1 files changed, 84 insertions, 41 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index b9372a0bff18..f00e319d8376 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -34,6 +34,7 @@
 #include <linux/cgroup.h>
 #include <linux/security.h>
 #include <linux/hugetlb.h>
+#include <linux/seccomp.h>
 #include <linux/swap.h>
 #include <linux/syscalls.h>
 #include <linux/jiffies.h>
@@ -47,6 +48,7 @@
 #include <linux/audit.h>
 #include <linux/memcontrol.h>
 #include <linux/ftrace.h>
+#include <linux/proc_fs.h>
 #include <linux/profile.h>
 #include <linux/rmap.h>
 #include <linux/ksm.h>
@@ -67,6 +69,7 @@
 #include <linux/oom.h>
 #include <linux/khugepaged.h>
 #include <linux/signalfd.h>
+#include <linux/uprobes.h>
 
 #include <asm/pgtable.h>
 #include <asm/pgalloc.h>
@@ -111,32 +114,67 @@ int nr_processes(void)
         return total;
 }
 
-#ifndef __HAVE_ARCH_TASK_STRUCT_ALLOCATOR
-# define alloc_task_struct_node(node)           \
-                kmem_cache_alloc_node(task_struct_cachep, GFP_KERNEL, node)
-# define free_task_struct(tsk)                  \
-                kmem_cache_free(task_struct_cachep, (tsk))
+#ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR
 static struct kmem_cache *task_struct_cachep;
+
+static inline struct task_struct *alloc_task_struct_node(int node)
+{
+        return kmem_cache_alloc_node(task_struct_cachep, GFP_KERNEL, node);
+}
+
+void __weak arch_release_task_struct(struct task_struct *tsk) { }
+
+static inline void free_task_struct(struct task_struct *tsk)
+{
+        arch_release_task_struct(tsk);
+        kmem_cache_free(task_struct_cachep, tsk);
+}
 #endif
 
-#ifndef __HAVE_ARCH_THREAD_INFO_ALLOCATOR
+#ifndef CONFIG_ARCH_THREAD_INFO_ALLOCATOR
+void __weak arch_release_thread_info(struct thread_info *ti) { }
+
+/*
+ * Allocate pages if THREAD_SIZE is >= PAGE_SIZE, otherwise use a
+ * kmemcache based allocator.
+ */
+# if THREAD_SIZE >= PAGE_SIZE
 static struct thread_info *alloc_thread_info_node(struct task_struct *tsk,
                                                   int node)
 {
-#ifdef CONFIG_DEBUG_STACK_USAGE
-        gfp_t mask = GFP_KERNEL | __GFP_ZERO;
-#else
-        gfp_t mask = GFP_KERNEL;
-#endif
-        struct page *page = alloc_pages_node(node, mask, THREAD_SIZE_ORDER);
+        struct page *page = alloc_pages_node(node, THREADINFO_GFP,
+                                             THREAD_SIZE_ORDER);
 
         return page ? page_address(page) : NULL;
 }
 
 static inline void free_thread_info(struct thread_info *ti)
 {
+        arch_release_thread_info(ti);
         free_pages((unsigned long)ti, THREAD_SIZE_ORDER);
 }
+# else
+static struct kmem_cache *thread_info_cache;
+
+static struct thread_info *alloc_thread_info_node(struct task_struct *tsk,
+                                                  int node)
+{
+        return kmem_cache_alloc_node(thread_info_cache, THREADINFO_GFP, node);
+}
+
+static void free_thread_info(struct thread_info *ti)
+{
+        arch_release_thread_info(ti);
+        kmem_cache_free(thread_info_cache, ti);
+}
+
+void thread_info_cache_init(void)
+{
+        thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE,
+                                              THREAD_SIZE, 0, NULL);
+        BUG_ON(thread_info_cache == NULL);
+}
+# endif
 #endif
 
 /* SLAB cache for signal_struct structures (tsk->signal) */
@@ -170,6 +208,7 @@ void free_task(struct task_struct *tsk)
         free_thread_info(tsk->stack);
         rt_mutex_debug_task_free(tsk);
         ftrace_graph_exit_task(tsk);
+        put_seccomp_filter(tsk);
         free_task_struct(tsk);
 }
 EXPORT_SYMBOL(free_task);
@@ -203,17 +242,11 @@ void __put_task_struct(struct task_struct *tsk)
 }
 EXPORT_SYMBOL_GPL(__put_task_struct);
 
-/*
- * macro override instead of weak attribute alias, to workaround
- * gcc 4.1.0 and 4.1.1 bugs with weak attribute and empty functions.
- */
-#ifndef arch_task_cache_init
-#define arch_task_cache_init()
-#endif
+void __init __weak arch_task_cache_init(void) { }
 
 void __init fork_init(unsigned long mempages)
 {
-#ifndef __HAVE_ARCH_TASK_STRUCT_ALLOCATOR
+#ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR
 #ifndef ARCH_MIN_TASKALIGN
 #define ARCH_MIN_TASKALIGN      L1_CACHE_BYTES
 #endif
@@ -260,8 +293,6 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
         int node = tsk_fork_get_node(orig);
         int err;
 
