Merge branch 'linus' into stackprotector

Conflicts: arch/x86/include/asm/pda.h kernel/fork.c
author: Ingo Molnar <mingo@elte.hu> 2008-12-31 02:31:57 -0500
committer: Ingo Molnar <mingo@elte.hu> 2008-12-31 02:31:57 -0500
commit: a9de18eb761f7c1c860964b2e5addc1a35c7e861 (patch)
tree: 886e75fdfd09690cd262ca69cb7f5d1d42b48602 /kernel/fork.c
parent: b2aaf8f74cdc84a9182f6cabf198b7763bcb9d40 (diff)
parent: 6a94cb73064c952255336cc57731904174b2c58f (diff)
1 files changed, 118 insertions, 86 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 99c5c655b098..913284e3db14 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -40,12 +40,14 @@
 #include <linux/jiffies.h>
 #include <linux/tracehook.h>
 #include <linux/futex.h>
+#include <linux/compat.h>
 #include <linux/task_io_accounting_ops.h>
 #include <linux/rcupdate.h>
 #include <linux/ptrace.h>
 #include <linux/mount.h>
 #include <linux/audit.h>
 #include <linux/memcontrol.h>
+#include <linux/ftrace.h>
 #include <linux/profile.h>
 #include <linux/rmap.h>
 #include <linux/acct.h>
@@ -58,6 +60,7 @@
 #include <linux/tty.h>
 #include <linux/proc_fs.h>
 #include <linux/blkdev.h>
+#include <trace/sched.h>
 #include <linux/magic.h>
 #include <asm/pgtable.h>
@@ -79,6 +82,8 @@ DEFINE_PER_CPU(unsigned long, process_counts) = 0;
 __cacheline_aligned DEFINE_RWLOCK(tasklist_lock);  /* outer */
+DEFINE_TRACE(sched_process_fork);
 int nr_processes(void)
 {
        int cpu;
@@ -136,6 +141,7 @@ void free_task(struct task_struct *tsk)
        prop_local_destroy_single(&tsk->dirties);
        free_thread_info(tsk->stack);
        rt_mutex_debug_task_free(tsk);
+        ftrace_graph_exit_task(tsk);
        free_task_struct(tsk);
 }
 EXPORT_SYMBOL(free_task);
@@ -146,9 +152,8 @@ void __put_task_struct(struct task_struct *tsk)
        WARN_ON(atomic_read(&tsk->usage));
        WARN_ON(tsk == current);
-        security_task_free(tsk);
+        put_cred(tsk->real_cred);
-        free_uid(tsk->user);
+        put_cred(tsk->cred);
-        put_group_info(tsk->group_info);
        delayacct_tsk_free(tsk);
        if (!profile_handoff_task(tsk))
@@ -318,17 +323,20 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
                file = tmp->vm_file;
                if (file) {
                        struct inode *inode = file->f_path.dentry->d_inode;
+                        struct address_space *mapping = file->f_mapping;
                        get_file(file);
                        if (tmp->vm_flags & VM_DENYWRITE)
                                atomic_dec(&inode->i_writecount);
+                        spin_lock(&mapping->i_mmap_lock);
-                        /* insert tmp into the share list, just after mpnt */
+                        if (tmp->vm_flags & VM_SHARED)
-                        spin_lock(&file->f_mapping->i_mmap_lock);
+                                mapping->i_mmap_writable++;
                        tmp->vm_truncate_count = mpnt->vm_truncate_count;
-                        flush_dcache_mmap_lock(file->f_mapping);
+                        flush_dcache_mmap_lock(mapping);
+                        /* insert tmp into the share list, just after mpnt */
                        vma_prio_tree_add(tmp, mpnt);
-                        flush_dcache_mmap_unlock(file->f_mapping);
+                        flush_dcache_mmap_unlock(mapping);
-                        spin_unlock(&file->f_mapping->i_mmap_lock);
+                        spin_unlock(&mapping->i_mmap_lock);
                }
                /*
@@ -412,8 +420,8 @@ static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
        set_mm_counter(mm, file_rss, 0);
        set_mm_counter(mm, anon_rss, 0);
        spin_lock_init(&mm->page_table_lock);
-        rwlock_init(&mm->ioctx_list_lock);
+        spin_lock_init(&mm->ioctx_lock);
-        mm->ioctx_list = NULL;
+        INIT_HLIST_HEAD(&mm->ioctx_list);
        mm->free_area_cache = TASK_UNMAPPED_BASE;
        mm->cached_hole_size = ~0UL;
        mm_init_owner(mm, p);
@@ -523,6 +531,16 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
 {
        struct completion *vfork_done = tsk->vfork_done;
+        /* Get rid of any futexes when releasing the mm */
+#ifdef CONFIG_FUTEX
+        if (unlikely(tsk->robust_list))
+                exit_robust_list(tsk);
+#ifdef CONFIG_COMPAT
+        if (unlikely(tsk->compat_robust_list))
+                compat_exit_robust_list(tsk);
+#endif
+#endif
        /* Get rid of any cached register state */
        deactivate_mm(tsk, mm);
@@ -764,27 +782,50 @@ void __cleanup_sighand(struct sighand_struct *sighand)
                kmem_cache_free(sighand_cachep, sighand);
 }
+/*
+ * Initialize POSIX timer handling for a thread group.
