1 files changed, 46 insertions, 65 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index 266c6af6ef1b..4799c5f0e6d0 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -64,6 +64,7 @@
 #include <linux/magic.h>
 #include <linux/perf_event.h>
 #include <linux/posix-timers.h>
+#include <linux/user-return-notifier.h>
 
 #include <asm/pgtable.h>
 #include <asm/pgalloc.h>
@@ -86,12 +87,20 @@ DEFINE_PER_CPU(unsigned long, process_counts) = 0;
 
 __cacheline_aligned DEFINE_RWLOCK(tasklist_lock);  /* outer */
 
+#ifdef CONFIG_PROVE_RCU
+int lockdep_tasklist_lock_is_held(void)
+{
+        return lockdep_is_held(&tasklist_lock);
+}
+EXPORT_SYMBOL_GPL(lockdep_tasklist_lock_is_held);
+#endif /* #ifdef CONFIG_PROVE_RCU */
+
 int nr_processes(void)
 {
         int cpu;
         int total = 0;
 
-        for_each_online_cpu(cpu)
+        for_each_possible_cpu(cpu)
                 total += per_cpu(process_counts, cpu);
 
         return total;
@@ -249,6 +258,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
                 goto out;
 
         setup_thread_stack(tsk, orig);
+        clear_user_return_notifier(tsk);
         stackend = end_of_stack(tsk);
         *stackend = STACK_END_MAGIC;    /* for overflow detection */
 
@@ -326,15 +336,17 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
                 if (!tmp)
                         goto fail_nomem;
                 *tmp = *mpnt;
+                INIT_LIST_HEAD(&tmp->anon_vma_chain);
                 pol = mpol_dup(vma_policy(mpnt));
                 retval = PTR_ERR(pol);
                 if (IS_ERR(pol))
                         goto fail_nomem_policy;
                 vma_set_policy(tmp, pol);
+                if (anon_vma_fork(tmp, mpnt))
+                        goto fail_nomem_anon_vma_fork;
                 tmp->vm_flags &= ~VM_LOCKED;
                 tmp->vm_mm = mm;
                 tmp->vm_next = NULL;
-                anon_vma_link(tmp);
                 file = tmp->vm_file;
                 if (file) {
                         struct inode *inode = file->f_path.dentry->d_inode;
@@ -389,6 +401,8 @@ out:
         flush_tlb_mm(oldmm);
         up_write(&oldmm->mmap_sem);
         return retval;
+fail_nomem_anon_vma_fork:
+        mpol_put(pol);
 fail_nomem_policy:
         kmem_cache_free(vm_area_cachep, tmp);
 fail_nomem:
@@ -452,8 +466,7 @@ static struct mm_struct * mm_init(struct mm_struct * mm, struct task_struct *p)
                 (current->mm->flags & MMF_INIT_MASK) : default_dump_filter;
         mm->core_state = NULL;
         mm->nr_ptes = 0;
-        set_mm_counter(mm, file_rss, 0);
-        set_mm_counter(mm, anon_rss, 0);
+        memset(&mm->rss_stat, 0, sizeof(mm->rss_stat));
         spin_lock_init(&mm->page_table_lock);
         mm->free_area_cache = TASK_UNMAPPED_BASE;
         mm->cached_hole_size = ~0UL;
@@ -570,12 +583,18 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
 
         /* Get rid of any futexes when releasing the mm */
 #ifdef CONFIG_FUTEX
-        if (unlikely(tsk->robust_list))
+        if (unlikely(tsk->robust_list)) {
                 exit_robust_list(tsk);
+                tsk->robust_list = NULL;
+        }
 #ifdef CONFIG_COMPAT
-        if (unlikely(tsk->compat_robust_list))
+        if (unlikely(tsk->compat_robust_list)) {
                 compat_exit_robust_list(tsk);
+                tsk->compat_robust_list = NULL;
+        }
 #endif
+        if (unlikely(!list_empty(&tsk->pi_state_list)))
+                exit_pi_state_list(tsk);
 #endif
 
