4  *  Copyright (C) 1991, 1992  Linus Torvalds
 
   8  *  'fork.c' contains the help-routines for the 'fork' system call
 
   9  * (see also entry.S and others).
 
  10  * Fork is rather simple, once you get the hang of it, but the memory
 
  11  * management can be a bitch. See 'mm/memory.c': 'copy_page_range()'
 
  14 #include <linux/config.h>
 
  15 #include <linux/slab.h>
 
  16 #include <linux/init.h>
 
  17 #include <linux/unistd.h>
 
  18 #include <linux/smp_lock.h>
 
  19 #include <linux/module.h>
 
  20 #include <linux/vmalloc.h>
 
  21 #include <linux/completion.h>
 
  22 #include <linux/namespace.h>
 
  23 #include <linux/personality.h>
 
  24 #include <linux/mempolicy.h>
 
  25 #include <linux/sem.h>
 
  26 #include <linux/file.h>
 
  27 #include <linux/key.h>
 
  28 #include <linux/binfmts.h>
 
  29 #include <linux/mman.h>
 
  31 #include <linux/capability.h>
 
  32 #include <linux/cpu.h>
 
  33 #include <linux/cpuset.h>
 
  34 #include <linux/security.h>
 
  35 #include <linux/swap.h>
 
  36 #include <linux/syscalls.h>
 
  37 #include <linux/jiffies.h>
 
  38 #include <linux/futex.h>
 
  39 #include <linux/rcupdate.h>
 
  40 #include <linux/ptrace.h>
 
  41 #include <linux/mount.h>
 
  42 #include <linux/audit.h>
 
  43 #include <linux/profile.h>
 
  44 #include <linux/rmap.h>
 
  45 #include <linux/acct.h>
 
  46 #include <linux/cn_proc.h>
 
  48 #include <asm/pgtable.h>
 
  49 #include <asm/pgalloc.h>
 
  50 #include <asm/uaccess.h>
 
  51 #include <asm/mmu_context.h>
 
  52 #include <asm/cacheflush.h>
 
  53 #include <asm/tlbflush.h>
 
  56  * Protected counters by write_lock_irq(&tasklist_lock)
 
  58 unsigned long total_forks;      /* Handle normal Linux uptimes. */
 
  59 int nr_threads;                 /* The idle threads do not count.. */
 
  61 int max_threads;                /* tunable limit on nr_threads */
 
  63 DEFINE_PER_CPU(unsigned long, process_counts) = 0;
 
  65  __cacheline_aligned DEFINE_RWLOCK(tasklist_lock);  /* outer */
 
  67 EXPORT_SYMBOL(tasklist_lock);
 
  69 int nr_processes(void)
 
  74         for_each_online_cpu(cpu)
 
  75                 total += per_cpu(process_counts, cpu);
 
  80 #ifndef __HAVE_ARCH_TASK_STRUCT_ALLOCATOR
 
  81 # define alloc_task_struct()    kmem_cache_alloc(task_struct_cachep, GFP_KERNEL)
 
  82 # define free_task_struct(tsk)  kmem_cache_free(task_struct_cachep, (tsk))
 
  83 static kmem_cache_t *task_struct_cachep;
 
  86 /* SLAB cache for signal_struct structures (tsk->signal) */
 
  87 kmem_cache_t *signal_cachep;
 
  89 /* SLAB cache for sighand_struct structures (tsk->sighand) */
 
  90 kmem_cache_t *sighand_cachep;
 
  92 /* SLAB cache for files_struct structures (tsk->files) */
 
  93 kmem_cache_t *files_cachep;
 
  95 /* SLAB cache for fs_struct structures (tsk->fs) */
 
  96 kmem_cache_t *fs_cachep;
 
  98 /* SLAB cache for vm_area_struct structures */
 
  99 kmem_cache_t *vm_area_cachep;
 
 101 /* SLAB cache for mm_struct structures (tsk->mm) */
 
 102 static kmem_cache_t *mm_cachep;
 
 104 void free_task(struct task_struct *tsk)
 
 106         free_thread_info(tsk->thread_info);
 
 107         free_task_struct(tsk);
 
 109 EXPORT_SYMBOL(free_task);
 
 111 void __put_task_struct_cb(struct rcu_head *rhp)
 
 113         struct task_struct *tsk = container_of(rhp, struct task_struct, rcu);
 
 115         WARN_ON(!(tsk->exit_state & (EXIT_DEAD | EXIT_ZOMBIE)));
 
 116         WARN_ON(atomic_read(&tsk->usage));
 
 117         WARN_ON(tsk == current);
 
 119         if (unlikely(tsk->audit_context))
 
 121         security_task_free(tsk);
 
 123         put_group_info(tsk->group_info);
 
 125         if (!profile_handoff_task(tsk))
 
 129 void __init fork_init(unsigned long mempages)
 
 131 #ifndef __HAVE_ARCH_TASK_STRUCT_ALLOCATOR
 
 132 #ifndef ARCH_MIN_TASKALIGN
 
 133 #define ARCH_MIN_TASKALIGN      L1_CACHE_BYTES
 
 135         /* create a slab on which task_structs can be allocated */
 
 137                 kmem_cache_create("task_struct", sizeof(struct task_struct),
 
 138                         ARCH_MIN_TASKALIGN, SLAB_PANIC, NULL, NULL);
 
 142          * The default maximum number of threads is set to a safe
 
 143          * value: the thread structures can take up at most half
 
 146         max_threads = mempages / (8 * THREAD_SIZE / PAGE_SIZE);
 
 149          * we need to allow at least 20 threads to boot a system
 
 154         init_task.signal->rlim[RLIMIT_NPROC].rlim_cur = max_threads/2;
 
 155         init_task.signal->rlim[RLIMIT_NPROC].rlim_max = max_threads/2;
 
 156         init_task.signal->rlim[RLIMIT_SIGPENDING] =
 
 157                 init_task.signal->rlim[RLIMIT_NPROC];
 
 160 static struct task_struct *dup_task_struct(struct task_struct *orig)
 
 162         struct task_struct *tsk;
 
 163         struct thread_info *ti;
 
 165         prepare_to_copy(orig);
 
 167         tsk = alloc_task_struct();
 
 171         ti = alloc_thread_info(tsk);
 
 173                 free_task_struct(tsk);
 