+ */
+static void posix_cpu_timers_init_group(struct signal_struct *sig)
+{
+        /* Thread group counters. */
+        thread_group_cputime_init(sig);
+        /* Expiration times and increments. */
+        sig->it_virt_expires = cputime_zero;
+        sig->it_virt_incr = cputime_zero;
+        sig->it_prof_expires = cputime_zero;
+        sig->it_prof_incr = cputime_zero;
+        /* Cached expiration times. */
+        sig->cputime_expires.prof_exp = cputime_zero;
+        sig->cputime_expires.virt_exp = cputime_zero;
+        sig->cputime_expires.sched_exp = 0;
+        /* The timer lists. */
+        INIT_LIST_HEAD(&sig->cpu_timers[0]);
+        INIT_LIST_HEAD(&sig->cpu_timers[1]);
+        INIT_LIST_HEAD(&sig->cpu_timers[2]);
+}
 static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
 {
        struct signal_struct *sig;
        int ret;
        if (clone_flags & CLONE_THREAD) {
-                atomic_inc(&current->signal->count);
+                ret = thread_group_cputime_clone_thread(current);
-                atomic_inc(&current->signal->live);
+                if (likely(!ret)) {
-                return 0;
+                        atomic_inc(&current->signal->count);
+                        atomic_inc(&current->signal->live);
+                }
+                return ret;
        }
        sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL);
        tsk->signal = sig;
        if (!sig)
                return -ENOMEM;
-        ret = copy_thread_group_keys(tsk);
-        if (ret < 0) {
-                kmem_cache_free(signal_cachep, sig);
-                return ret;
-        }
        atomic_set(&sig->count, 1);
        atomic_set(&sig->live, 1);
        init_waitqueue_head(&sig->wait_chldexit);
@@ -800,40 +841,25 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
        sig->it_real_incr.tv64 = 0;
        sig->real_timer.function = it_real_fn;
-        sig->it_virt_expires = cputime_zero;
-        sig->it_virt_incr = cputime_zero;
-        sig->it_prof_expires = cputime_zero;
-        sig->it_prof_incr = cputime_zero;
        sig->leader = 0;        /* session leadership doesn't inherit */
        sig->tty_old_pgrp = NULL;
        sig->tty = NULL;
-        sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;
+        sig->cutime = sig->cstime = cputime_zero;
        sig->gtime = cputime_zero;
        sig->cgtime = cputime_zero;
        sig->nvcsw = sig->nivcsw = sig->cnvcsw = sig->cnivcsw = 0;
        sig->min_flt = sig->maj_flt = sig->cmin_flt = sig->cmaj_flt = 0;
        sig->inblock = sig->oublock = sig->cinblock = sig->coublock = 0;
        task_io_accounting_init(&sig->ioac);
-        sig->sum_sched_runtime = 0;
-        INIT_LIST_HEAD(&sig->cpu_timers[0]);
-        INIT_LIST_HEAD(&sig->cpu_timers[1]);
-        INIT_LIST_HEAD(&sig->cpu_timers[2]);
        taskstats_tgid_init(sig);
        task_lock(current->group_leader);
        memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim);
        task_unlock(current->group_leader);
-        if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
+        posix_cpu_timers_init_group(sig);
-                /*
-                 * New sole thread in the process gets an expiry time
-                 * of the whole CPU time limit.
-                 */
-                tsk->it_prof_expires =
-                        secs_to_cputime(sig->rlim[RLIMIT_CPU].rlim_cur);
-        }
        acct_init_pacct(&sig->pacct);
        tty_audit_fork(sig);
@@ -843,7 +869,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
 void __cleanup_signal(struct signal_struct *sig)
 {
-        exit_thread_group_keys(sig);
+        thread_group_cputime_free(sig);
        tty_kref_put(sig->tty);
        kmem_cache_free(signal_cachep, sig);
 }
@@ -893,6 +919,19 @@ void mm_init_owner(struct mm_struct *mm, struct task_struct *p)
 #endif /* CONFIG_MM_OWNER */
 /*
+ * Initialize POSIX timer handling for a single task.
