1 files changed, 86 insertions, 60 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 467746b3f0aa..166b8c49257c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -17,7 +17,6 @@
 #include <linux/module.h>
 #include <linux/vmalloc.h>
 #include <linux/completion.h>
-#include <linux/mnt_namespace.h>
 #include <linux/personality.h>
 #include <linux/mempolicy.h>
 #include <linux/sem.h>
@@ -50,6 +49,7 @@
 #include <linux/ftrace.h>
 #include <linux/profile.h>
 #include <linux/rmap.h>
+#include <linux/ksm.h>
 #include <linux/acct.h>
 #include <linux/tsacct_kern.h>
 #include <linux/cn_proc.h>
@@ -62,7 +62,8 @@
 #include <linux/blkdev.h>
 #include <linux/fs_struct.h>
 #include <linux/magic.h>
-#include <linux/perf_counter.h>
+#include <linux/perf_event.h>
+#include <linux/posix-timers.h>
 
 #include <asm/pgtable.h>
 #include <asm/pgalloc.h>
@@ -90,7 +91,7 @@ int nr_processes(void)
         int cpu;
         int total = 0;
 
-        for_each_online_cpu(cpu)
+        for_each_possible_cpu(cpu)
                 total += per_cpu(process_counts, cpu);
 
         return total;
@@ -137,9 +138,17 @@ struct kmem_cache *vm_area_cachep;
 /* SLAB cache for mm_struct structures (tsk->mm) */
 static struct kmem_cache *mm_cachep;
 
+static void account_kernel_stack(struct thread_info *ti, int account)
+{
+        struct zone *zone = page_zone(virt_to_page(ti));
+
+        mod_zone_page_state(zone, NR_KERNEL_STACK, account);
+}
+
 void free_task(struct task_struct *tsk)
 {
         prop_local_destroy_single(&tsk->dirties);
+        account_kernel_stack(tsk->stack, -1);
         free_thread_info(tsk->stack);
         rt_mutex_debug_task_free(tsk);
         ftrace_graph_exit_task(tsk);
@@ -153,8 +162,7 @@ void __put_task_struct(struct task_struct *tsk)
         WARN_ON(atomic_read(&tsk->usage));
         WARN_ON(tsk == current);
 
-        put_cred(tsk->real_cred);
-        put_cred(tsk->cred);
+        exit_creds(tsk);
         delayacct_tsk_free(tsk);
 
         if (!profile_handoff_task(tsk))
@@ -255,6 +263,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
         tsk->btrace_seq = 0;
 #endif
         tsk->splice_pipe = NULL;
+
+        account_kernel_stack(ti, 1);
+
         return tsk;
 
 out:
@@ -290,6 +301,9 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
         rb_link = &mm->mm_rb.rb_node;
         rb_parent = NULL;
         pprev = &mm->mmap;
+        retval = ksm_fork(mm, oldmm);
+        if (retval)
+                goto out;
 
         for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
                 struct file *file;
@@ -420,22 +434,30 @@ __setup("coredump_filter=", coredump_filter_setup);
 
 #include <linux/init_task.h>
 
+static void mm_init_aio(struct mm_struct *mm)
+{
+#ifdef CONFIG_AIO
+        spin_lock_init(&mm->ioctx_lock);
+        INIT_HLIST_HEAD(&mm->ioctx_list);
+#endif
+}
+
 static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
 {
         atomic_set(&mm->mm_users, 1);
         atomic_set(&mm->mm_count, 1);
         init_rwsem(&mm->mmap_sem);
         INIT_LIST_HEAD(&mm->mmlist);
-        mm->flags = (current->mm) ? current->mm->flags : default_dump_filter;
+        mm->flags = (current->mm) ?
+                (current->mm->flags & MMF_INIT_MASK) : default_dump_filter;
         mm->core_state = NULL;
         mm->nr_ptes = 0;
         set_mm_counter(mm, file_rss, 0);
         set_mm_counter(mm, anon_rss, 0);
         spin_lock_init(&mm->page_table_lock);
-        spin_lock_init(&mm->ioctx_lock);
-        INIT_HLIST_HEAD(&mm->ioctx_list);
         mm->free_area_cache = TASK_UNMAPPED_BASE;
         mm->cached_hole_size = ~0UL;
+        mm_init_aio(mm);
         mm_init_owner(mm, p);
 
         if (likely(!mm_alloc_pgd(mm))) {
@@ -487,6 +509,7 @@ void mmput(struct mm_struct *mm)
 
         if (atomic_dec_and_test(&mm->mm_users)) {
                 exit_aio(mm);
+                ksm_exit(mm);
                 exit_mmap(mm);
                 set_mm_exe_file(mm, NULL);
                 if (!list_empty(&mm->mmlist)) {
@@ -495,6 +518,8 @@ void mmput(struct mm_struct *mm)
                         spin_unlock(&mmlist_lock);
                 }
                 put_swap_token(mm);
+                if (mm->binfmt)
+                        module_put(mm->binfmt->module);
                 mmdrop(mm);
         }
 }
@@ -545,12 +570,18 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
 
