6 files changed, 31 insertions, 11 deletions

diff --git a/kernel/fork.c b/kernel/fork.c
index a31b823b3c2d..65ca6d27f24e 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1166,6 +1166,14 @@ static struct task_struct *copy_process(unsigned long clone_flags,
                                 current->signal->flags & SIGNAL_UNKILLABLE)
                 return ERR_PTR(-EINVAL);
 
+        /*
+         * If the new process will be in a different pid namespace
+         * don't allow the creation of threads.
+         */
+        if ((clone_flags & (CLONE_VM|CLONE_NEWPID)) &&
+            (task_active_pid_ns(current) != current->nsproxy->pid_ns))
+                return ERR_PTR(-EINVAL);
+
         retval = security_task_create(clone_flags);
         if (retval)
                 goto fork_out;
diff --git a/kernel/pid.c b/kernel/pid.c
index 36aa02ff17d6..de9af600006f 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -270,7 +270,6 @@ void free_pid(struct pid *pid)
                         wake_up_process(ns->child_reaper);
                         break;
                 case 0:
-                        ns->nr_hashed = -1;
                         schedule_work(&ns->proc_work);
                         break;
                 }
@@ -319,7 +318,7 @@ struct pid *alloc_pid(struct pid_namespace *ns)
 
         upid = pid->numbers + ns->level;
         spin_lock_irq(&pidmap_lock);
-        if (ns->nr_hashed < 0)
+        if (!(ns->nr_hashed & PIDNS_HASH_ADDING))
                 goto out_unlock;
         for ( ; upid >= pid->numbers; --upid) {
                 hlist_add_head_rcu(&upid->pid_chain,
@@ -342,6 +341,13 @@ out_free:
         goto out;
 }
 
+void disable_pid_allocation(struct pid_namespace *ns)
+{
+        spin_lock_irq(&pidmap_lock);
+        ns->nr_hashed &= ~PIDNS_HASH_ADDING;
+        spin_unlock_irq(&pidmap_lock);
+}
+
 struct pid *find_pid_ns(int nr, struct pid_namespace *ns)
 {
         struct hlist_node *elem;
@@ -573,6 +579,9 @@ void __init pidhash_init(void)
 
 void __init pidmap_init(void)
 {
+        /* Veryify no one has done anything silly */
+        BUILD_BUG_ON(PID_MAX_LIMIT >= PIDNS_HASH_ADDING);
+
         /* bump default and minimum pid_max based on number of cpus */
         pid_max = min(pid_max_max, max_t(int, pid_max,
                                 PIDS_PER_CPU_DEFAULT * num_possible_cpus()));
@@ -584,7 +593,7 @@ void __init pidmap_init(void)
         /* Reserve PID 0. We never call free_pidmap(0) */
         set_bit(0, init_pid_ns.pidmap[0].page);
         atomic_dec(&init_pid_ns.pidmap[0].nr_free);
-        init_pid_ns.nr_hashed = 1;
+        init_pid_ns.nr_hashed = PIDNS_HASH_ADDING;
 
         init_pid_ns.pid_cachep = KMEM_CACHE(pid,
                         SLAB_HWCACHE_ALIGN | SLAB_PANIC);
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index fdbd0cdf271a..c1c3dc1c6023 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -115,6 +115,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
         ns->level = level;
         ns->parent = get_pid_ns(parent_pid_ns);
         ns->user_ns = get_user_ns(user_ns);
+        ns->nr_hashed = PIDNS_HASH_ADDING;
         INIT_WORK(&ns->proc_work, proc_cleanup_work);
 
         set_bit(0, ns->pidmap[0].page);
@@ -181,6 +182,9 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
         int rc;
         struct task_struct *task, *me = current;
 
+        /* Don't allow any more processes into the pid namespace */
+        disable_pid_allocation(pid_ns);
+
         /* Ignore SIGCHLD causing any terminated children to autoreap */
         spin_lock_irq(&me->sighand->siglock);
         me->sighand->action[SIGCHLD - 1].sa.sa_handler = SIG_IGN;
diff --git a/kernel/printk.c b/kernel/printk.c
index 19c0d7bcf24a..357f714ddd49 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -870,10 +870,11 @@ static size_t print_time(u64 ts, char *buf)
         if (!printk_time)
                 return 0;
 
+        rem_nsec = do_div(ts, 1000000000);
+
         if (!buf)
-                return 15;
+                return snprintf(NULL, 0, "[%5lu.000000] ", (unsigned long)ts);
 
-        rem_nsec = do_div(ts, 1000000000);
         return sprintf(buf, "[%5lu.%06lu] ",
                        (unsigned long)ts, rem_nsec / 1000);
 }
diff --git a/kernel/signal.c b/kernel/signal.c
index 7aaa51d8e5b8..372771e948c2 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -2528,11 +2528,8 @@ static void __set_task_blocked(struct task_struct *tsk, const sigset_t *newset)
  */
 void set_current_blocked(sigset_t *newset)
 {
-        struct task_struct *tsk = current;
         sigdelsetmask(newset, sigmask(SIGKILL) | sigmask(SIGSTOP));
-        spin_lock_irq(&tsk->sighand->siglock);
-        __set_task_blocked(tsk, newset);
-        spin_unlock_irq(&tsk->sighand->siglock);
+        __set_current_blocked(newset);
 }
 
 void __set_current_blocked(const sigset_t *newset)
@@ -3204,7 +3201,6 @@ SYSCALL_DEFINE3(sigprocmask, int, how, old_sigset_t __user *, nset,
         if (nset) {
                 if (copy_from_user(&new_set, nset, sizeof(*nset)))
                         return -EFAULT;
-                new_set &= ~(sigmask(SIGKILL) | sigmask(SIGSTOP));
 
                 new_blocked = current->blocked;
 
@@ -3222,7 +3218,7 @@ SYSCALL_DEFINE3(sigprocmask, int, how, old_sigset_t __user *, nset,
                         return -EINVAL;
                 }
 
-                __set_current_blocked(&new_blocked);
+                set_current_blocked(&new_blocked);
         }
 
         if (oset) {
@@ -3286,6 +3282,7 @@ SYSCALL_DEFINE1(ssetmask, int, newmask)
         int old = current->blocked.sig[0];
         sigset_t newset;
 
+        siginitset(&newset, newmask);
         set_current_blocked(&newset);
 
         return old;
diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c
index 30b6de0d977c..c6d6400ee137 100644
--- a/kernel/time/clockevents.c
+++ b/kernel/time/clockevents.c
@@ -339,6 +339,7 @@ void clockevents_config_and_register(struct clock_event_device *dev,
         clockevents_config(dev, freq);
         clockevents_register_device(dev);
 }
+EXPORT_SYMBOL_GPL(clockevents_config_and_register);
 
 /**
  * clockevents_update_freq - Update frequency and reprogram a clock event device.