 178         tsk->thread_info = ti;
 
 179         setup_thread_stack(tsk, orig);
 
 181         /* One for us, one for whoever does the "release_task()" (usually parent) */
 
 182         atomic_set(&tsk->usage,2);
 
 183         atomic_set(&tsk->fs_excl, 0);
 
 188 static inline int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
 
 190         struct vm_area_struct *mpnt, *tmp, **pprev;
 
 191         struct rb_node **rb_link, *rb_parent;
 
 193         unsigned long charge;
 
 194         struct mempolicy *pol;
 
 196         down_write(&oldmm->mmap_sem);
 
 197         flush_cache_mm(oldmm);
 
 198         down_write(&mm->mmap_sem);
 
 202         mm->mmap_cache = NULL;
 
 203         mm->free_area_cache = oldmm->mmap_base;
 
 204         mm->cached_hole_size = ~0UL;
 
 206         cpus_clear(mm->cpu_vm_mask);
 
 208         rb_link = &mm->mm_rb.rb_node;
 
 212         for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
 
 215                 if (mpnt->vm_flags & VM_DONTCOPY) {
 
 216                         long pages = vma_pages(mpnt);
 
 217                         mm->total_vm -= pages;
 
 218                         vm_stat_account(mm, mpnt->vm_flags, mpnt->vm_file,
 
 223                 if (mpnt->vm_flags & VM_ACCOUNT) {
 
 224                         unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
 
 225                         if (security_vm_enough_memory(len))
 
 229                 tmp = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
 
 233                 pol = mpol_copy(vma_policy(mpnt));
 
 234                 retval = PTR_ERR(pol);
 
 236                         goto fail_nomem_policy;
 
 237                 vma_set_policy(tmp, pol);
 
 238                 tmp->vm_flags &= ~VM_LOCKED;
 
 244                         struct inode *inode = file->f_dentry->d_inode;
 
 246                         if (tmp->vm_flags & VM_DENYWRITE)
 
 247                                 atomic_dec(&inode->i_writecount);
 
 249                         /* insert tmp into the share list, just after mpnt */
 
 250                         spin_lock(&file->f_mapping->i_mmap_lock);
 
 251                         tmp->vm_truncate_count = mpnt->vm_truncate_count;
 
 252                         flush_dcache_mmap_lock(file->f_mapping);
 
 253                         vma_prio_tree_add(tmp, mpnt);
 
 254                         flush_dcache_mmap_unlock(file->f_mapping);
 
 255                         spin_unlock(&file->f_mapping->i_mmap_lock);
 
 259                  * Link in the new vma and copy the page table entries.
 
 262                 pprev = &tmp->vm_next;
 
 264                 __vma_link_rb(mm, tmp, rb_link, rb_parent);
 
 265                 rb_link = &tmp->vm_rb.rb_right;
 
 266                 rb_parent = &tmp->vm_rb;
 
 269                 retval = copy_page_range(mm, oldmm, mpnt);
 
 271                 if (tmp->vm_ops && tmp->vm_ops->open)
 
 272                         tmp->vm_ops->open(tmp);
 
 279         up_write(&mm->mmap_sem);
 
 281         up_write(&oldmm->mmap_sem);
 
 284         kmem_cache_free(vm_area_cachep, tmp);
 
 287         vm_unacct_memory(charge);
 
 291 static inline int mm_alloc_pgd(struct mm_struct * mm)
 
 293         mm->pgd = pgd_alloc(mm);
 
 294         if (unlikely(!mm->pgd))
 
 299 static inline void mm_free_pgd(struct mm_struct * mm)
 
 304 #define dup_mmap(mm, oldmm)     (0)
 
 305 #define mm_alloc_pgd(mm)        (0)
 
 306 #define mm_free_pgd(mm)
 
 307 #endif /* CONFIG_MMU */
 
 309  __cacheline_aligned_in_smp DEFINE_SPINLOCK(mmlist_lock);
 
 311 #define allocate_mm()   (kmem_cache_alloc(mm_cachep, SLAB_KERNEL))
 
 312 #define free_mm(mm)     (kmem_cache_free(mm_cachep, (mm)))
 
 314 #include <linux/init_task.h>
 
 316 static struct mm_struct * mm_init(struct mm_struct * mm)
 
 318         atomic_set(&mm->mm_users, 1);
 
 319         atomic_set(&mm->mm_count, 1);
 
 320         init_rwsem(&mm->mmap_sem);
 
 321         INIT_LIST_HEAD(&mm->mmlist);
 
 322         mm->core_waiters = 0;
 
 324         set_mm_counter(mm, file_rss, 0);
 
 325         set_mm_counter(mm, anon_rss, 0);
 
 326         spin_lock_init(&mm->page_table_lock);
 
 327         rwlock_init(&mm->ioctx_list_lock);
 
 328         mm->ioctx_list = NULL;
 
 329         mm->free_area_cache = TASK_UNMAPPED_BASE;
 
 330         mm->cached_hole_size = ~0UL;
 
 332         if (likely(!mm_alloc_pgd(mm))) {
 
 341  * Allocate and initialize an mm_struct.
 
 343 struct mm_struct * mm_alloc(void)
 
 345         struct mm_struct * mm;
 
 349                 memset(mm, 0, sizeof(*mm));
 
 356  * Called when the last reference to the mm
 
 357  * is dropped: either by a lazy thread or by
 
 358  * mmput. Free the page directory and the mm.
 
 360 void fastcall __mmdrop(struct mm_struct *mm)
 
 362         BUG_ON(mm == &init_mm);
 
 369  * Decrement the use count and release all resources for an mm.
 
 371 void mmput(struct mm_struct *mm)
 
 373         if (atomic_dec_and_test(&mm->mm_users)) {
 
 376                 if (!list_empty(&mm->mmlist)) {
 
 377                         spin_lock(&mmlist_lock);
 
 378                         list_del(&mm->mmlist);
 
 379                         spin_unlock(&mmlist_lock);
 
 385 EXPORT_SYMBOL_GPL(mmput);
 
 388  * get_task_mm - acquire a reference to the task's mm
 
 390  * Returns %NULL if the task has no mm.  Checks PF_BORROWED_MM (meaning
 
 391  * this kernel workthread has transiently adopted a user mm with use_mm,
 
 392  * to do its AIO) is not set and if so returns a reference to it, after
 
 393  * bumping up the use count.  User must release the mm via mmput()
 
 394  * after use.  Typically used by /proc and ptrace.
 
