1 files changed, 12 insertions, 7 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 17bbf093356d..b0ec34abc0bb 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -329,15 +329,17 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
                 if (!tmp)
                         goto fail_nomem;
                 *tmp = *mpnt;
+                INIT_LIST_HEAD(&tmp->anon_vma_chain);
                 pol = mpol_dup(vma_policy(mpnt));
                 retval = PTR_ERR(pol);
                 if (IS_ERR(pol))
                         goto fail_nomem_policy;
                 vma_set_policy(tmp, pol);
+                if (anon_vma_fork(tmp, mpnt))
+                        goto fail_nomem_anon_vma_fork;
                 tmp->vm_flags &= ~VM_LOCKED;
                 tmp->vm_mm = mm;
                 tmp->vm_next = NULL;
-                anon_vma_link(tmp);
                 file = tmp->vm_file;
                 if (file) {
                         struct inode *inode = file->f_path.dentry->d_inode;
@@ -392,6 +394,8 @@ out:
         flush_tlb_mm(oldmm);
         up_write(&oldmm->mmap_sem);
         return retval;
+fail_nomem_anon_vma_fork:
+        mpol_put(pol);
 fail_nomem_policy:
         kmem_cache_free(vm_area_cachep, tmp);
 fail_nomem:
@@ -455,8 +459,7 @@ static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
                 (current->mm->flags & MMF_INIT_MASK) : default_dump_filter;
         mm->core_state = NULL;
         mm->nr_ptes = 0;
-        set_mm_counter(mm, file_rss, 0);
-        set_mm_counter(mm, anon_rss, 0);
+        memset(&mm->rss_stat, 0, sizeof(mm->rss_stat));
         spin_lock_init(&mm->page_table_lock);
         mm->free_area_cache = TASK_UNMAPPED_BASE;
         mm->cached_hole_size = ~0UL;
@@ -825,6 +828,8 @@ void __cleanup_sighand(struct sighand_struct *sighand)
  */
 static void posix_cpu_timers_init_group(struct signal_struct *sig)
 {
+        unsigned long cpu_limit;
+
         /* Thread group counters. */
         thread_group_cputime_init(sig);
 
@@ -839,9 +844,9 @@ static void posix_cpu_timers_init_group(struct signal_struct *sig)
         sig->cputime_expires.virt_exp = cputime_zero;
         sig->cputime_expires.sched_exp = 0;
 
-        if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
-                sig->cputime_expires.prof_exp =
-                        secs_to_cputime(sig->rlim[RLIMIT_CPU].rlim_cur);
+        cpu_limit = ACCESS_ONCE(sig->rlim[RLIMIT_CPU].rlim_cur);
+        if (cpu_limit != RLIM_INFINITY) {
+                sig->cputime_expires.prof_exp = secs_to_cputime(cpu_limit);
                 sig->cputimer.running = 1;
         }
 
@@ -1034,7 +1039,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 #endif
         retval = -EAGAIN;
         if (atomic_read(&p->real_cred->user->processes) >=
-                        p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
+                        task_rlimit(p, RLIMIT_NPROC)) {
                 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
                     p->real_cred->user != INIT_USER)
                         goto bad_fork_free;