The following (backported) patch removes a hook which has already been removed upstream. [1] Reason is that a permission denial can lead to soft lockups and zombies. A reproducer can be found in the initial report. [2] I hence consider this a bugfix which is allowed for stable branches.
Background: To reduce divergence of 4.9 to upstream before proposing to apply upstream commit 3dfc9b02864bt (LSM: Initialize security_hook_heads upon registration.) I'm checking which changes to the LSM hooks may be applicable to 4.9 as doing so after backporting 33dfc9b02864bt will lead to conflicts for each such commit.
[1] https://patchwork.kernel.org/project/linux-security-module/patch/1484069312-... [2] https://patchwork.kernel.org/project/selinux/patch/58736B2E.90201@huawei.com
Stephen Smalley (1): security,selinux,smack: kill security_task_wait hook
include/linux/lsm_hooks.h | 7 ------- include/linux/security.h | 6 ------ kernel/exit.c | 19 ++----------------- security/security.c | 6 ------ security/selinux/hooks.c | 6 ------ security/smack/smack_lsm.c | 20 -------------------- 6 files changed, 2 insertions(+), 62 deletions(-)