 396 struct mm_struct *get_task_mm(struct task_struct *task)
 
 398         struct mm_struct *mm;
 
 403                 if (task->flags & PF_BORROWED_MM)
 
 406                         atomic_inc(&mm->mm_users);
 
 411 EXPORT_SYMBOL_GPL(get_task_mm);
 
 413 /* Please note the differences between mmput and mm_release.
 
 414  * mmput is called whenever we stop holding onto a mm_struct,
 
 415  * error success whatever.
 
 417  * mm_release is called after a mm_struct has been removed
 
 418  * from the current process.
 
 420  * This difference is important for error handling, when we
 
 421  * only half set up a mm_struct for a new process and need to restore
 
 422  * the old one.  Because we mmput the new mm_struct before
 
 423  * restoring the old one. . .
 
 424  * Eric Biederman 10 January 1998
 
 426 void mm_release(struct task_struct *tsk, struct mm_struct *mm)
 
 428         struct completion *vfork_done = tsk->vfork_done;
 
 430         /* Get rid of any cached register state */
 
 431         deactivate_mm(tsk, mm);
 
 433         /* notify parent sleeping on vfork() */
 
 435                 tsk->vfork_done = NULL;
 
 436                 complete(vfork_done);
 
 438         if (tsk->clear_child_tid && atomic_read(&mm->mm_users) > 1) {
 
 439                 u32 __user * tidptr = tsk->clear_child_tid;
 
 440                 tsk->clear_child_tid = NULL;
 
 443                  * We don't check the error code - if userspace has
 
 444                  * not set up a proper pointer then tough luck.
 
 447                 sys_futex(tidptr, FUTEX_WAKE, 1, NULL, NULL, 0);
 
 452  * Allocate a new mm structure and copy contents from the
 
 453  * mm structure of the passed in task structure.
 
 455 static struct mm_struct *dup_mm(struct task_struct *tsk)
 
 457         struct mm_struct *mm, *oldmm = current->mm;
 
 467         memcpy(mm, oldmm, sizeof(*mm));
 
 472         if (init_new_context(tsk, mm))
 
 475         err = dup_mmap(mm, oldmm);
 
 479         mm->hiwater_rss = get_mm_rss(mm);
 
 480         mm->hiwater_vm = mm->total_vm;
 
 492          * If init_new_context() failed, we cannot use mmput() to free the mm
 
 493          * because it calls destroy_context()
 
 500 static int copy_mm(unsigned long clone_flags, struct task_struct * tsk)
 
 502         struct mm_struct * mm, *oldmm;
 
 505         tsk->min_flt = tsk->maj_flt = 0;
 
 506         tsk->nvcsw = tsk->nivcsw = 0;
 
 509         tsk->active_mm = NULL;
 
 512          * Are we cloning a kernel thread?
 
 514          * We need to steal a active VM for that..
 
 520         if (clone_flags & CLONE_VM) {
 
 521                 atomic_inc(&oldmm->mm_users);
 
 540 static inline struct fs_struct *__copy_fs_struct(struct fs_struct *old)
 
 542         struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
 
 543         /* We don't need to lock fs - think why ;-) */
 
 545                 atomic_set(&fs->count, 1);
 
 546                 rwlock_init(&fs->lock);
 
 547                 fs->umask = old->umask;
 
 548                 read_lock(&old->lock);
 
 549                 fs->rootmnt = mntget(old->rootmnt);
 
 550                 fs->root = dget(old->root);
 
 551                 fs->pwdmnt = mntget(old->pwdmnt);
 
 552                 fs->pwd = dget(old->pwd);
 
 554                         fs->altrootmnt = mntget(old->altrootmnt);
 
 555                         fs->altroot = dget(old->altroot);
 
 557                         fs->altrootmnt = NULL;
 
 560                 read_unlock(&old->lock);
 
 565 struct fs_struct *copy_fs_struct(struct fs_struct *old)
 
 567         return __copy_fs_struct(old);
 
 570 EXPORT_SYMBOL_GPL(copy_fs_struct);
 
 572 static inline int copy_fs(unsigned long clone_flags, struct task_struct * tsk)
 
 574         if (clone_flags & CLONE_FS) {
 
 575                 atomic_inc(¤t->fs->count);
 
 578         tsk->fs = __copy_fs_struct(current->fs);
 
 584 static int count_open_files(struct fdtable *fdt)
 
 586         int size = fdt->max_fdset;
 
 589         /* Find the last open fd */
 
 590         for (i = size/(8*sizeof(long)); i > 0; ) {
 
 591                 if (fdt->open_fds->fds_bits[--i])
 
 594         i = (i+1) * 8 * sizeof(long);
 
 598 static struct files_struct *alloc_files(void)
 
 600         struct files_struct *newf;
 
 603         newf = kmem_cache_alloc(files_cachep, SLAB_KERNEL);
 
 607         atomic_set(&newf->count, 1);
 
 609         spin_lock_init(&newf->file_lock);
 
 612         fdt->max_fds = NR_OPEN_DEFAULT;
 
 613         fdt->max_fdset = __FD_SETSIZE;
 
 614         fdt->close_on_exec = &newf->close_on_exec_init;
 
 615         fdt->open_fds = &newf->open_fds_init;
 
 616         fdt->fd = &newf->fd_array[0];
 
 617         INIT_RCU_HEAD(&fdt->rcu);
 
 618         fdt->free_files = NULL;
 
 620         rcu_assign_pointer(newf->fdt, fdt);
 
 626  * Allocate a new files structure and copy contents from the
 
 627  * passed in files structure.
 
 629 static struct files_struct *dup_fd(struct files_struct *oldf, int *errorp)
 
 631         struct files_struct *newf;
 
 632         struct file **old_fds, **new_fds;
 
 633         int open_files, size, i, expand;
 
 634         struct fdtable *old_fdt, *new_fdt;
 
 636         newf = alloc_files();
 
 640         spin_lock(&oldf->file_lock);
 
 641         old_fdt = files_fdtable(oldf);
 
 642         new_fdt = files_fdtable(newf);
 
 643         size = old_fdt->max_fdset;
 
 644         open_files = count_open_files(old_fdt);
 
 648          * Check whether we need to allocate a larger fd array or fd set.
 
