1 files changed, 43 insertions, 15 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 1020977b57ca..166b8c49257c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -63,6 +63,7 @@
 #include <linux/fs_struct.h>
 #include <linux/magic.h>
 #include <linux/perf_event.h>
+#include <linux/posix-timers.h>
 
 #include <asm/pgtable.h>
 #include <asm/pgalloc.h>
@@ -90,7 +91,7 @@ int nr_processes(void)
         int cpu;
         int total = 0;
 
-        for_each_online_cpu(cpu)
+        for_each_possible_cpu(cpu)
                 total += per_cpu(process_counts, cpu);
 
         return total;
@@ -433,6 +434,14 @@ __setup("coredump_filter=", coredump_filter_setup);
 
 #include <linux/init_task.h>
 
+static void mm_init_aio(struct mm_struct *mm)
+{
+#ifdef CONFIG_AIO
+        spin_lock_init(&mm->ioctx_lock);
+        INIT_HLIST_HEAD(&mm->ioctx_list);
+#endif
+}
+
 static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
 {
         atomic_set(&mm->mm_users, 1);
@@ -446,10 +455,9 @@ static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
         set_mm_counter(mm, file_rss, 0);
         set_mm_counter(mm, anon_rss, 0);
         spin_lock_init(&mm->page_table_lock);
-        spin_lock_init(&mm->ioctx_lock);
-        INIT_HLIST_HEAD(&mm->ioctx_list);
         mm->free_area_cache = TASK_UNMAPPED_BASE;
         mm->cached_hole_size = ~0UL;
+        mm_init_aio(mm);
         mm_init_owner(mm, p);
 
         if (likely(!mm_alloc_pgd(mm))) {
@@ -510,6 +518,8 @@ void mmput(struct mm_struct *mm)
                         spin_unlock(&mmlist_lock);
                 }
                 put_swap_token(mm);
+                if (mm->binfmt)
+                        module_put(mm->binfmt->module);
                 mmdrop(mm);
         }
 }
@@ -560,12 +570,18 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
 
         /* Get rid of any futexes when releasing the mm */
 #ifdef CONFIG_FUTEX
-        if (unlikely(tsk->robust_list))
+        if (unlikely(tsk->robust_list)) {
                 exit_robust_list(tsk);
+                tsk->robust_list = NULL;
+        }
 #ifdef CONFIG_COMPAT
-        if (unlikely(tsk->compat_robust_list))
+        if (unlikely(tsk->compat_robust_list)) {
                 compat_exit_robust_list(tsk);
+                tsk->compat_robust_list = NULL;
+        }
 #endif
+        if (unlikely(!list_empty(&tsk->pi_state_list)))
+                exit_pi_state_list(tsk);
 #endif
 
         /* Get rid of any cached register state */
@@ -635,9 +651,14 @@ struct mm_struct *dup_mm(struct task_struct *tsk)
         mm->hiwater_rss = get_mm_rss(mm);
         mm->hiwater_vm = mm->total_vm;
 
+        if (mm->binfmt && !try_module_get(mm->binfmt->module))
+                goto free_pt;
+
         return mm;
 
 free_pt:
+        /* don't put binfmt in mmput, we haven't got module yet */
+        mm->binfmt = NULL;
         mmput(mm);
 
 fail_nomem:
@@ -805,10 +826,10 @@ static void posix_cpu_timers_init_group(struct signal_struct *sig)
         thread_group_cputime_init(sig);
 
         /* Expiration times and increments. */
-        sig->it_virt_expires = cputime_zero;
-        sig->it_virt_incr = cputime_zero;
-        sig->it_prof_expires = cputime_zero;
-        sig->it_prof_incr = cputime_zero;
+        sig->it[CPUCLOCK_PROF].expires = cputime_zero;
+        sig->it[CPUCLOCK_PROF].incr = cputime_zero;
+        sig->it[CPUCLOCK_VIRT].expires = cputime_zero;
+        sig->it[CPUCLOCK_VIRT].incr = cputime_zero;
 
         /* Cached expiration times. */
         sig->cputime_expires.prof_exp = cputime_zero;
@@ -866,6 +887,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
         sig->nvcsw = sig->nivcsw = sig->cnvcsw = sig->cnivcsw = 0;
         sig->min_flt = sig->maj_flt = sig->cmin_flt = sig->cmaj_flt = 0;
         sig->inblock = sig->oublock = sig->cinblock = sig->coublock = 0;
+        sig->maxrss = sig->cmaxrss = 0;
         task_io_accounting_init(&sig->ioac);
         sig->sum_sched_runtime = 0;
         taskstats_tgid_init(sig);
@@ -977,6 +999,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
                 return ERR_PTR(-EINVAL);
 
+        /*
+         * Siblings of global init remain as zombies on exit since they are
+         * not reaped by their parent (swapper). To solve this and to avoid
+         * multi-rooted process trees, prevent global and container-inits
+         * from creating siblings.
+         */
+        if ((clone_flags & CLONE_PARENT) &&
+                                current->signal->flags & SIGNAL_UNKILLABLE)
+                return ERR_PTR(-EINVAL);
+
         retval = security_task_create(clone_flags);
         if (retval)
                 goto fork_out;
@@ -1018,9 +1050,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         if (!try_module_get(task_thread_info(p)->exec_domain->module))
                 goto bad_fork_cleanup_count;
 
-        if (p->binfmt && !try_module_get(p->binfmt->module))
-                goto bad_fork_cleanup_put_domain;
-
         p->did_exec = 0;
         delayacct_tsk_init(p);  /* Must remain after dup_task_struct() */
         copy_flags(clone_flags, p);
@@ -1094,6 +1123,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 
         p->bts = NULL;
 
+        p->stack_start = stack_start;
+
         /* Perform scheduler related setup. Assign this task to a CPU. */
         sched_fork(p, clone_flags);
 
@@ -1306,9 +1337,6 @@ bad_fork_cleanup_cgroup:
 #endif
         cgroup_exit(p, cgroup_callbacks_done);
         delayacct_tsk_free(p);
-        if (p->binfmt)
-                module_put(p->binfmt->module);
-bad_fork_cleanup_put_domain:
         module_put(task_thread_info(p)->exec_domain->module);
 bad_fork_cleanup_count:
         atomic_dec(&p->cred->user->processes);