--- /dev/null
+From 067785c40e52089993757afa28988c05f3cb2694 Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <piastry@etersoft.ru>
+Date: Wed, 6 Mar 2013 19:38:36 +0400
+Subject: CIFS: Fix missing of oplock_read value in smb30_values structure
+
+From: Pavel Shilovsky <piastry@etersoft.ru>
+
+commit 067785c40e52089993757afa28988c05f3cb2694 upstream.
+
+Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
+Signed-off-by: Steve French <sfrench@us.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2ops.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -744,4 +744,5 @@ struct smb_version_values smb30_values =
+ .cap_unix = 0,
+ .cap_nt_find = SMB2_NT_FIND,
+ .cap_large_files = SMB2_LARGE_FILES,
++ .oplock_read = SMB2_OPLOCK_LEVEL_II,
+ };
--- /dev/null
+From 4e0855dff094b0d56d6b5b271e0ce7851cc1e063 Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov@openvz.org>
+Date: Tue, 5 Mar 2013 09:42:59 +0000
+Subject: e1000e: fix pci-device enable-counter balance
+
+From: Konstantin Khlebnikov <khlebnikov@openvz.org>
+
+commit 4e0855dff094b0d56d6b5b271e0ce7851cc1e063 upstream.
+
+This patch removes redundant and unbalanced pci_disable_device() from
+__e1000_shutdown(). pci_clear_master() is enough, device can go into
+suspended state with elevated enable_cnt.
+
+Bug was introduced in commit 23606cf5d1192c2b17912cb2ef6e62f9b11de133
+("e1000e / PCI / PM: Add basic runtime PM support (rev. 4)") in v2.6.35
+
+Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
+Cc: Bruce Allan <bruce.w.allan@intel.com>
+Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Tested-by: Borislav Petkov <bp@suse.de>
+Tested-by: Aaron Brown <aaron.f.brown@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/intel/e1000e/netdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/intel/e1000e/netdev.c
++++ b/drivers/net/ethernet/intel/e1000e/netdev.c
+@@ -5549,7 +5549,7 @@ static int __e1000_shutdown(struct pci_d
+ */
+ e1000e_release_hw_control(adapter);
+
+- pci_disable_device(pdev);
++ pci_clear_master(pdev);
+
+ return 0;
+ }
--- /dev/null
+From feff5dc4f98330d8152b521acc2e18c16712e6c8 Mon Sep 17 00:00:00 2001
+From: Matt Fleming <matt.fleming@intel.com>
+Date: Tue, 5 Mar 2013 12:46:30 +0000
+Subject: efivarfs: return accurate error code in efivarfs_fill_super()
+
+From: Matt Fleming <matt.fleming@intel.com>
+
+commit feff5dc4f98330d8152b521acc2e18c16712e6c8 upstream.
+
+Joseph was hitting a failure case when mounting efivarfs which
+resulted in an incorrect error message,
+
+ $ sudo mount -v /sys/firmware/efi/efivars mount: Cannot allocate memory
+
+triggered when efivarfs_valid_name() returned -EINVAL.
+
+Make sure we pass accurate return values up the stack if
+efivarfs_fill_super() fails to build inodes for EFI variables.