 649          * Note: we're not a clone task, so the open count won't  change.
 
 651         if (open_files > new_fdt->max_fdset) {
 
 652                 new_fdt->max_fdset = 0;
 
 655         if (open_files > new_fdt->max_fds) {
 
 656                 new_fdt->max_fds = 0;
 
 660         /* if the old fdset gets grown now, we'll only copy up to "size" fds */
 
 662                 spin_unlock(&oldf->file_lock);
 
 663                 spin_lock(&newf->file_lock);
 
 664                 *errorp = expand_files(newf, open_files-1);
 
 665                 spin_unlock(&newf->file_lock);
 
 668                 new_fdt = files_fdtable(newf);
 
 670                  * Reacquire the oldf lock and a pointer to its fd table
 
 671                  * who knows it may have a new bigger fd table. We need
 
 672                  * the latest pointer.
 
 674                 spin_lock(&oldf->file_lock);
 
 675                 old_fdt = files_fdtable(oldf);
 
 678         old_fds = old_fdt->fd;
 
 679         new_fds = new_fdt->fd;
 
 681         memcpy(new_fdt->open_fds->fds_bits, old_fdt->open_fds->fds_bits, open_files/8);
 
 682         memcpy(new_fdt->close_on_exec->fds_bits, old_fdt->close_on_exec->fds_bits, open_files/8);
 
 684         for (i = open_files; i != 0; i--) {
 
 685                 struct file *f = *old_fds++;
 
 690                          * The fd may be claimed in the fd bitmap but not yet
 
 691                          * instantiated in the files array if a sibling thread
 
 692                          * is partway through open().  So make sure that this
 
 693                          * fd is available to the new process.
 
 695                         FD_CLR(open_files - i, new_fdt->open_fds);
 
 697                 rcu_assign_pointer(*new_fds++, f);
 
 699         spin_unlock(&oldf->file_lock);
 
 701         /* compute the remainder to be cleared */
 
 702         size = (new_fdt->max_fds - open_files) * sizeof(struct file *);
 
 704         /* This is long word aligned thus could use a optimized version */ 
 
 705         memset(new_fds, 0, size); 
 
 707         if (new_fdt->max_fdset > open_files) {
 
 708                 int left = (new_fdt->max_fdset-open_files)/8;
 
 709                 int start = open_files / (8 * sizeof(unsigned long));
 
 711                 memset(&new_fdt->open_fds->fds_bits[start], 0, left);
 
 712                 memset(&new_fdt->close_on_exec->fds_bits[start], 0, left);
 
 719         free_fdset (new_fdt->close_on_exec, new_fdt->max_fdset);
 
 720         free_fdset (new_fdt->open_fds, new_fdt->max_fdset);
 
 721         free_fd_array(new_fdt->fd, new_fdt->max_fds);
 
 722         kmem_cache_free(files_cachep, newf);
 
 726 static int copy_files(unsigned long clone_flags, struct task_struct * tsk)
 
 728         struct files_struct *oldf, *newf;
 
 732          * A background process may not have any files ...
 
 734         oldf = current->files;
 
 738         if (clone_flags & CLONE_FILES) {
 
 739                 atomic_inc(&oldf->count);
 
 744          * Note: we may be using current for both targets (See exec.c)
 
 745          * This works because we cache current->files (old) as oldf. Don't
 
 750         newf = dup_fd(oldf, &error);
 
 761  *      Helper to unshare the files of the current task.
 
 762  *      We don't want to expose copy_files internals to
 
 763  *      the exec layer of the kernel.
 
 766 int unshare_files(void)
 
 768         struct files_struct *files  = current->files;
 
 774         /* This can race but the race causes us to copy when we don't
 
 775            need to and drop the copy */
 
 776         if(atomic_read(&files->count) == 1)
 
 778                 atomic_inc(&files->count);
 
 781         rc = copy_files(0, current);
 
 783                 current->files = files;
 
 787 EXPORT_SYMBOL(unshare_files);
 
 789 void sighand_free_cb(struct rcu_head *rhp)
 
 791         struct sighand_struct *sp;
 
 793         sp = container_of(rhp, struct sighand_struct, rcu);
 
 794         kmem_cache_free(sighand_cachep, sp);
 
 797 static inline int copy_sighand(unsigned long clone_flags, struct task_struct * tsk)
 
 799         struct sighand_struct *sig;
 
 801         if (clone_flags & (CLONE_SIGHAND | CLONE_THREAD)) {
 
 802                 atomic_inc(¤t->sighand->count);
 
 805         sig = kmem_cache_alloc(sighand_cachep, GFP_KERNEL);
 
 806         rcu_assign_pointer(tsk->sighand, sig);
 
 809         spin_lock_init(&sig->siglock);
 
 810         atomic_set(&sig->count, 1);
 
 811         memcpy(sig->action, current->sighand->action, sizeof(sig->action));
 
 815 static inline int copy_signal(unsigned long clone_flags, struct task_struct * tsk)
 
 817         struct signal_struct *sig;
 
 820         if (clone_flags & CLONE_THREAD) {
 
 821                 atomic_inc(¤t->signal->count);
 
 822                 atomic_inc(¤t->signal->live);
 
 825         sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL);
 
 830         ret = copy_thread_group_keys(tsk);
 
 832                 kmem_cache_free(signal_cachep, sig);
 
 836         atomic_set(&sig->count, 1);
 
 837         atomic_set(&sig->live, 1);
 
 838         init_waitqueue_head(&sig->wait_chldexit);
 
 840         sig->group_exit_code = 0;
 
 841         sig->group_exit_task = NULL;
 
 842         sig->group_stop_count = 0;
 
 843         sig->curr_target = NULL;
 
 844         init_sigpending(&sig->shared_pending);
 
 845         INIT_LIST_HEAD(&sig->posix_timers);
 
 847         hrtimer_init(&sig->real_timer, CLOCK_MONOTONIC, HRTIMER_REL);
 
 848         sig->it_real_incr.tv64 = 0;
 
 849         sig->real_timer.function = it_real_fn;
 
 850         sig->real_timer.data = tsk;
 
 852         sig->it_virt_expires = cputime_zero;
 
 853         sig->it_virt_incr = cputime_zero;
 
 854         sig->it_prof_expires = cputime_zero;
 
