cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
-index a3d0767a6b29..078c9be1db8f 100644
+index 265c0ed..fd90c7d 100644
 --- a/arch/x86/entry/vdso/Makefile
 +++ b/arch/x86/entry/vdso/Makefile
-@@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
+@@ -159,8 +159,9 @@ $(obj)/vdso32.so.dbg: FORCE \
  quiet_cmd_vdso = VDSO    $@
        cmd_vdso = $(CC) -nostdlib -o $@ \
  		       $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
@@ -107,11 +107,11 @@ index a3d0767a6b29..078c9be1db8f 100644
  VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
  	$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
 diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
-index 1a10d8ac8162..092d0c0cf72c 100755
+index dacf71a..72cbefd 100755
 --- a/scripts/link-vmlinux.sh
 +++ b/scripts/link-vmlinux.sh
 @@ -65,6 +65,10 @@ vmlinux_link()
- 			-lutil ${1}
+ 			-lutil -lrt ${1}
  		rm -f linux
  	fi
 +	if [ -n "${AFTER_LINK}" ]; then
@@ -122,5 +122,5 @@ index 1a10d8ac8162..092d0c0cf72c 100755
  
  
 -- 
-2.4.3
+2.5.0
 
diff --git a/kernel.spec b/kernel.spec
index f0b6fc175..1c68f51f5 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -67,7 +67,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 4
 # The git snapshot level
-%define gitrev 1
+%define gitrev 2
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@@ -582,9 +582,6 @@ Patch503: drm-i915-turn-off-wc-mmaps.patch
 
 Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
 
-#rhbz 1282706
-Patch512: 0001-cgroup-make-css_set-pin-its-css-s-to-avoid-use-afer-.patch
-
 #CVE-2015-7833 rhbz 1270158 1270160
 Patch567: usbvision-fix-crash-on-detecting-device-with-invalid.patch
 
@@ -2037,6 +2034,9 @@ fi
 #
 # 
 %changelog
+* Wed Dec 09 2015 Laura Abbott <labbott@redhat.com> - 4.4.0-0.rc4.git2.1
+- Linux v4.4-rc4-48-gaa53685
+
 * Tue Dec 08 2015 Laura Abbott <labbott@redhat.com> - 4.4.0-0.rc4.git1.1
 - Linux v4.4-rc4-16-g62ea1ec
 - Reenable debugging options.