+
+Reported-by: Joseph Yasi <joe.yasi@gmail.com>
+Reported-by: Lingzhu Xiang <lxiang@redhat.com>
+Cc: Josh Boyer <jwboyer@redhat.com>
+Cc: Jeremy Kerr <jk@ozlabs.org>
+Cc: Matthew Garrett <mjg59@srcf.ucam.org>
+Signed-off-by: Matt Fleming <matt.fleming@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/efivars.c | 20 +++++++++++++++-----
+ 1 file changed, 15 insertions(+), 5 deletions(-)
+
+--- a/drivers/firmware/efivars.c
++++ b/drivers/firmware/efivars.c
+@@ -1110,15 +1110,22 @@ static struct dentry_operations efivarfs
+
+ static struct dentry *efivarfs_alloc_dentry(struct dentry *parent, char *name)
+ {
++ struct dentry *d;
+ struct qstr q;
++ int err;
+
+ q.name = name;
+ q.len = strlen(name);
+
+- if (efivarfs_d_hash(NULL, NULL, &q))
+- return NULL;
++ err = efivarfs_d_hash(NULL, NULL, &q);
++ if (err)
++ return ERR_PTR(err);
++
++ d = d_alloc(parent, &q);
++ if (d)
++ return d;
+
+- return d_alloc(parent, &q);
++ return ERR_PTR(-ENOMEM);
+ }
+
+ static int efivarfs_fill_super(struct super_block *sb, void *data, int silent)
+@@ -1128,6 +1135,7 @@ static int efivarfs_fill_super(struct su
+ struct efivar_entry *entry, *n;
+ struct efivars *efivars = &__efivars;
+ char *name;
++ int err = -ENOMEM;
+
+ efivarfs_sb = sb;
+
+@@ -1178,8 +1186,10 @@ static int efivarfs_fill_super(struct su
+ goto fail_name;
+
+ dentry = efivarfs_alloc_dentry(root, name);
+- if (!dentry)
++ if (IS_ERR(dentry)) {
++ err = PTR_ERR(dentry);
+ goto fail_inode;
++ }
+
+ /* copied by the above to local storage in the dentry. */
+ kfree(name);
+@@ -1206,7 +1216,7 @@ fail_inode:
+ fail_name:
+ kfree(name);
+ fail:
+- return -ENOMEM;
++ return err;
+ }
+
+ static struct dentry *efivarfs_mount(struct file_system_type *fs_type,
--- /dev/null
+From 123abd76edf56c02a76b46d3d673897177ef067b Mon Sep 17 00:00:00 2001
+From: Matt Fleming <matt.fleming@intel.com>
+Date: Tue, 5 Mar 2013 07:40:16 +0000
+Subject: efivars: efivarfs_valid_name() should handle pstore syntax
+
+From: Matt Fleming <matt.fleming@intel.com>
+
+commit 123abd76edf56c02a76b46d3d673897177ef067b upstream.
+
+Stricter validation was introduced with commit da27a24383b2b
+("efivarfs: guid part of filenames are case-insensitive") and commit
+47f531e8ba3b ("efivarfs: Validate filenames much more aggressively"),
+which is necessary for the guid portion of efivarfs filenames, but we
+don't need to be so strict with the first part, the variable name. The
+UEFI specification doesn't impose any constraints on variable names
+other than they be a NULL-terminated string.
+
+The above commits caused a regression that resulted in users seeing
+the following message,
+
+ $ sudo mount -v /sys/firmware/efi/efivars mount: Cannot allocate memory
+
+whenever pstore EFI variables were present in the variable store,
+since their variable names failed to pass the following check,
+
+ /* GUID should be right after the first '-' */
+ if (s - 1 != strchr(str, '-'))
+
+as a typical pstore filename is of the form, dump-type0-10-1-<guid>.
+The fix is trivial since the guid portion of the filename is GUID_LEN
+bytes, we can use (len - GUID_LEN) to ensure the '-' character is
+where we expect it to be.
+
+(The bogus ENOMEM error value will be fixed in a separate patch.)
+
+Reported-by: Joseph Yasi <joe.yasi@gmail.com>
+Tested-by: Joseph Yasi <joe.yasi@gmail.com>
+Reported-by: Lingzhu Xiang <lxiang@redhat.com>
+Cc: Josh Boyer <jwboyer@redhat.com>
+Cc: Jeremy Kerr <jk@ozlabs.org>
+Cc: Matthew Garrett <mjg59@srcf.ucam.org>
+Signed-off-by: Matt Fleming <matt.fleming@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/efivars.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/firmware/efivars.c
++++ b/drivers/firmware/efivars.c
+@@ -921,8 +921,8 @@ static bool efivarfs_valid_name(const ch
+ if (len < GUID_LEN + 2)
+ return false;
+
+- /* GUID should be right after the first '-' */
+- if (s - 1 != strchr(str, '-'))
++ /* GUID must be preceded by a '-' */
++ if (*(s - 1) != '-')
+ return false;
+
+ /*
--- /dev/null
+From 499218595a2e8296b7492af32fcca141b7b8184a Mon Sep 17 00:00:00 2001
+From: Ben Greear <greearb@candelatech.com>
+Date: Wed, 20 Feb 2013 09:41:09 -0800
+Subject: mac80211: Fix crash due to un-canceled work-items
+
+From: Ben Greear <greearb@candelatech.com>
+
+commit 499218595a2e8296b7492af32fcca141b7b8184a upstream.
+
+Some mlme work structs are not cancelled on disassociation
+nor interface deletion, which leads to them running after
+the memory has been freed
+
+There is not a clean way to cancel these in the disassociation
+logic because they must be canceled outside of the ifmgd->mtx
+lock, so just cancel them in mgd_stop logic that tears down
+the station.