 855         sig->it_prof_incr = cputime_zero;
 
 857         sig->leader = 0;        /* session leadership doesn't inherit */
 
 858         sig->tty_old_pgrp = 0;
 
 860         sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;
 
 861         sig->nvcsw = sig->nivcsw = sig->cnvcsw = sig->cnivcsw = 0;
 
 862         sig->min_flt = sig->maj_flt = sig->cmin_flt = sig->cmaj_flt = 0;
 
 864         INIT_LIST_HEAD(&sig->cpu_timers[0]);
 
 865         INIT_LIST_HEAD(&sig->cpu_timers[1]);
 
 866         INIT_LIST_HEAD(&sig->cpu_timers[2]);
 
 868         task_lock(current->group_leader);
 
 869         memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim);
 
 870         task_unlock(current->group_leader);
 
 872         if (sig->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
 
 874                  * New sole thread in the process gets an expiry time
 
 875                  * of the whole CPU time limit.
 
 877                 tsk->it_prof_expires =
 
 878                         secs_to_cputime(sig->rlim[RLIMIT_CPU].rlim_cur);
 
 884 static inline void copy_flags(unsigned long clone_flags, struct task_struct *p)
 
 886         unsigned long new_flags = p->flags;
 
 888         new_flags &= ~(PF_SUPERPRIV | PF_NOFREEZE);
 
 889         new_flags |= PF_FORKNOEXEC;
 
 890         if (!(clone_flags & CLONE_PTRACE))
 
 892         p->flags = new_flags;
 
 895 asmlinkage long sys_set_tid_address(int __user *tidptr)
 
 897         current->clear_child_tid = tidptr;
 
 903  * This creates a new process as a copy of the old one,
 
 904  * but does not actually start it yet.
 
 906  * It copies the registers, and all the appropriate
 
 907  * parts of the process environment (as per the clone
 
 908  * flags). The actual kick-off is left to the caller.
 
 910 static task_t *copy_process(unsigned long clone_flags,
 
 911                                  unsigned long stack_start,
 
 912                                  struct pt_regs *regs,
 
 913                                  unsigned long stack_size,
 
 914                                  int __user *parent_tidptr,
 
 915                                  int __user *child_tidptr,
 
 919         struct task_struct *p = NULL;
 
 921         if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
 
 922                 return ERR_PTR(-EINVAL);
 
 925          * Thread groups must share signals as well, and detached threads
 
 926          * can only be started up within the thread group.
 
 928         if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND))
 
 929                 return ERR_PTR(-EINVAL);
 
 932          * Shared signal handlers imply shared VM. By way of the above,
 
 933          * thread groups also imply shared VM. Blocking this case allows
 
 934          * for various simplifications in other code.
 
 936         if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
 
 937                 return ERR_PTR(-EINVAL);
 
 939         retval = security_task_create(clone_flags);
 
 944         p = dup_task_struct(current);
 
 949         if (atomic_read(&p->user->processes) >=
 
 950                         p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
 
 951                 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
 
 952                                 p->user != &root_user)
 
 956         atomic_inc(&p->user->__count);
 
 957         atomic_inc(&p->user->processes);
 
 958         get_group_info(p->group_info);
 
 961          * If multiple threads are within copy_process(), then this check
 
 962          * triggers too late. This doesn't hurt, the check is only there
 
 963          * to stop root fork bombs.
 
 965         if (nr_threads >= max_threads)
 
 966                 goto bad_fork_cleanup_count;
 
 968         if (!try_module_get(task_thread_info(p)->exec_domain->module))
 
 969                 goto bad_fork_cleanup_count;
 
 971         if (p->binfmt && !try_module_get(p->binfmt->module))
 
 972                 goto bad_fork_cleanup_put_domain;
 
 975         copy_flags(clone_flags, p);
 
 978         if (clone_flags & CLONE_PARENT_SETTID)
 
 979                 if (put_user(p->pid, parent_tidptr))
 
 980                         goto bad_fork_cleanup;
 
 982         p->proc_dentry = NULL;
 
 984         INIT_LIST_HEAD(&p->children);
 
 985         INIT_LIST_HEAD(&p->sibling);
 
 986         p->vfork_done = NULL;
 
 987         spin_lock_init(&p->alloc_lock);
 
 988         spin_lock_init(&p->proc_lock);
 
 990         clear_tsk_thread_flag(p, TIF_SIGPENDING);
 
 991         init_sigpending(&p->pending);
 
 993         p->utime = cputime_zero;
 
 994         p->stime = cputime_zero;
 
 996         p->rchar = 0;           /* I/O counter: bytes read */
 
 997         p->wchar = 0;           /* I/O counter: bytes written */
 
 998         p->syscr = 0;           /* I/O counter: read syscalls */
 
 999         p->syscw = 0;           /* I/O counter: write syscalls */
 
1000         acct_clear_integrals(p);
 
1002         p->it_virt_expires = cputime_zero;
 
1003         p->it_prof_expires = cputime_zero;
 
1004         p->it_sched_expires = 0;
 
1005         INIT_LIST_HEAD(&p->cpu_timers[0]);
 
1006         INIT_LIST_HEAD(&p->cpu_timers[1]);
 
1007         INIT_LIST_HEAD(&p->cpu_timers[2]);
 
1009         p->lock_depth = -1;             /* -1 = no lock */
 
1010         do_posix_clock_monotonic_gettime(&p->start_time);
 
1012         p->io_context = NULL;
 
1014         p->audit_context = NULL;
 
1017         p->mempolicy = mpol_copy(p->mempolicy);
 
1018         if (IS_ERR(p->mempolicy)) {
 
1019                 retval = PTR_ERR(p->mempolicy);
 
1020                 p->mempolicy = NULL;
 
1021                 goto bad_fork_cleanup_cpuset;
 
1025 #ifdef CONFIG_DEBUG_MUTEXES
 
1026         p->blocked_on = NULL; /* not blocked yet */
 
1030         if (clone_flags & CLONE_THREAD)
 
1031                 p->tgid = current->tgid;
 
1033         if ((retval = security_task_alloc(p)))
 
1034                 goto bad_fork_cleanup_policy;
 
1035         if ((retval = audit_alloc(p)))
 
1036                 goto bad_fork_cleanup_security;
 