         /* Get rid of any futexes when releasing the mm */
 #ifdef CONFIG_FUTEX
-        if (unlikely(tsk->robust_list))
+        if (unlikely(tsk->robust_list)) {
                 exit_robust_list(tsk);
+                tsk->robust_list = NULL;
+        }
 #ifdef CONFIG_COMPAT
-        if (unlikely(tsk->compat_robust_list))
+        if (unlikely(tsk->compat_robust_list)) {
                 compat_exit_robust_list(tsk);
+                tsk->compat_robust_list = NULL;
+        }
 #endif
+        if (unlikely(!list_empty(&tsk->pi_state_list)))
+                exit_pi_state_list(tsk);
 #endif
 
         /* Get rid of any cached register state */
@@ -568,18 +599,18 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
          * the value intact in a core dump, and to save the unnecessary
          * trouble otherwise.  Userland only wants this done for a sys_exit.
          */
-        if (tsk->clear_child_tid
-            && !(tsk->flags & PF_SIGNALED)
-            && atomic_read(&mm->mm_users) > 1) {
-                u32 __user * tidptr = tsk->clear_child_tid;
+        if (tsk->clear_child_tid) {
+                if (!(tsk->flags & PF_SIGNALED) &&
+                    atomic_read(&mm->mm_users) > 1) {
+                        /*
+                         * We don't check the error code - if userspace has
+                         * not set up a proper pointer then tough luck.
+                         */
+                        put_user(0, tsk->clear_child_tid);
+                        sys_futex(tsk->clear_child_tid, FUTEX_WAKE,
+                                        1, NULL, NULL, 0);
+                }
                 tsk->clear_child_tid = NULL;
-
-                /*
-                 * We don't check the error code - if userspace has
-                 * not set up a proper pointer then tough luck.
-                 */
-                put_user(0, tidptr);
-                sys_futex(tidptr, FUTEX_WAKE, 1, NULL, NULL, 0);
         }
 }
 
@@ -620,9 +651,14 @@ struct mm_struct *dup_mm(struct task_struct *tsk)
         mm->hiwater_rss = get_mm_rss(mm);
         mm->hiwater_vm = mm->total_vm;
 
+        if (mm->binfmt && !try_module_get(mm->binfmt->module))
+                goto free_pt;
+
         return mm;
 
 free_pt:
+        /* don't put binfmt in mmput, we haven't got module yet */
+        mm->binfmt = NULL;
         mmput(mm);
 
 fail_nomem:
@@ -790,10 +826,10 @@ static void posix_cpu_timers_init_group(struct signal_struct *sig)
         thread_group_cputime_init(sig);
 
         /* Expiration times and increments. */
-        sig->it_virt_expires = cputime_zero;
-        sig->it_virt_incr = cputime_zero;
-        sig->it_prof_expires = cputime_zero;
-        sig->it_prof_incr = cputime_zero;
+        sig->it[CPUCLOCK_PROF].expires = cputime_zero;
+        sig->it[CPUCLOCK_PROF].incr = cputime_zero;
+        sig->it[CPUCLOCK_VIRT].expires = cputime_zero;
+        sig->it[CPUCLOCK_VIRT].incr = cputime_zero;
 
         /* Cached expiration times. */
         sig->cputime_expires.prof_exp = cputime_zero;
@@ -816,11 +852,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
 {
         struct signal_struct *sig;
 
-        if (clone_flags & CLONE_THREAD) {
-                atomic_inc(&current->signal->count);
-                atomic_inc(&current->signal->live);
+        if (clone_flags & CLONE_THREAD)
                 return 0;
-        }
 
         sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL);
         tsk->signal = sig;
@@ -854,6 +887,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
         sig->nvcsw = sig->nivcsw = sig->cnvcsw = sig->cnivcsw = 0;
         sig->min_flt = sig->maj_flt = sig->cmin_flt = sig->cmaj_flt = 0;
         sig->inblock = sig->oublock = sig->cinblock = sig->coublock = 0;
+        sig->maxrss = sig->cmaxrss = 0;
         task_io_accounting_init(&sig->ioac);
         sig->sum_sched_runtime = 0;
         taskstats_tgid_init(sig);
@@ -868,6 +902,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
 
         tty_audit_fork(sig);
 
+        sig->oom_adj = current->signal->oom_adj;
+
         return 0;
 }
 
@@ -878,16 +914,6 @@ void __cleanup_signal(struct signal_struct *sig)
         kmem_cache_free(signal_cachep, sig);
 }
 