+
+This fixes the crashes we see in 3.7.9+. The crash stack
+trace itself isn't so helpful, but this warning gives
+more useful info:
+
+WARNING: at /home/greearb/git/linux-3.7.dev.y/lib/debugobjects.c:261 debug_print_object+0x7c/0x8d()
+ODEBUG: free active (active state 0) object type: work_struct hint: ieee80211_sta_monitor_work+0x0/0x14 [mac80211]
+Modules linked in: [...]
+Pid: 14743, comm: iw Tainted: G C O 3.7.9+ #11
+Call Trace:
+ [<ffffffff81087ef8>] warn_slowpath_common+0x80/0x98
+ [<ffffffff81087fa4>] warn_slowpath_fmt+0x41/0x43
+ [<ffffffff812a2608>] debug_print_object+0x7c/0x8d
+ [<ffffffff812a2bca>] debug_check_no_obj_freed+0x95/0x1c3
+ [<ffffffff8114cc69>] slab_free_hook+0x70/0x79
+ [<ffffffff8114ea3e>] kfree+0x62/0xb7
+ [<ffffffff8149f465>] netdev_release+0x39/0x3e
+ [<ffffffff8136ad67>] device_release+0x52/0x8a
+ [<ffffffff812937db>] kobject_release+0x121/0x158
+ [<ffffffff81293612>] kobject_put+0x4c/0x50
+ [<ffffffff8148f0d7>] netdev_run_todo+0x25c/0x27e
+
+Signed-off-by: Ben Greear <greearb@candelatech.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/mlme.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -4072,6 +4072,17 @@ void ieee80211_mgd_stop(struct ieee80211
+ {
+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
+
++ /*
++ * Make sure some work items will not run after this,
++ * they will not do anything but might not have been
++ * cancelled when disconnecting.
++ */
++ cancel_work_sync(&ifmgd->monitor_work);
++ cancel_work_sync(&ifmgd->beacon_connection_loss_work);
++ cancel_work_sync(&ifmgd->request_smps_work);
++ cancel_work_sync(&ifmgd->csa_connection_drop_work);
++ cancel_work_sync(&ifmgd->chswitch_work);
++
+ mutex_lock(&ifmgd->mtx);
+ if (ifmgd->assoc_data)
+ ieee80211_destroy_assoc_data(sdata, false);
--- /dev/null
+From 5ca3957510b9fc2a14d3647db518014842f9a2b4 Mon Sep 17 00:00:00 2001
+From: Hillf Danton <dhillf@gmail.com>
+Date: Fri, 8 Mar 2013 12:43:28 -0800
+Subject: mm/mempolicy.c: fix wrong sp_node insertion
+
+From: Hillf Danton <dhillf@gmail.com>
+
+commit 5ca3957510b9fc2a14d3647db518014842f9a2b4 upstream.
+
+n->end is accessed in sp_insert(). Thus it should be update
+before calling sp_insert(). This mistake may make kernel panic.
+
+Signed-off-by: Hillf Danton <dhillf@gmail.com>
+Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Cc: Sasha Levin <sasha.levin@oracle.com>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: Mel Gorman <mgorman@suse.de>
+Cc: Dave Jones <davej@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/mempolicy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -2386,8 +2386,8 @@ restart:
+ *mpol_new = *n->policy;
+ atomic_set(&mpol_new->refcnt, 1);
+ sp_node_init(n_new, n->end, end, mpol_new);
+- sp_insert(sp, n_new);
+ n->end = start;
++ sp_insert(sp, n_new);
+ n_new = NULL;
+ mpol_new = NULL;
+ break;
proc-use-nd_jump_link-in-proc_ns_follow_link.patch
tile-work-around-bug-in-the-generic-sys_llseek.patch
random-fix-locking-dependency-with-the-tasklist_lock.patch
+mm-mempolicy.c-fix-wrong-sp_node-insertion.patch
+cifs-fix-missing-of-oplock_read-value-in-smb30_values-structure.patch
+mac80211-fix-crash-due-to-un-canceled-work-items.patch
+e1000e-fix-pci-device-enable-counter-balance.patch
+tg3-update-link_up-flag-for-phylib-devices.patch
+efivars-efivarfs_valid_name-should-handle-pstore-syntax.patch
+efivarfs-return-accurate-error-code-in-efivarfs_fill_super.patch
+userns-stop-oopsing-in-key_change_session_keyring.patch
--- /dev/null
+From 84421b99cedc3443e76d2a594f3c815d5cb9a8e1 Mon Sep 17 00:00:00 2001
+From: Nithin Sujir <nsujir@broadcom.com>
+Date: Fri, 8 Mar 2013 08:01:24 +0000
+Subject: tg3: Update link_up flag for phylib devices
+
+From: Nithin Sujir <nsujir@broadcom.com>
+
+commit 84421b99cedc3443e76d2a594f3c815d5cb9a8e1 upstream.
