Merge 4.4.95 into android-4.4

Changes in 4.4.95
	USB: devio: Revert "USB: devio: Don't corrupt user memory"
	USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
	USB: serial: metro-usb: add MS7820 device id
	usb: cdc_acm: Add quirk for Elatec TWN3
	usb: quirks: add quirk for WORLDE MINI MIDI keyboard
	usb: hub: Allow reset retry for USB2 devices on connect bounce
	ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
	can: gs_usb: fix busy loop if no more TX context is available
	usb: musb: sunxi: Explicitly release USB PHY on exit
	usb: musb: Check for host-mode using is_host_active() on reset interrupt
	can: esd_usb2: Fix can_dlc value for received RTR, frames
	drm/nouveau/bsp/g92: disable by default
	drm/nouveau/mmu: flush tlbs before deleting page tables
	ALSA: seq: Enable 'use' locking in all configurations
	ALSA: hda: Remove superfluous '-' added by printk conversion
	i2c: ismt: Separate I2C block read from SMBus block read
	brcmsmac: make some local variables 'static const' to reduce stack size
	bus: mbus: fix window size calculation for 4GB windows
	clockevents/drivers/cs5535: Improve resilience to spurious interrupts
	rtlwifi: rtl8821ae: Fix connection lost problem
	KEYS: encrypted: fix dereference of NULL user_key_payload
	lib/digsig: fix dereference of NULL user_key_payload
	KEYS: don't let add_key() update an uninstantiated key
	pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
	parisc: Avoid trashing sr2 and sr3 in LWS code
	parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
	sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
	f2fs crypto: replace some BUG_ON()'s with error checks
	f2fs crypto: add missing locking for keyring_key access
	fscrypt: fix dereference of NULL user_key_payload
	KEYS: Fix race between updating and finding a negative key
	fscrypto: require write access to mount to set encryption policy
	FS-Cache: fix dereference of NULL user_key_payload
	Linux 4.4.95

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

1 files changed, 12 insertions, 11 deletions

diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
index 750ed601ddf7..8620fd01b3d0 100644
--- a/kernel/sched/auto_group.c
+++ b/kernel/sched/auto_group.c
@@ -111,14 +111,11 @@ bool task_wants_autogroup(struct task_struct *p, struct task_group *tg)
 {
 	if (tg != &root_task_group)
 		return false;
-
 	/*
-	 * We can only assume the task group can't go away on us if
-	 * autogroup_move_group() can see us on ->thread_group list.
+	 * If we race with autogroup_move_group() the caller can use the old
+	 * value of signal->autogroup but in this case sched_move_task() will
+	 * be called again before autogroup_kref_put().
 	 */
-	if (p->flags & PF_EXITING)
-		return false;
-
 	return true;
 }
 
@@ -138,13 +135,17 @@ autogroup_move_group(struct task_struct *p, struct autogroup *ag)
 	}
 
 	p->signal->autogroup = autogroup_kref_get(ag);
-
-	if (!READ_ONCE(sysctl_sched_autogroup_enabled))
-		goto out;
-
+	/*
+	 * We can't avoid sched_move_task() after we changed signal->autogroup,
+	 * this process can already run with task_group() == prev->tg or we can
+	 * race with cgroup code which can read autogroup = prev under rq->lock.
+	 * In the latter case for_each_thread() can not miss a migrating thread,
+	 * cpu_cgroup_attach() must not be possible after cgroup_exit() and it
+	 * can't be removed from thread list, we hold ->siglock.
+	 */
 	for_each_thread(p, t)
 		sched_move_task(t);
-out:
+
 	unlock_task_sighand(p, &flags);
 	autogroup_kref_put(prev);
 }