+ */
+static void posix_cpu_timers_init(struct task_struct *tsk)
+{
+        tsk->cputime_expires.prof_exp = cputime_zero;
+        tsk->cputime_expires.virt_exp = cputime_zero;
+        tsk->cputime_expires.sched_exp = 0;
+        INIT_LIST_HEAD(&tsk->cpu_timers[0]);
+        INIT_LIST_HEAD(&tsk->cpu_timers[1]);
+        INIT_LIST_HEAD(&tsk->cpu_timers[2]);
+}
+/*
 * This creates a new process as a copy of the old one,
 * but does not actually start it yet.
 *
@@ -946,16 +985,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
 #endif
        retval = -EAGAIN;
-        if (atomic_read(&p->user->processes) >=
+        if (atomic_read(&p->real_cred->user->processes) >=
                        p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
                if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-                    p->user != current->nsproxy->user_ns->root_user)
+                    p->real_cred->user != INIT_USER)
                        goto bad_fork_free;
        }
-        atomic_inc(&p->user->__count);
+        retval = copy_creds(p, clone_flags);
-        atomic_inc(&p->user->processes);
+        if (retval < 0)
-        get_group_info(p->group_info);
+                goto bad_fork_free;
        /*
         * If multiple threads are within copy_process(), then this check
@@ -994,6 +1033,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        p->prev_utime = cputime_zero;
        p->prev_stime = cputime_zero;
+        p->default_timer_slack_ns = current->timer_slack_ns;
 #ifdef CONFIG_DETECT_SOFTLOCKUP
        p->last_switch_count = 0;
        p->last_switch_timestamp = 0;
@@ -1002,21 +1043,12 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        task_io_accounting_init(&p->ioac);
        acct_clear_integrals(p);
-        p->it_virt_expires = cputime_zero;
+        posix_cpu_timers_init(p);
-        p->it_prof_expires = cputime_zero;
-        p->it_sched_expires = 0;
-        INIT_LIST_HEAD(&p->cpu_timers[0]);
-        INIT_LIST_HEAD(&p->cpu_timers[1]);
-        INIT_LIST_HEAD(&p->cpu_timers[2]);
        p->lock_depth = -1;             /* -1 = no lock */
        do_posix_clock_monotonic_gettime(&p->start_time);
        p->real_start_time = p->start_time;
        monotonic_to_bootbased(&p->real_start_time);
-#ifdef CONFIG_SECURITY
-        p->security = NULL;
-#endif
-        p->cap_bset = current->cap_bset;
        p->io_context = NULL;
        p->audit_context = NULL;
        cgroup_fork(p);
@@ -1057,14 +1089,14 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 #ifdef CONFIG_DEBUG_MUTEXES
        p->blocked_on = NULL; /* not blocked yet */
 #endif
+        if (unlikely(ptrace_reparented(current)))
+                ptrace_fork(p, clone_flags);
        /* Perform scheduler related setup. Assign this task to a CPU. */
        sched_fork(p, clone_flags);
-        if ((retval = security_task_alloc(p)))
-                goto bad_fork_cleanup_policy;
        if ((retval = audit_alloc(p)))
-                goto bad_fork_cleanup_security;
+                goto bad_fork_cleanup_policy;
        /* copy all the process information */
        if ((retval = copy_semundo(clone_flags, p)))
                goto bad_fork_cleanup_audit;
@@ -1078,10 +1110,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                goto bad_fork_cleanup_sighand;
        if ((retval = copy_mm(clone_flags, p)))
                goto bad_fork_cleanup_signal;
-        if ((retval = copy_keys(clone_flags, p)))
-                goto bad_fork_cleanup_mm;
        if ((retval = copy_namespaces(clone_flags, p)))
-                goto bad_fork_cleanup_keys;
+                goto bad_fork_cleanup_mm;
        if ((retval = copy_io(clone_flags, p)))
                goto bad_fork_cleanup_namespaces;
        retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
@@ -1101,6 +1131,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                }
        }
+        ftrace_graph_init_task(p);
        p->pid = pid_nr(pid);
        p->tgid = p->pid;
        if (clone_flags & CLONE_THREAD)
@@ -1109,7 +1141,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        if (current->nsproxy != p->nsproxy) {
                retval = ns_cgroup_clone(p, pid);
                if (retval)
-                        goto bad_fork_free_pid;
+                        goto bad_fork_free_graph;
        }
        p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
@@ -1202,27 +1234,12 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                spin_unlock(&current->sighand->siglock);
                write_unlock_irq(&tasklist_lock);
                retval = -ERESTARTNOINTR;
-                goto bad_fork_free_pid;
+                goto bad_fork_free_graph;
        }
        if (clone_flags & CLONE_THREAD) {
                p->group_leader = current->group_leader;
                list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group);
-                if (!cputime_eq(current->signal->it_virt_expires,
-                                cputime_zero) ||
-                    !cputime_eq(current->signal->it_prof_expires,
-                                cputime_zero) ||
-                    current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY ||
-                    !list_empty(&current->signal->cpu_timers[0]) ||
-                    !list_empty(&current->signal->cpu_timers[1]) ||
-                    !list_empty(&current->signal->cpu_timers[2])) {
-                        /*
-                         * Have child wake up on its first tick to check
-                         * for process CPU timers.
-                         */
-                        p->it_prof_expires = jiffies_to_cputime(1);
-                }
        }
        if (likely(p->pid)) {
@@ -1254,6 +1271,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
        cgroup_post_fork(p);
        return p;
+bad_fork_free_graph:
+        ftrace_graph_exit_task(p);
 bad_fork_free_pid:
        if (pid != &init_struct_pid)
                free_pid(pid);
@@ -1261,8 +1280,6 @@ bad_fork_cleanup_io:
        put_io_context(p->io_context);
 bad_fork_cleanup_namespaces:
        exit_task_namespaces(p);
-bad_fork_cleanup_keys:
-        exit_keys(p);
 bad_fork_cleanup_mm:
        if (p->mm)
                mmput(p->mm);
@@ -1278,8 +1295,6 @@ bad_fork_cleanup_semundo:
        exit_sem(p);
 bad_fork_cleanup_audit:
        audit_free(p);
-bad_fork_cleanup_security:
-        security_task_free(p);
 bad_fork_cleanup_policy:
 #ifdef CONFIG_NUMA
        mpol_put(p->mempolicy);
@@ -1292,9 +1307,9 @@ bad_fork_cleanup_cgroup:
 bad_fork_cleanup_put_domain:
        module_put(task_thread_info(p)->exec_domain->module);
 bad_fork_cleanup_count:
-        put_group_info(p->group_info);
+        atomic_dec(&p->cred->user->processes);
-        atomic_dec(&p->user->processes);
+        put_cred(p->real_cred);
-        free_uid(p->user);
+        put_cred(p->cred);
 bad_fork_free:
        free_task(p);
 fork_out:
@@ -1338,6 +1353,21 @@ long do_fork(unsigned long clone_flags,
        long nr;
        /*
+         * Do some preliminary argument and permissions checking before we
+         * actually start allocating stuff
+         */
+        if (clone_flags & CLONE_NEWUSER) {
+                if (clone_flags & CLONE_THREAD)
+                        return -EINVAL;
+                /* hopefully this check will go away when userns support is
+                 * complete
+                 */
+                if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
+                                !capable(CAP_SETGID))
+                        return -EPERM;
+        }
+        /*
         * We hope to recycle these flags after 2.6.26
         */
        if (unlikely(clone_flags & CLONE_STOPPED)) {
@@ -1369,6 +1399,8 @@ long do_fork(unsigned long clone_flags,
        if (!IS_ERR(p)) {
                struct completion vfork;
+                trace_sched_process_fork(current, p);
                nr = task_pid_vnr(p);
                if (clone_flags & CLONE_PARENT_SETTID)
@@ -1379,6 +1411,7 @@ long do_fork(unsigned long clone_flags,
                        init_completion(&vfork);
                }
+                audit_finish_fork(p);
                tracehook_report_clone(trace, regs, clone_flags, nr, p);
                /*
@@ -1582,8 +1615,7 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
        err = -EINVAL;
        if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
                                CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
-                                CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|
+                                CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNET))
-                                CLONE_NEWNET))
                goto bad_unshare_out;
        /*
author	Ingo Molnar <mingo@elte.hu>	2008-12-31 02:31:57 -0500
committer	Ingo Molnar <mingo@elte.hu>	2008-12-31 02:31:57 -0500
commit	a9de18eb761f7c1c860964b2e5addc1a35c7e861 (patch)
tree	886e75fdfd09690cd262ca69cb7f5d1d42b48602 /kernel/fork.c
parent	b2aaf8f74cdc84a9182f6cabf198b7763bcb9d40 (diff)
parent	6a94cb73064c952255336cc57731904174b2c58f (diff)