         /* Get rid of any cached register state */
@@ -816,23 +835,14 @@ void __cleanup_sighand(struct sighand_struct *sighand)
  */
 static void posix_cpu_timers_init_group(struct signal_struct *sig)
 {
+        unsigned long cpu_limit;
+
         /* Thread group counters. */
         thread_group_cputime_init(sig);
 
-        /* Expiration times and increments. */
-        sig->it[CPUCLOCK_PROF].expires = cputime_zero;
-        sig->it[CPUCLOCK_PROF].incr = cputime_zero;
-        sig->it[CPUCLOCK_VIRT].expires = cputime_zero;
-        sig->it[CPUCLOCK_VIRT].incr = cputime_zero;
-
-        /* Cached expiration times. */
-        sig->cputime_expires.prof_exp = cputime_zero;
-        sig->cputime_expires.virt_exp = cputime_zero;
-        sig->cputime_expires.sched_exp = 0;
-
-        if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
-                sig->cputime_expires.prof_exp =
-                        secs_to_cputime(sig->rlim[RLIMIT_CPU].rlim_cur);
+        cpu_limit = ACCESS_ONCE(sig->rlim[RLIMIT_CPU].rlim_cur);
+        if (cpu_limit != RLIM_INFINITY) {
+                sig->cputime_expires.prof_exp = secs_to_cputime(cpu_limit);
                 sig->cputimer.running = 1;
         }
 
@@ -849,7 +859,7 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
         if (clone_flags & CLONE_THREAD)
                 return 0;
 
-        sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL);
+        sig = kmem_cache_zalloc(signal_cachep, GFP_KERNEL);
         tsk->signal = sig;
         if (!sig)
                 return -ENOMEM;
@@ -857,43 +867,21 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
         atomic_set(&sig->count, 1);
         atomic_set(&sig->live, 1);
         init_waitqueue_head(&sig->wait_chldexit);
-        sig->flags = 0;
         if (clone_flags & CLONE_NEWPID)
                 sig->flags |= SIGNAL_UNKILLABLE;
-        sig->group_exit_code = 0;
-        sig->group_exit_task = NULL;
-        sig->group_stop_count = 0;
         sig->curr_target = tsk;
         init_sigpending(&sig->shared_pending);
         INIT_LIST_HEAD(&sig->posix_timers);
 
         hrtimer_init(&sig->real_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
-        sig->it_real_incr.tv64 = 0;
         sig->real_timer.function = it_real_fn;
 
-        sig->leader = 0;        /* session leadership doesn't inherit */
-        sig->tty_old_pgrp = NULL;
-        sig->tty = NULL;
-
-        sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;
-        sig->gtime = cputime_zero;
-        sig->cgtime = cputime_zero;
-        sig->nvcsw = sig->nivcsw = sig->cnvcsw = sig->cnivcsw = 0;
-        sig->min_flt = sig->maj_flt = sig->cmin_flt = sig->cmaj_flt = 0;
-        sig->inblock = sig->oublock = sig->cinblock = sig->coublock = 0;
-        sig->maxrss = sig->cmaxrss = 0;
-        task_io_accounting_init(&sig->ioac);
-        sig->sum_sched_runtime = 0;
-        taskstats_tgid_init(sig);
-
         task_lock(current->group_leader);
         memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim);
         task_unlock(current->group_leader);
 
         posix_cpu_timers_init_group(sig);
 
