1 files changed, 29 insertions, 22 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 6067e429f281..933e60ebccae 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -22,6 +22,7 @@
 #include <linux/mempolicy.h>
 #include <linux/sem.h>
 #include <linux/file.h>
+#include <linux/fdtable.h>
 #include <linux/key.h>
 #include <linux/binfmts.h>
 #include <linux/mman.h>
@@ -381,14 +382,13 @@ static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
         mm->ioctx_list = NULL;
         mm->free_area_cache = TASK_UNMAPPED_BASE;
         mm->cached_hole_size = ~0UL;
-        mm_init_cgroup(mm, p);
+        mm_init_owner(mm, p);
 
         if (likely(!mm_alloc_pgd(mm))) {
                 mm->def_flags = 0;
                 return mm;
         }
 
-        mm_free_cgroup(mm);
         free_mm(mm);
         return NULL;
 }
@@ -432,13 +432,13 @@ void mmput(struct mm_struct *mm)
         if (atomic_dec_and_test(&mm->mm_users)) {
                 exit_aio(mm);
                 exit_mmap(mm);
+                set_mm_exe_file(mm, NULL);
                 if (!list_empty(&mm->mmlist)) {
                         spin_lock(&mmlist_lock);
                         list_del(&mm->mmlist);
                         spin_unlock(&mmlist_lock);
                 }
                 put_swap_token(mm);
-                mm_free_cgroup(mm);
                 mmdrop(mm);
         }
 }
@@ -545,6 +545,8 @@ struct mm_struct *dup_mm(struct task_struct *tsk)
         if (init_new_context(tsk, mm))
                 goto fail_nocontext;
 
+        dup_mm_exe_file(oldmm, mm);
+
         err = dup_mmap(mm, oldmm);
         if (err)
                 goto free_pt;
@@ -891,7 +893,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
         sig->group_exit_code = 0;
         sig->group_exit_task = NULL;
         sig->group_stop_count = 0;
-        sig->curr_target = NULL;
+        sig->curr_target = tsk;
         init_sigpending(&sig->shared_pending);
         INIT_LIST_HEAD(&sig->posix_timers);
 
@@ -982,6 +984,13 @@ static void rt_mutex_init_task(struct task_struct *p)
 #endif
 }
 
+#ifdef CONFIG_MM_OWNER
+void mm_init_owner(struct mm_struct *mm, struct task_struct *p)
+{
+        mm->owner = p;
+}
+#endif /* CONFIG_MM_OWNER */
+
 /*
  * This creates a new process as a copy of the old one,
  * but does not actually start it yet.
@@ -1664,18 +1673,6 @@ static int unshare_fd(unsigned long unshare_flags, struct files_struct **new_fdp
 }
 
 /*
- * Unsharing of semundo for tasks created with CLONE_SYSVSEM is not
- * supported yet
- */
-static int unshare_semundo(unsigned long unshare_flags, struct sem_undo_list **new_ulistp)
-{
-        if (unshare_flags & CLONE_SYSVSEM)
-                return -EINVAL;
-
-        return 0;
-}
-
-/*
  * unshare allows a process to 'unshare' part of the process
  * context which was originally shared using clone.  copy_*
  * functions used by do_fork() cannot be used here directly
@@ -1690,8 +1687,8 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
         struct sighand_struct *new_sigh = NULL;
         struct mm_struct *mm, *new_mm = NULL, *active_mm = NULL;
         struct files_struct *fd, *new_fd = NULL;
-        struct sem_undo_list *new_ulist = NULL;
         struct nsproxy *new_nsproxy = NULL;
+        int do_sysvsem = 0;
 
         check_unshare_flags(&unshare_flags);
 
@@ -1703,6 +1700,13 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
                                 CLONE_NEWNET))
                 goto bad_unshare_out;
 
+        /*
+         * CLONE_NEWIPC must also detach from the undolist: after switching
+         * to a new ipc namespace, the semaphore arrays from the old
+         * namespace are unreachable.
+         */
+        if (unshare_flags & (CLONE_NEWIPC|CLONE_SYSVSEM))
+                do_sysvsem = 1;
         if ((err = unshare_thread(unshare_flags)))
                 goto bad_unshare_out;
         if ((err = unshare_fs(unshare_flags, &new_fs)))
@@ -1713,13 +1717,17 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
                 goto bad_unshare_cleanup_sigh;
         if ((err = unshare_fd(unshare_flags, &new_fd)))
                 goto bad_unshare_cleanup_vm;
-        if ((err = unshare_semundo(unshare_flags, &new_ulist)))
-                goto bad_unshare_cleanup_fd;
         if ((err = unshare_nsproxy_namespaces(unshare_flags, &new_nsproxy,
                         new_fs)))
-                goto bad_unshare_cleanup_semundo;
+                goto bad_unshare_cleanup_fd;
 
-        if (new_fs ||  new_mm || new_fd || new_ulist || new_nsproxy) {
+        if (new_fs ||  new_mm || new_fd || do_sysvsem || new_nsproxy) {
+                if (do_sysvsem) {
+                        /*
+                         * CLONE_SYSVSEM is equivalent to sys_exit().
+                         */
+                        exit_sem(current);
+                }
 
                 if (new_nsproxy) {
                         switch_task_namespaces(current, new_nsproxy);
@@ -1755,7 +1763,6 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
         if (new_nsproxy)
                 put_nsproxy(new_nsproxy);
 
-bad_unshare_cleanup_semundo:
 bad_unshare_cleanup_fd:
         if (new_fd)
                 put_files_struct(new_fd);