+
+Commit f4a46d1f46a8fece34edd2023e054072b02e110d introduced a bug where
+the ifconfig stats would remain 0 for phylib devices. This is due to
+tp->link_up flag never becoming true causing tg3_periodic_fetch_stats()
+to return.
+
+The link_up flag was being updated in tg3_test_and_report_link_chg()
+after setting up the phy. This function however, is not called for
+phylib devices since the driver does not do the phy setup.
+
+This patch moves the link_up flag update into the common
+tg3_link_report() function that gets called for phylib devices as well
+for non phylib devices when the link state changes.
+
+To avoid updating link_up twice, we replace tg3_carrier_...() calls that
+are followed by tg3_link_report(), with netif_carrier_...(). We can then
+remove the unused tg3_carrier_on() function.
+
+Reported-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
+Signed-off-by: Nithin Nayak Sujir <nsujir@broadcom.com>
+Signed-off-by: Michael Chan <mchan@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/broadcom/tg3.c | 14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/tg3.c
++++ b/drivers/net/ethernet/broadcom/tg3.c
+@@ -1843,6 +1843,8 @@ static void tg3_link_report(struct tg3 *
+
+ tg3_ump_link_report(tp);
+ }
++
++ tp->link_up = netif_carrier_ok(tp->dev);
+ }
+
+ static u16 tg3_advert_flowctrl_1000X(u8 flow_ctrl)
+@@ -2496,12 +2498,6 @@ static int tg3_phy_reset_5703_4_5(struct
+ return err;
+ }
+
+-static void tg3_carrier_on(struct tg3 *tp)
+-{
+- netif_carrier_on(tp->dev);
+- tp->link_up = true;
+-}
+-
+ static void tg3_carrier_off(struct tg3 *tp)
+ {
+ netif_carrier_off(tp->dev);
+@@ -2527,7 +2523,7 @@ static int tg3_phy_reset(struct tg3 *tp)
+ return -EBUSY;
+
+ if (netif_running(tp->dev) && tp->link_up) {
+- tg3_carrier_off(tp);
++ netif_carrier_off(tp->dev);
+ tg3_link_report(tp);
+ }
+
+@@ -4225,9 +4221,9 @@ static bool tg3_test_and_report_link_chg
+ {
+ if (curr_link_up != tp->link_up) {
+ if (curr_link_up) {
+- tg3_carrier_on(tp);
++ netif_carrier_on(tp->dev);
+ } else {
+- tg3_carrier_off(tp);
++ netif_carrier_off(tp->dev);
+ if (tp->phy_flags & TG3_PHYFLG_MII_SERDES)
+ tp->phy_flags &= ~TG3_PHYFLG_PARALLEL_DETECT;
+ }
--- /dev/null
+From ba0e3427b03c3d1550239779eca5c1c5a53a2152 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Sat, 2 Mar 2013 19:14:03 -0800
+Subject: userns: Stop oopsing in key_change_session_keyring
+
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+
+commit ba0e3427b03c3d1550239779eca5c1c5a53a2152 upstream.
+
+Dave Jones <davej@redhat.com> writes:
+> Just hit this on Linus' current tree.