-static void cleanup_signal(struct task_struct *tsk)
-{
-        struct signal_struct *sig = tsk->signal;
-
-        atomic_dec(&sig->live);
-
-        if (atomic_dec_and_test(&sig->count))
-                __cleanup_signal(sig);
-}
-
 static void copy_flags(unsigned long clone_flags, struct task_struct *p)
 {
         unsigned long new_flags = p->flags;
@@ -973,6 +999,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
                 return ERR_PTR(-EINVAL);
 
+        /*
+         * Siblings of global init remain as zombies on exit since they are
+         * not reaped by their parent (swapper). To solve this and to avoid
+         * multi-rooted process trees, prevent global and container-inits
+         * from creating siblings.
+         */
+        if ((clone_flags & CLONE_PARENT) &&
+                                current->signal->flags & SIGNAL_UNKILLABLE)
+                return ERR_PTR(-EINVAL);
+
         retval = security_task_create(clone_flags);
         if (retval)
                 goto fork_out;
@@ -1014,18 +1050,12 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         if (!try_module_get(task_thread_info(p)->exec_domain->module))
                 goto bad_fork_cleanup_count;
 
-        if (p->binfmt && !try_module_get(p->binfmt->module))
-                goto bad_fork_cleanup_put_domain;
-
         p->did_exec = 0;
         delayacct_tsk_init(p);  /* Must remain after dup_task_struct() */
         copy_flags(clone_flags, p);
         INIT_LIST_HEAD(&p->children);
         INIT_LIST_HEAD(&p->sibling);
-#ifdef CONFIG_PREEMPT_RCU
-        p->rcu_read_lock_nesting = 0;
-        p->rcu_flipctr_idx = 0;
-#endif /* #ifdef CONFIG_PREEMPT_RCU */
+        rcu_copy_process(p);
         p->vfork_done = NULL;
         spin_lock_init(&p->alloc_lock);
 
@@ -1093,10 +1123,12 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 
         p->bts = NULL;
 
+        p->stack_start = stack_start;
+
         /* Perform scheduler related setup. Assign this task to a CPU. */
         sched_fork(p, clone_flags);
 
-        retval = perf_counter_init_task(p);
+        retval = perf_event_init_task(p);
         if (retval)
                 goto bad_fork_cleanup_policy;
 
@@ -1240,6 +1272,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         }
 
         if (clone_flags & CLONE_THREAD) {
+                atomic_inc(&current->signal->count);
+                atomic_inc(&current->signal->live);
                 p->group_leader = current->group_leader;
                 list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group);
         }
@@ -1269,6 +1303,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         write_unlock_irq(&tasklist_lock);
         proc_fork_connector(p);
         cgroup_post_fork(p);
+        perf_event_fork(p);
         return p;
 
 bad_fork_free_pid:
@@ -1282,7 +1317,8 @@ bad_fork_cleanup_mm:
         if (p->mm)
                 mmput(p->mm);
 bad_fork_cleanup_signal:
-        cleanup_signal(p);
+        if (!(clone_flags & CLONE_THREAD))
+                __cleanup_signal(p->signal);
 bad_fork_cleanup_sighand:
         __cleanup_sighand(p->sighand);
 bad_fork_cleanup_fs:
@@ -1294,21 +1330,17 @@ bad_fork_cleanup_semundo:
 bad_fork_cleanup_audit:
         audit_free(p);
 bad_fork_cleanup_policy:
-        perf_counter_free_task(p);
+        perf_event_free_task(p);
 #ifdef CONFIG_NUMA
         mpol_put(p->mempolicy);
 bad_fork_cleanup_cgroup:
 #endif
         cgroup_exit(p, cgroup_callbacks_done);
         delayacct_tsk_free(p);
-        if (p->binfmt)
-                module_put(p->binfmt->module);
-bad_fork_cleanup_put_domain:
         module_put(task_thread_info(p)->exec_domain->module);
 bad_fork_cleanup_count:
         atomic_dec(&p->cred->user->processes);
-        put_cred(p->real_cred);
-        put_cred(p->cred);
+        exit_creds(p);
 bad_fork_free:
         free_task(p);
 fork_out:
@@ -1408,12 +1440,6 @@ long do_fork(unsigned long clone_flags,
                 if (clone_flags & CLONE_VFORK) {
                         p->vfork_done = &vfork;
                         init_completion(&vfork);
-                } else if (!(clone_flags & CLONE_VM)) {
-                        /*
-                         * vfork will do an exec which will call
-                         * set_task_comm()
-                         */
-                        perf_counter_fork(p);
                 }
 
                 audit_finish_fork(p);