From 69c5fe3feeb81533bb89ff33d2783113648701d3 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 12 Nov 2014 08:49:50 +0900
Subject: [PATCH] 3.14-stable patches

added patches:
	sched-use-rq-rd-in-sched_setaffinity-under-rcu-read-lock.patch
---
 ...ched_setaffinity-under-rcu-read-lock.patch | 44 +++++++++++++++++++
 queue-3.14/series                             |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 queue-3.14/sched-use-rq-rd-in-sched_setaffinity-under-rcu-read-lock.patch

diff --git a/queue-3.14/sched-use-rq-rd-in-sched_setaffinity-under-rcu-read-lock.patch b/queue-3.14/sched-use-rq-rd-in-sched_setaffinity-under-rcu-read-lock.patch
new file mode 100644
index 00000000000..b3b581d5b2b
--- /dev/null
+++ b/queue-3.14/sched-use-rq-rd-in-sched_setaffinity-under-rcu-read-lock.patch
@@ -0,0 +1,44 @@
+From f1e3a0932f3a9554371792a7daaf1e0eb19f66d5 Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <ktkhai@parallels.com>
+Date: Mon, 22 Sep 2014 22:36:36 +0400
+Subject: sched: Use rq->rd in sched_setaffinity() under RCU read lock
+
+From: Kirill Tkhai <ktkhai@parallels.com>
+
+commit f1e3a0932f3a9554371792a7daaf1e0eb19f66d5 upstream.
+
+Probability of use-after-free isn't zero in this place.
+
+Signed-off-by: Kirill Tkhai <ktkhai@parallels.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Link: http://lkml.kernel.org/r/20140922183636.11015.83611.stgit@localhost
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/core.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -3941,13 +3941,14 @@ long sched_setaffinity(pid_t pid, const
+ 	 * root_domain.
+ 	 */
+ #ifdef CONFIG_SMP
+-	if (task_has_dl_policy(p)) {
+-		const struct cpumask *span = task_rq(p)->rd->span;
+-
+-		if (dl_bandwidth_enabled() && !cpumask_subset(span, new_mask)) {
++	if (task_has_dl_policy(p) && dl_bandwidth_enabled()) {
++		rcu_read_lock();
++		if (!cpumask_subset(task_rq(p)->rd->span, new_mask)) {
+ 			retval = -EBUSY;
++			rcu_read_unlock();
+ 			goto out_unlock;
+ 		}
++		rcu_read_unlock();
+ 	}
+ #endif
+ again:
diff --git a/queue-3.14/series b/queue-3.14/series
index a1395e1c214..c689eff3249 100644
--- a/queue-3.14/series
+++ b/queue-3.14/series
@@ -187,3 +187,4 @@ usb-dwc3-gadget-fix-set_halt-bug-with-pending-transfers.patch
 usb-gadget-function-acm-make-f_acm-pass-usb20cv-chapter9.patch
 usb-gadget-udc-core-fix-kernel-oops-with-soft-connect.patch
 usb-gadget-f_fs-remove-redundant-ffs_data_get.patch
+sched-use-rq-rd-in-sched_setaffinity-under-rcu-read-lock.patch
-- 
2.47.3