+>
+> [ 89.621770] BUG: unable to handle kernel NULL pointer dereference at 00000000000000c8
+> [ 89.623111] IP: [<ffffffff810784b0>] commit_creds+0x250/0x2f0
+> [ 89.624062] PGD 122bfd067 PUD 122bfe067 PMD 0
+> [ 89.624901] Oops: 0000 [#1] PREEMPT SMP
+> [ 89.625678] Modules linked in: caif_socket caif netrom bridge hidp 8021q garp stp mrp rose llc2 af_rxrpc phonet af_key binfmt_misc bnep l2tp_ppp can_bcm l2tp_core pppoe pppox can_raw scsi_transport_iscsi ppp_generic slhc nfnetlink can ipt_ULOG ax25 decnet irda nfc rds x25 crc_ccitt appletalk atm ipx p8023 psnap p8022 llc lockd sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack ip6table_filter ip6_tables btusb bluetooth snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_pcm vhost_net snd_page_alloc snd_timer tun macvtap usb_debug snd rfkill microcode macvlan edac_core pcspkr serio_raw kvm_amd soundcore kvm r8169 mii
+> [ 89.637846] CPU 2
+> [ 89.638175] Pid: 782, comm: trinity-main Not tainted 3.8.0+ #63 Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H
+> [ 89.639850] RIP: 0010:[<ffffffff810784b0>] [<ffffffff810784b0>] commit_creds+0x250/0x2f0
+> [ 89.641161] RSP: 0018:ffff880115657eb8 EFLAGS: 00010207
+> [ 89.641984] RAX: 00000000000003e8 RBX: ffff88012688b000 RCX: 0000000000000000
+> [ 89.643069] RDX: 0000000000000000 RSI: ffffffff81c32960 RDI: ffff880105839600
+> [ 89.644167] RBP: ffff880115657ed8 R08: 0000000000000000 R09: 0000000000000000
+> [ 89.645254] R10: 0000000000000001 R11: 0000000000000246 R12: ffff880105839600
+> [ 89.646340] R13: ffff88011beea490 R14: ffff88011beea490 R15: 0000000000000000
+> [ 89.647431] FS: 00007f3ac063b740(0000) GS:ffff88012b200000(0000) knlGS:0000000000000000
+> [ 89.648660] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+> [ 89.649548] CR2: 00000000000000c8 CR3: 0000000122bfc000 CR4: 00000000000007e0
+> [ 89.650635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+> [ 89.651723] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+> [ 89.652812] Process trinity-main (pid: 782, threadinfo ffff880115656000, task ffff88011beea490)
+> [ 89.654128] Stack:
+> [ 89.654433] 0000000000000000 ffff8801058396a0 ffff880105839600 ffff88011beeaa78
+> [ 89.655769] ffff880115657ef8 ffffffff812c7d9b ffffffff82079be0 0000000000000000
+> [ 89.657073] ffff880115657f28 ffffffff8106c665 0000000000000002 ffff880115657f58
+> [ 89.658399] Call Trace:
+> [ 89.658822] [<ffffffff812c7d9b>] key_change_session_keyring+0xfb/0x140
+> [ 89.659845] [<ffffffff8106c665>] task_work_run+0xa5/0xd0
+> [ 89.660698] [<ffffffff81002911>] do_notify_resume+0x71/0xb0
+> [ 89.661581] [<ffffffff816c9a4a>] int_signal+0x12/0x17
+> [ 89.662385] Code: 24 90 00 00 00 48 8b b3 90 00 00 00 49 8b 4c 24 40 48 39 f2 75 08 e9 83 00 00 00 48 89 ca 48 81 fa 60 29 c3 81 0f 84 41 fe ff ff <48> 8b 8a c8 00 00 00 48 39 ce 75 e4 3b 82 d0 00 00 00 0f 84 4b
+> [ 89.667778] RIP [<ffffffff810784b0>] commit_creds+0x250/0x2f0
+> [ 89.668733] RSP <ffff880115657eb8>
+> [ 89.669301] CR2: 00000000000000c8
+>
+> My fastest trinity induced oops yet!
+>
+>
+> Appears to be..
+>
+> if ((set_ns == subset_ns->parent) &&
+> 850: 48 8b 8a c8 00 00 00 mov 0xc8(%rdx),%rcx
+>
+> from the inlined cred_cap_issubset
+
+By historical accident we have been reading trying to set new->user_ns
+from new->user_ns. Which is totally silly as new->user_ns is NULL (as
+is every other field in new except session_keyring at that point).
+
+The intent is clearly to copy all of the fields from old to new so copy
+old->user_ns into into new->user_ns.
+
+Reported-by: Dave Jones <davej@redhat.com>
+Tested-by: Dave Jones <davej@redhat.com>
+Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/process_keys.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/keys/process_keys.c
++++ b/security/keys/process_keys.c
+@@ -839,7 +839,7 @@ void key_change_session_keyring(struct c
+ new-> sgid = old-> sgid;
+ new->fsgid = old->fsgid;
+ new->user = get_uid(old->user);
+- new->user_ns = get_user_ns(new->user_ns);
++ new->user_ns = get_user_ns(old->user_ns);
+ new->group_info = get_group_info(old->group_info);
+
+ new->securebits = old->securebits;
projects / thirdparty / kernel / stable-queue.git / commitdiff
