From 0844f7e019feec01459bd4042098be8a6b08fdcb Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 28 Mar 2014 10:29:54 -0700
Subject: [PATCH] 3.10-stable patches

added patches:
	sched-autogroup-fix-race-with-task_groups-list.patch
---
 ...group-fix-race-with-task_groups-list.patch | 48 +++++++++++++++++++
 queue-3.10/series                             |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 queue-3.10/sched-autogroup-fix-race-with-task_groups-list.patch

diff --git a/queue-3.10/sched-autogroup-fix-race-with-task_groups-list.patch b/queue-3.10/sched-autogroup-fix-race-with-task_groups-list.patch
new file mode 100644
index 00000000000..6e339538ca1
--- /dev/null
+++ b/queue-3.10/sched-autogroup-fix-race-with-task_groups-list.patch
@@ -0,0 +1,48 @@
+From 41261b6a832ea0e788627f6a8707854423f9ff49 Mon Sep 17 00:00:00 2001
+From: Gerald Schaefer <gerald.schaefer@de.ibm.com>
+Date: Fri, 24 May 2013 18:07:49 +0200
+Subject: sched/autogroup: Fix race with task_groups list
+
+From: Gerald Schaefer <gerald.schaefer@de.ibm.com>
+
+commit 41261b6a832ea0e788627f6a8707854423f9ff49 upstream.
+
+In autogroup_create(), a tg is allocated and added to the task_groups
+list. If CONFIG_RT_GROUP_SCHED is set, this tg is then modified while on
+the list, without locking. This can race with someone walking the list,
+like __enable_runtime() during CPU unplug, and result in a use-after-free
+bug.
+
+To fix this, move sched_online_group(), which adds the tg to the list,
+to the end of the autogroup_create() function after the modification.
+
+Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
+Signed-off-by: Peter Zijlstra <peterz@infradead.org>
+Link: http://lkml.kernel.org/r/1369411669-46971-2-git-send-email-gerald.schaefer@de.ibm.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Preeti U Murthy <preeti@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/auto_group.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/kernel/sched/auto_group.c
++++ b/kernel/sched/auto_group.c
+@@ -77,8 +77,6 @@ static inline struct autogroup *autogrou
+ 	if (IS_ERR(tg))
+ 		goto out_free;
+ 
+-	sched_online_group(tg, &root_task_group);
+-
+ 	kref_init(&ag->kref);
+ 	init_rwsem(&ag->lock);
+ 	ag->id = atomic_inc_return(&autogroup_seq_nr);
+@@ -98,6 +96,7 @@ static inline struct autogroup *autogrou
+ #endif
+ 	tg->autogroup = ag;
+ 
++	sched_online_group(tg, &root_task_group);
+ 	return ag;
+ 
+ out_free:
diff --git a/queue-3.10/series b/queue-3.10/series
index 745365ef6f9..8ede6748517 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -19,3 +19,4 @@ kvm-vmx-fix-use-after-free-of-vmx-loaded_vmcs.patch
 input-wacom-make-sure-touch_max-is-set-for-touch-devices.patch
 xhci-fix-resume-issues-on-renesas-chips-in-samsung-laptops.patch
 e100-fix-disabling-already-disabled-device-warning.patch
+sched-autogroup-fix-race-with-task_groups-list.patch
-- 
2.47.3