Revert breakage triggered by Neil's review comment on the LKML.

kernel-patches/for-mainline/cleanup-aa_register.diff

@@ -0,0 +1,62 @@
+Make it more obvious in aa_register which AA_EXEC flags we are
+testing against.
+
+The MAY_EXEC case is dead code; MAY_EXEC is not in AA_EXEC_MODIFIERS.
+Q: should we be testing for MAY_EXEC here, too? It wouldn't help
+   much, but...
+
+Index: b/security/apparmor/main.c
+===================================================================
+--- a/security/apparmor/main.c
++++ b/security/apparmor/main.c
+@@ -816,11 +816,12 @@ int aa_register(struct linux_binprm *bpr
+ 	/* Confined task, determine what mode inherit, unconstrained or
+ 	 * mandatory to load new profile
+ 	 */
+-	exec_mode = AA_EXEC_MASK(aa_match(profile->file_rules, filename));
++	exec_mode = aa_match(profile->file_rules, filename);
+ 	unsafe_exec = exec_mode & AA_EXEC_UNSAFE;
++	exec_mode &= AA_EXEC_MODIFIERS;
+ 
+ 	if (exec_mode) {
+-		switch (AA_EXEC_MODIFIER_MASK(exec_mode)) {
++		switch (exec_mode) {
+ 		case AA_EXEC_INHERIT:
+ 			/* do nothing - setting of profile
+ 			 * already handed in aa_fork
+@@ -848,21 +849,6 @@ int aa_register(struct linux_binprm *bpr
+ 			find_profile_mandatory = 1;
+ 			break;
+ 
+-		case MAY_EXEC:
+-			/* this should not happen, entries
+-			 * with just EXEC only should be
+-			 * rejected at profile load time
+-			 */
+-			AA_ERROR("%s: Rejecting exec(2) of image '%s'. "
+-				"MAY_EXEC without exec qualifier invalid "
+-				"(%s(%d) profile %s active %s\n",
+-				 __FUNCTION__,
+-				 filename,
+-				 current->comm, current->pid,
+-				 BASE_PROFILE(profile)->name, profile->name);
+-			error = -EPERM;
+-			break;
+-
+ 		default:
+ 			AA_ERROR("%s: Rejecting exec(2) of image '%s'. "
+ 				 "Unknown exec qualifier %x "
+Index: b/security/apparmor/apparmor.h
+===================================================================
+--- a/security/apparmor/apparmor.h
++++ b/security/apparmor/apparmor.h
+@@ -80,9 +80,6 @@ static inline int mediated_filesystem(st
+ 
+ #define AA_SECURE_EXEC_NEEDED 0x00000001
+ 
+-#define AA_EXEC_MODIFIER_MASK(mask) ((mask) & AA_EXEC_MODIFIERS)
+-#define AA_EXEC_MASK(mask) ((mask) & (AA_EXEC_MODIFIERS | AA_EXEC_UNSAFE))
+-
+ /* struct aa_profile - basic confinement data
+  * @parent: non refcounted pointer to parent profile
+  * @name: the profiles name

kernel-patches/for-mainline/d_path-lazy-unmounts.diff

@@ -129,9 +129,9 @@ Index: b/fs/dcache.c
 -		*--end = '/';
 -		retval = end;
 +		buflen -= namelen + 1;
-+		buffer -= namelen + 1;
++		buffer -= namelen;
 +		memcpy(buffer, dentry->d_name.name, namelen);
-+		*buffer = '/';
++		*--buffer = '/';
  		dentry = parent;
  	}
 +	/* Get '/' right. */

kernel-patches/for-mainline/export-profile-list.diff

@@ -0,0 +1,29 @@
+Index: b/security/apparmor/apparmor.h
+===================================================================
+--- a/security/apparmor/apparmor.h
++++ b/security/apparmor/apparmor.h
+@@ -142,6 +142,9 @@ static inline void unlock_profile(struct
+ 	spin_unlock_irqrestore(&profile->lock, profile->interrupt_flags);
+ }
+ 
++extern struct list_head profile_list;
++extern rwlock_t profile_list_lock;
++
+ /**
+  * struct aa_task_context - primary label for confined tasks
+  * @profile: the current profile
+Index: b/security/apparmor/list.c
+===================================================================
+--- a/security/apparmor/list.c
++++ b/security/apparmor/list.c
+@@ -14,8 +14,8 @@
+ #include "inline.h"
+ 
+ /* list of all profiles and lock */
+-static LIST_HEAD(profile_list);
+-static rwlock_t profile_list_lock = RW_LOCK_UNLOCKED;
++LIST_HEAD(profile_list);
++rwlock_t profile_list_lock = RW_LOCK_UNLOCKED;
+ 
+ /* list of all task_contexts and lock */
+ static LIST_HEAD(task_context_list);

kernel-patches/for-mainline/series

@@ -69,3 +69,9 @@ rename-profile-lock.diff
 match-features.diff
 match-changes.diff
 rename-audit_context.diff
+cleanup-aa_register.diff
+cleanup-aa_register-2.diff
+aa_task_context_list_release-does-nothing-useful.diff
+per-profile-task-contexts.diff
+export-profile-list.diff
+# rework-locking.diff