-        prepare_to_copy(orig);
-
         tsk = alloc_task_struct_node(node);
         if (!tsk)
                 return NULL;
@@ -273,12 +304,17 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
         }
 
         err = arch_dup_task_struct(tsk, orig);
-        if (err)
-                goto out;
 
+        /*
+         * We defer looking at err, because we will need this setup
+         * for the clean up path to work correctly.
+         */
         tsk->stack = ti;
-
         setup_thread_stack(tsk, orig);
+
+        if (err)
+                goto out;
+
         clear_user_return_notifier(tsk);
         clear_tsk_need_resched(tsk);
         stackend = end_of_stack(tsk);
@@ -355,7 +391,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
                 }
                 charge = 0;
                 if (mpnt->vm_flags & VM_ACCOUNT) {
-                        unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
+                        unsigned long len;
+                        len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
                         if (security_vm_enough_memory_mm(oldmm, len)) /* sic */
                                 goto fail_nomem;
                         charge = len;
@@ -421,6 +458,9 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
 
                 if (retval)
                         goto out;
+
+                if (file && uprobe_mmap(tmp))
+                        goto out;
         }
         /* a new mm has just been created */
         arch_dup_mmap(oldmm, mm);
@@ -569,6 +609,7 @@ void mmput(struct mm_struct *mm)
         might_sleep();
 
         if (atomic_dec_and_test(&mm->mm_users)) {
+                uprobe_clear_state(mm);
                 exit_aio(mm);
                 ksm_exit(mm);
                 khugepaged_exit(mm); /* must run before exit_mmap */
@@ -579,7 +620,6 @@ void mmput(struct mm_struct *mm)
                         list_del(&mm->mmlist);
                         spin_unlock(&mmlist_lock);
                 }
-                put_swap_token(mm);
                 if (mm->binfmt)
                         module_put(mm->binfmt->module);
                 mmdrop(mm);
@@ -747,12 +787,11 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
                 exit_pi_state_list(tsk);
 #endif
 
+        uprobe_free_utask(tsk);
+
         /* Get rid of any cached register state */
         deactivate_mm(tsk, mm);
 
-        if (tsk->vfork_done)
-                complete_vfork_done(tsk);
-
         /*
          * If we're exiting normally, clear a user-space tid field if
          * requested.  We leave this alone when dying by signal, to leave
@@ -773,6 +812,13 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
                 }
                 tsk->clear_child_tid = NULL;
         }
+
+        /*
+         * All done, finally we can wake up parent and return this mm to him.
+         * Also kthread_stop() uses this completion for synchronization.
+         */
+        if (tsk->vfork_done)
+                complete_vfork_done(tsk);
 }
 
 /*
@@ -794,13 +840,10 @@ struct mm_struct *dup_mm(struct task_struct *tsk)
         memcpy(mm, oldmm, sizeof(*mm));
         mm_init_cpumask(mm);
 
-        /* Initializing for Swap token stuff */
-        mm->token_priority = 0;
-        mm->last_interval = 0;
-
 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
         mm->pmd_huge_pte = NULL;
 #endif
+        uprobe_reset_state(mm);
 
         if (!mm_init(mm, tsk))
                 goto fail_nomem;
@@ -875,10 +918,6 @@ static int copy_mm(unsigned long clone_flags, struct task_struct *tsk)
                 goto fail_nomem;
 
 good_mm:
-        /* Initializing for Swap token stuff */
-        mm->token_priority = 0;
-        mm->last_interval = 0;
-
         tsk->mm = mm;
         tsk->active_mm = mm;
         return 0;
@@ -946,9 +985,8 @@ static int copy_io(unsigned long clone_flags, struct task_struct *tsk)
          * Share io context with parent, if CLONE_IO is set
          */
         if (clone_flags & CLONE_IO) {
-                tsk->io_context = ioc_task_link(ioc);
-                if (unlikely(!tsk->io_context))
-                        return -ENOMEM;
+                ioc_task_link(ioc);
+                tsk->io_context = ioc;
         } else if (ioprio_valid(ioc->ioprio)) {
                 new_ioc = get_task_io_context(tsk, GFP_KERNEL, NUMA_NO_NODE);
                 if (unlikely(!new_ioc))
@@ -1162,6 +1200,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                 goto fork_out;
 
         ftrace_graph_init_task(p);
+        get_seccomp_filter(p);
 
         rt_mutex_init_task(p);
 
@@ -1342,6 +1381,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         INIT_LIST_HEAD(&p->pi_state_list);
         p->pi_state_cache = NULL;
 #endif
+        uprobe_copy_process(p);
         /*
          * sigaltstack should be cleared when sharing the same VM
          */
@@ -1380,6 +1420,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
          */
         p->group_leader = p;
         INIT_LIST_HEAD(&p->thread_group);
+        INIT_HLIST_HEAD(&p->task_works);
 
         /* Now that the task is set up, run cgroup callbacks if
          * necessary. We need to run them before the task is visible
@@ -1464,6 +1505,8 @@ bad_fork_cleanup_io:
         if (p->io_context)
                 exit_io_context(p);
 bad_fork_cleanup_namespaces:
+        if (unlikely(clone_flags & CLONE_NEWPID))
+                pid_ns_release_proc(p->nsproxy->pid_ns);
         exit_task_namespaces(p);
 bad_fork_cleanup_mm:
         if (p->mm)