1037         /* copy all the process information */
 
1038         if ((retval = copy_semundo(clone_flags, p)))
 
1039                 goto bad_fork_cleanup_audit;
 
1040         if ((retval = copy_files(clone_flags, p)))
 
1041                 goto bad_fork_cleanup_semundo;
 
1042         if ((retval = copy_fs(clone_flags, p)))
 
1043                 goto bad_fork_cleanup_files;
 
1044         if ((retval = copy_sighand(clone_flags, p)))
 
1045                 goto bad_fork_cleanup_fs;
 
1046         if ((retval = copy_signal(clone_flags, p)))
 
1047                 goto bad_fork_cleanup_sighand;
 
1048         if ((retval = copy_mm(clone_flags, p)))
 
1049                 goto bad_fork_cleanup_signal;
 
1050         if ((retval = copy_keys(clone_flags, p)))
 
1051                 goto bad_fork_cleanup_mm;
 
1052         if ((retval = copy_namespace(clone_flags, p)))
 
1053                 goto bad_fork_cleanup_keys;
 
1054         retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
 
1056                 goto bad_fork_cleanup_namespace;
 
1058         p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
 
1060          * Clear TID on mm_release()?
 
1062         p->clear_child_tid = (clone_flags & CLONE_CHILD_CLEARTID) ? child_tidptr: NULL;
 
1065          * sigaltstack should be cleared when sharing the same VM
 
1067         if ((clone_flags & (CLONE_VM|CLONE_VFORK)) == CLONE_VM)
 
1068                 p->sas_ss_sp = p->sas_ss_size = 0;
 
1071          * Syscall tracing should be turned off in the child regardless
 
1074         clear_tsk_thread_flag(p, TIF_SYSCALL_TRACE);
 
1075 #ifdef TIF_SYSCALL_EMU
 
1076         clear_tsk_thread_flag(p, TIF_SYSCALL_EMU);
 
1079         /* Our parent execution domain becomes current domain
 
1080            These must match for thread signalling to apply */
 
1082         p->parent_exec_id = p->self_exec_id;
 
1084         /* ok, now we should be set up.. */
 
1085         p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
 
1086         p->pdeath_signal = 0;
 
1090          * Ok, make it visible to the rest of the system.
 
1091          * We dont wake it up yet.
 
1093         p->group_leader = p;
 
1094         INIT_LIST_HEAD(&p->ptrace_children);
 
1095         INIT_LIST_HEAD(&p->ptrace_list);
 
1097         /* Perform scheduler related setup. Assign this task to a CPU. */
 
1098         sched_fork(p, clone_flags);
 
1100         /* Need tasklist lock for parent etc handling! */
 
1101         write_lock_irq(&tasklist_lock);
 
1104          * The task hasn't been attached yet, so its cpus_allowed mask will
 
1105          * not be changed, nor will its assigned CPU.
 
1107          * The cpus_allowed mask of the parent may have changed after it was
 
1108          * copied first time - so re-copy it here, then check the child's CPU
 
1109          * to ensure it is on a valid CPU (and if not, just force it back to
 
1110          * parent's CPU). This avoids alot of nasty races.
 
1112         p->cpus_allowed = current->cpus_allowed;
 
1113         if (unlikely(!cpu_isset(task_cpu(p), p->cpus_allowed) ||
 
1114                         !cpu_online(task_cpu(p))))
 
1115                 set_task_cpu(p, smp_processor_id());
 
1118          * Check for pending SIGKILL! The new thread should not be allowed
 
1119          * to slip out of an OOM kill. (or normal SIGKILL.)
 
1121         if (sigismember(¤t->pending.signal, SIGKILL)) {
 
1122                 write_unlock_irq(&tasklist_lock);
 
1124                 goto bad_fork_cleanup_namespace;
 
1127         /* CLONE_PARENT re-uses the old parent */
 
1128         if (clone_flags & (CLONE_PARENT|CLONE_THREAD))
 
1129                 p->real_parent = current->real_parent;
 
1131                 p->real_parent = current;
 
1132         p->parent = p->real_parent;
 
1134         spin_lock(¤t->sighand->siglock);
 
1135         if (clone_flags & CLONE_THREAD) {
 
1137                  * Important: if an exit-all has been started then
 
1138                  * do not create this new thread - the whole thread
 
1139                  * group is supposed to exit anyway.
 
1141                 if (current->signal->flags & SIGNAL_GROUP_EXIT) {
 
1142                         spin_unlock(¤t->sighand->siglock);
 
1143                         write_unlock_irq(&tasklist_lock);
 
1145                         goto bad_fork_cleanup_namespace;
 
1147                 p->group_leader = current->group_leader;
 
1149                 if (current->signal->group_stop_count > 0) {
 
1151                          * There is an all-stop in progress for the group.
 
1152                          * We ourselves will stop as soon as we check signals.
 
1153                          * Make the new thread part of that group stop too.
 
1155                         current->signal->group_stop_count++;
 
1156                         set_tsk_thread_flag(p, TIF_SIGPENDING);
 
1159                 if (!cputime_eq(current->signal->it_virt_expires,
 
1161                     !cputime_eq(current->signal->it_prof_expires,
 
1163                     current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY ||
 
1164                     !list_empty(¤t->signal->cpu_timers[0]) ||
 
1165                     !list_empty(¤t->signal->cpu_timers[1]) ||
 
1166                     !list_empty(¤t->signal->cpu_timers[2])) {
 
1168                          * Have child wake up on its first tick to check
 
1169                          * for process CPU timers.
 