-        acct_init_pacct(&sig->pacct);
-
         tty_audit_fork(sig);
 
         sig->oom_adj = current->signal->oom_adj;
@@ -928,9 +916,9 @@ SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr)
 
 static void rt_mutex_init_task(struct task_struct *p)
 {
-        spin_lock_init(&p->pi_lock);
+        raw_spin_lock_init(&p->pi_lock);
 #ifdef CONFIG_RT_MUTEXES
-        plist_head_init(&p->pi_waiters, &p->pi_lock);
+        plist_head_init_raw(&p->pi_waiters, &p->pi_lock);
         p->pi_blocked_on = NULL;
 #endif
 }
@@ -1022,7 +1010,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 #endif
         retval = -EAGAIN;
         if (atomic_read(&p->real_cred->user->processes) >=
-                        p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
+                        task_rlimit(p, RLIMIT_NPROC)) {
                 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
                     p->real_cred->user != INIT_USER)
                         goto bad_fork_free;
@@ -1060,8 +1048,10 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         p->gtime = cputime_zero;
         p->utimescaled = cputime_zero;
         p->stimescaled = cputime_zero;
+#ifndef CONFIG_VIRT_CPU_ACCOUNTING
         p->prev_utime = cputime_zero;
         p->prev_stime = cputime_zero;
+#endif
 
         p->default_timer_slack_ns = current->timer_slack_ns;
 
@@ -1114,6 +1104,10 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 #ifdef CONFIG_DEBUG_MUTEXES
         p->blocked_on = NULL; /* not blocked yet */
 #endif
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR
+        p->memcg_batch.do_batch = 0;
+        p->memcg_batch.memcg = NULL;
+#endif
 
         p->bts = NULL;
 
@@ -1193,9 +1187,10 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                 p->sas_ss_sp = p->sas_ss_size = 0;
 
         /*
-         * Syscall tracing should be turned off in the child regardless
-         * of CLONE_PTRACE.
+         * Syscall tracing and stepping should be turned off in the
+         * child regardless of CLONE_PTRACE.
          */
+        user_disable_single_step(p);
         clear_tsk_thread_flag(p, TIF_SYSCALL_TRACE);
 #ifdef TIF_SYSCALL_EMU
         clear_tsk_thread_flag(p, TIF_SYSCALL_EMU);
@@ -1223,21 +1218,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         /* Need tasklist lock for parent etc handling! */
         write_lock_irq(&tasklist_lock);
 
-        /*
-         * The task hasn't been attached yet, so its cpus_allowed mask will
-         * not be changed, nor will its assigned CPU.
-         *
-         * The cpus_allowed mask of the parent may have changed after it was
-         * copied first time - so re-copy it here, then check the child's CPU
-         * to ensure it is on a valid CPU (and if not, just force it back to
-         * parent's CPU). This avoids alot of nasty races.
-         */
-        p->cpus_allowed = current->cpus_allowed;
-        p->rt.nr_cpus_allowed = current->rt.nr_cpus_allowed;
-        if (unlikely(!cpu_isset(task_cpu(p), p->cpus_allowed) ||
-                        !cpu_online(task_cpu(p))))
-                set_task_cpu(p, smp_processor_id());
-
         /* CLONE_PARENT re-uses the old parent */
         if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
                 p->real_parent = current->real_parent;
@@ -1273,7 +1253,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
         }
 
         if (likely(p->pid)) {
-                list_add_tail(&p->sibling, &p->real_parent->children);
                 tracehook_finish_clone(p, clone_flags, trace);
 
                 if (thread_group_leader(p)) {
@@ -1285,6 +1264,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                         p->signal->tty = tty_kref_get(current->signal->tty);
                         attach_pid(p, PIDTYPE_PGID, task_pgrp(current));
                         attach_pid(p, PIDTYPE_SID, task_session(current));
+                        list_add_tail(&p->sibling, &p->real_parent->children);
                         list_add_tail_rcu(&p->tasks, &init_task.tasks);
                         __get_cpu_var(process_counts)++;
                 }
@@ -1304,7 +1284,8 @@ bad_fork_free_pid:
         if (pid != &init_struct_pid)
                 free_pid(pid);
 bad_fork_cleanup_io:
-        put_io_context(p->io_context);
+        if (p->io_context)
+                exit_io_context(p);
 bad_fork_cleanup_namespaces:
         exit_task_namespaces(p);
 bad_fork_cleanup_mm: