1 files changed, 18 insertions, 13 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 5721f0e3f2da..a17621c6cd42 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -800,14 +800,11 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
  * Allocate a new mm structure and copy contents from the
  * mm structure of the passed in task structure.
  */
-struct mm_struct *dup_mm(struct task_struct *tsk)
+static struct mm_struct *dup_mm(struct task_struct *tsk)
 {
         struct mm_struct *mm, *oldmm = current->mm;
         int err;
 
-        if (!oldmm)
-                return NULL;
-
         mm = allocate_mm();
         if (!mm)
                 goto fail_nomem;
@@ -1035,6 +1032,11 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
         sig->nr_threads = 1;
         atomic_set(&sig->live, 1);
         atomic_set(&sig->sigcnt, 1);
+
+        /* list_add(thread_node, thread_head) without INIT_LIST_HEAD() */
+        sig->thread_head = (struct list_head)LIST_HEAD_INIT(tsk->thread_node);
+        tsk->thread_node = (struct list_head)LIST_HEAD_INIT(sig->thread_head);
+
         init_waitqueue_head(&sig->wait_chldexit);
         sig->curr_target = tsk;
         init_sigpending(&sig->shared_pending);
@@ -1087,8 +1089,10 @@ static void rt_mutex_init_task(struct task_struct *p)
 {
         raw_spin_lock_init(&p->pi_lock);
 #ifdef CONFIG_RT_MUTEXES
-        plist_head_init(&p->pi_waiters);
+        p->pi_waiters = RB_ROOT;
+        p->pi_waiters_leftmost = NULL;
         p->pi_blocked_on = NULL;
+        p->pi_top_task = NULL;
 #endif
 }
 
@@ -1172,7 +1176,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
          * do not allow it to share a thread group or signal handlers or
          * parent with the forking task.
          */
-        if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) {
+        if (clone_flags & CLONE_SIGHAND) {
                 if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
                     (task_active_pid_ns(current) !=
                                 current->nsproxy->pid_ns_for_children))
@@ -1222,7 +1226,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         if (!try_module_get(task_thread_info(p)->exec_domain->module))
                 goto bad_fork_cleanup_count;
 
-        p->did_exec = 0;
         delayacct_tsk_init(p);  /* Must remain after dup_task_struct() */
         copy_flags(clone_flags, p);
         INIT_LIST_HEAD(&p->children);
@@ -1311,7 +1314,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 #endif
 
         /* Perform scheduler related setup. Assign this task to a CPU. */
-        sched_fork(clone_flags, p);
+        retval = sched_fork(clone_flags, p);
+        if (retval)
+                goto bad_fork_cleanup_policy;
 
         retval = perf_event_init_task(p);
         if (retval)
@@ -1403,13 +1408,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                 p->tgid = p->pid;
         }
 
-        p->pdeath_signal = 0;
-        p->exit_state = 0;
-
         p->nr_dirtied = 0;
         p->nr_dirtied_pause = 128 >> (PAGE_SHIFT - 10);
         p->dirty_paused_when = 0;
 
+        p->pdeath_signal = 0;
         INIT_LIST_HEAD(&p->thread_group);
         p->task_works = NULL;
 
@@ -1472,6 +1475,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                         atomic_inc(&current->signal->sigcnt);
                         list_add_tail_rcu(&p->thread_group,
                                           &p->group_leader->thread_group);
+                        list_add_tail_rcu(&p->thread_node,
+                                          &p->signal->thread_head);
                 }
                 attach_pid(p, PIDTYPE_PID);
                 nr_threads++;
@@ -1645,7 +1650,7 @@ SYSCALL_DEFINE0(fork)
         return do_fork(SIGCHLD, 0, 0, NULL, NULL);
 #else
         /* can not support in nommu mode */
-        return(-EINVAL);
+        return -EINVAL;
 #endif
 }
 #endif
@@ -1653,7 +1658,7 @@ SYSCALL_DEFINE0(fork)
 #ifdef __ARCH_WANT_SYS_VFORK
 SYSCALL_DEFINE0(vfork)
 {
-        return do_fork(CLONE_VFORK | CLONE_VM | SIGCHLD, 0, 
+        return do_fork(CLONE_VFORK | CLONE_VM | SIGCHLD, 0,
                         0, NULL, NULL);
 }
 #endif