1171                         p->it_prof_expires = jiffies_to_cputime(1);
 
1178         p->ioprio = current->ioprio;
 
1181         if (unlikely(p->ptrace & PT_PTRACED))
 
1182                 __ptrace_link(p, current->parent);
 
1184         if (thread_group_leader(p)) {
 
1185                 p->signal->tty = current->signal->tty;
 
1186                 p->signal->pgrp = process_group(current);
 
1187                 p->signal->session = current->signal->session;
 
1188                 attach_pid(p, PIDTYPE_PGID, process_group(p));
 
1189                 attach_pid(p, PIDTYPE_SID, p->signal->session);
 
1191                         __get_cpu_var(process_counts)++;
 
1193         attach_pid(p, PIDTYPE_TGID, p->tgid);
 
1194         attach_pid(p, PIDTYPE_PID, p->pid);
 
1198         spin_unlock(¤t->sighand->siglock);
 
1199         write_unlock_irq(&tasklist_lock);
 
1200         proc_fork_connector(p);
 
1203 bad_fork_cleanup_namespace:
 
1205 bad_fork_cleanup_keys:
 
1207 bad_fork_cleanup_mm:
 
1210 bad_fork_cleanup_signal:
 
1212 bad_fork_cleanup_sighand:
 
1214 bad_fork_cleanup_fs:
 
1215         exit_fs(p); /* blocking */
 
1216 bad_fork_cleanup_files:
 
1217         exit_files(p); /* blocking */
 
1218 bad_fork_cleanup_semundo:
 
1220 bad_fork_cleanup_audit:
 
1222 bad_fork_cleanup_security:
 
1223         security_task_free(p);
 
1224 bad_fork_cleanup_policy:
 
1226         mpol_free(p->mempolicy);
 
1227 bad_fork_cleanup_cpuset:
 
1232                 module_put(p->binfmt->module);
 
1233 bad_fork_cleanup_put_domain:
 
1234         module_put(task_thread_info(p)->exec_domain->module);
 
1235 bad_fork_cleanup_count:
 
1236         put_group_info(p->group_info);
 
1237         atomic_dec(&p->user->processes);
 
1242         return ERR_PTR(retval);
 
1245 struct pt_regs * __devinit __attribute__((weak)) idle_regs(struct pt_regs *regs)
 
1247         memset(regs, 0, sizeof(struct pt_regs));
 
1251 task_t * __devinit fork_idle(int cpu)
 
1254         struct pt_regs regs;
 
1256         task = copy_process(CLONE_VM, 0, idle_regs(®s), 0, NULL, NULL, 0);
 
1258                 return ERR_PTR(-ENOMEM);
 
1259         init_idle(task, cpu);
 
1260         unhash_process(task);
 
1264 static inline int fork_traceflag (unsigned clone_flags)
 
1266         if (clone_flags & CLONE_UNTRACED)
 
1268         else if (clone_flags & CLONE_VFORK) {
 
1269                 if (current->ptrace & PT_TRACE_VFORK)
 
1270                         return PTRACE_EVENT_VFORK;
 
1271         } else if ((clone_flags & CSIGNAL) != SIGCHLD) {
 
1272                 if (current->ptrace & PT_TRACE_CLONE)
 
1273                         return PTRACE_EVENT_CLONE;
 
1274         } else if (current->ptrace & PT_TRACE_FORK)
 
1275                 return PTRACE_EVENT_FORK;
 
1281  *  Ok, this is the main fork-routine.
 
1283  * It copies the process, and if successful kick-starts
 
1284  * it and waits for it to finish using the VM if required.
 
1286 long do_fork(unsigned long clone_flags,
 
1287               unsigned long stack_start,
 
1288               struct pt_regs *regs,
 
1289               unsigned long stack_size,
 
1290               int __user *parent_tidptr,
 
1291               int __user *child_tidptr)
 
1293         struct task_struct *p;
 
1295         long pid = alloc_pidmap();
 
1299         if (unlikely(current->ptrace)) {
 
1300                 trace = fork_traceflag (clone_flags);
 
1302                         clone_flags |= CLONE_PTRACE;
 
1305         p = copy_process(clone_flags, stack_start, regs, stack_size, parent_tidptr, child_tidptr, pid);
 
1307          * Do this prior waking up the new thread - the thread pointer
 
1308          * might get invalid after that point, if the thread exits quickly.
 
1311                 struct completion vfork;
 
1313                 if (clone_flags & CLONE_VFORK) {
 
1314                         p->vfork_done = &vfork;
 
1315                         init_completion(&vfork);
 
1318                 if ((p->ptrace & PT_PTRACED) || (clone_flags & CLONE_STOPPED)) {
 
1320                          * We'll start up with an immediate SIGSTOP.
 
1322                         sigaddset(&p->pending.signal, SIGSTOP);
 
1323                         set_tsk_thread_flag(p, TIF_SIGPENDING);
 
1326                 if (!(clone_flags & CLONE_STOPPED))
 
1327                         wake_up_new_task(p, clone_flags);
 
1329                         p->state = TASK_STOPPED;
 
1331                 if (unlikely (trace)) {
 
1332                         current->ptrace_message = pid;
 
1333                         ptrace_notify ((trace << 8) | SIGTRAP);
 
1336                 if (clone_flags & CLONE_VFORK) {
 
1337                         wait_for_completion(&vfork);
 
1338                         if (unlikely (current->ptrace & PT_TRACE_VFORK_DONE))
 
1339                                 ptrace_notify ((PTRACE_EVENT_VFORK_DONE << 8) | SIGTRAP);
 
1348 #ifndef ARCH_MIN_MMSTRUCT_ALIGN
 
1349 #define ARCH_MIN_MMSTRUCT_ALIGN 0
 
1352 void __init proc_caches_init(void)
 
1354         sighand_cachep = kmem_cache_create("sighand_cache",
 
1355                         sizeof(struct sighand_struct), 0,
 
1356                         SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
 
1357         signal_cachep = kmem_cache_create("signal_cache",
 
1358                         sizeof(struct signal_struct), 0,
 
1359                         SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
 
1360         files_cachep = kmem_cache_create("files_cache", 
 
1361                         sizeof(struct files_struct), 0,
 
1362                         SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
 
1363         fs_cachep = kmem_cache_create("fs_cache", 
 
1364                         sizeof(struct fs_struct), 0,
 
1365                         SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
 
1366         vm_area_cachep = kmem_cache_create("vm_area_struct",
 
1367                         sizeof(struct vm_area_struct), 0,
 
1368                         SLAB_PANIC, NULL, NULL);
 
1369         mm_cachep = kmem_cache_create("mm_struct",
 
1370                         sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
 
1371                         SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
 
1376  * Check constraints on flags passed to the unshare system call and
 
1377  * force unsharing of additional process context as appropriate.
 
1379 static inline void check_unshare_flags(unsigned long *flags_ptr)
 
1382          * If unsharing a thread from a thread group, must also
 
1385         if (*flags_ptr & CLONE_THREAD)
 
1386                 *flags_ptr |= CLONE_VM;
 
1389          * If unsharing vm, must also unshare signal handlers.
 
1391         if (*flags_ptr & CLONE_VM)
 
1392                 *flags_ptr |= CLONE_SIGHAND;
 
1395          * If unsharing signal handlers and the task was created
 
1396          * using CLONE_THREAD, then must unshare the thread
 
1398         if ((*flags_ptr & CLONE_SIGHAND) &&
 
1399             (atomic_read(¤t->signal->count) > 1))
 
1400                 *flags_ptr |= CLONE_THREAD;
 
1403          * If unsharing namespace, must also unshare filesystem information.
 
1405         if (*flags_ptr & CLONE_NEWNS)
 
1406                 *flags_ptr |= CLONE_FS;
 
1410  * Unsharing of tasks created with CLONE_THREAD is not supported yet
 
1412 static int unshare_thread(unsigned long unshare_flags)
 
1414         if (unshare_flags & CLONE_THREAD)
 
1421  * Unshare the filesystem structure if it is being shared
 
1423 static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
 
1425         struct fs_struct *fs = current->fs;
 
1427         if ((unshare_flags & CLONE_FS) &&
 
1428             (fs && atomic_read(&fs->count) > 1)) {
 
1429                 *new_fsp = __copy_fs_struct(current->fs);
 
1438  * Unshare the namespace structure if it is being shared
 
1440 static int unshare_namespace(unsigned long unshare_flags, struct namespace **new_nsp, struct fs_struct *new_fs)
 
1442         struct namespace *ns = current->namespace;
 
1444         if ((unshare_flags & CLONE_NEWNS) &&
 
1445             (ns && atomic_read(&ns->count) > 1)) {
 
1446                 if (!capable(CAP_SYS_ADMIN))
 
1449                 *new_nsp = dup_namespace(current, new_fs ? new_fs : current->fs);
 
1458  * Unsharing of sighand for tasks created with CLONE_SIGHAND is not
 
1461 static int unshare_sighand(unsigned long unshare_flags, struct sighand_struct **new_sighp)
 
1463         struct sighand_struct *sigh = current->sighand;
 
1465         if ((unshare_flags & CLONE_SIGHAND) &&
 
1466             (sigh && atomic_read(&sigh->count) > 1))
 
1473  * Unshare vm if it is being shared
 
1475 static int unshare_vm(unsigned long unshare_flags, struct mm_struct **new_mmp)
 
1477         struct mm_struct *mm = current->mm;
 
1479         if ((unshare_flags & CLONE_VM) &&
 
1480             (mm && atomic_read(&mm->mm_users) > 1)) {
 
1481                 *new_mmp = dup_mm(current);
 
1490  * Unshare file descriptor table if it is being shared
 
1492 static int unshare_fd(unsigned long unshare_flags, struct files_struct **new_fdp)
 
1494         struct files_struct *fd = current->files;
 
1497         if ((unshare_flags & CLONE_FILES) &&
 
1498             (fd && atomic_read(&fd->count) > 1)) {
 
1499                 *new_fdp = dup_fd(fd, &error);
 
1508  * Unsharing of semundo for tasks created with CLONE_SYSVSEM is not
 
1511 static int unshare_semundo(unsigned long unshare_flags, struct sem_undo_list **new_ulistp)
 
1513         if (unshare_flags & CLONE_SYSVSEM)
 
1520  * unshare allows a process to 'unshare' part of the process
 
1521  * context which was originally shared using clone.  copy_*
 
1522  * functions used by do_fork() cannot be used here directly
 
1523  * because they modify an inactive task_struct that is being
 
1524  * constructed. Here we are modifying the current, active,
 
1527 asmlinkage long sys_unshare(unsigned long unshare_flags)
 
1530         struct fs_struct *fs, *new_fs = NULL;
 
1531         struct namespace *ns, *new_ns = NULL;
 
1532         struct sighand_struct *sigh, *new_sigh = NULL;
 
1533         struct mm_struct *mm, *new_mm = NULL, *active_mm = NULL;
 
1534         struct files_struct *fd, *new_fd = NULL;
 
1535         struct sem_undo_list *new_ulist = NULL;
 
1537         check_unshare_flags(&unshare_flags);
 
1539         if ((err = unshare_thread(unshare_flags)))
 
1540                 goto bad_unshare_out;
 
1541         if ((err = unshare_fs(unshare_flags, &new_fs)))
 
1542                 goto bad_unshare_cleanup_thread;
 
1543         if ((err = unshare_namespace(unshare_flags, &new_ns, new_fs)))
 
1544                 goto bad_unshare_cleanup_fs;
 
1545         if ((err = unshare_sighand(unshare_flags, &new_sigh)))
 
1546                 goto bad_unshare_cleanup_ns;
 
1547         if ((err = unshare_vm(unshare_flags, &new_mm)))
 
1548                 goto bad_unshare_cleanup_sigh;
 
1549         if ((err = unshare_fd(unshare_flags, &new_fd)))
 
1550                 goto bad_unshare_cleanup_vm;
 
1551         if ((err = unshare_semundo(unshare_flags, &new_ulist)))
 
1552                 goto bad_unshare_cleanup_fd;
 
1554         if (new_fs || new_ns || new_sigh || new_mm || new_fd || new_ulist) {
 
1560                         current->fs = new_fs;
 
1565                         ns = current->namespace;
 
1566                         current->namespace = new_ns;
 
1571                         sigh = current->sighand;
 
1572                         current->sighand = new_sigh;
 
1578                         active_mm = current->active_mm;
 
1579                         current->mm = new_mm;
 
1580                         current->active_mm = new_mm;
 
1581                         activate_mm(active_mm, new_mm);
 
1586                         fd = current->files;
 
1587                         current->files = new_fd;
 
1591                 task_unlock(current);
 
1594 bad_unshare_cleanup_fd:
 
1596                 put_files_struct(new_fd);
 
1598 bad_unshare_cleanup_vm:
 
1602 bad_unshare_cleanup_sigh:
 
1604                 if (atomic_dec_and_test(&new_sigh->count))
 
1605                         kmem_cache_free(sighand_cachep, new_sigh);
 
1607 bad_unshare_cleanup_ns:
 
1609                 put_namespace(new_ns);
 
1611 bad_unshare_cleanup_fs:
 
1613                 put_fs_struct(new_fs);
 
1615 bad_unshare_cleanup_thread: