/*
   *  linux/kernel/fork.c
   *
   *  Copyright (C) 1991, 1992  Linus Torvalds
   */
  
  /*
   *  'fork.c' contains the help-routines for the 'fork' system call
   * (see also entry.S and others).
   * Fork is rather simple, once you get the hang of it, but the memory
   * management can be a bitch. See 'mm/memory.c': 'copy_page_range()'
   */

  #include <linux/slab.h>
  #include <linux/init.h>
  #include <linux/unistd.h>

  #include <linux/module.h>
  #include <linux/vmalloc.h>
  #include <linux/completion.h>

  #include <linux/personality.h>
  #include <linux/mempolicy.h>
  #include <linux/sem.h>
  #include <linux/file.h>

  #include <linux/fdtable.h>

  #include <linux/iocontext.h>

  #include <linux/key.h>
  #include <linux/binfmts.h>
  #include <linux/mman.h>

  #include <linux/mmu_notifier.h>

  #include <linux/fs.h>

  #include <linux/nsproxy.h>

  #include <linux/capability.h>

  #include <linux/cpu.h>

  #include <linux/cgroup.h>

  #include <linux/security.h>

  #include <linux/hugetlb.h>

  #include <linux/seccomp.h>

  #include <linux/swap.h>
  #include <linux/syscalls.h>
  #include <linux/jiffies.h>
  #include <linux/futex.h>

  #include <linux/compat.h>

  #include <linux/kthread.h>

  #include <linux/task_io_accounting_ops.h>

  #include <linux/rcupdate.h>

  #include <linux/ptrace.h>
  #include <linux/mount.h>
  #include <linux/audit.h>

  #include <linux/memcontrol.h>

  #include <linux/ftrace.h>

  #include <linux/proc_fs.h>

  #include <linux/profile.h>
  #include <linux/rmap.h>

  #include <linux/ksm.h>

  #include <linux/acct.h>

  #include <linux/tsacct_kern.h>

  #include <linux/cn_proc.h>

  #include <linux/freezer.h>

  #include <linux/delayacct.h>

  #include <linux/taskstats_kern.h>

  #include <linux/random.h>

  #include <linux/tty.h>

  #include <linux/blkdev.h>

  #include <linux/fs_struct.h>

  #include <linux/magic.h>

  #include <linux/perf_event.h>

  #include <linux/posix-timers.h>

  #include <linux/user-return-notifier.h>

  #include <linux/oom.h>

  #include <linux/khugepaged.h>

  #include <linux/signalfd.h>

  #include <linux/uprobes.h>

  
  #include <asm/pgtable.h>
  #include <asm/pgalloc.h>
  #include <asm/uaccess.h>
  #include <asm/mmu_context.h>
  #include <asm/cacheflush.h>
  #include <asm/tlbflush.h>

  #include <trace/events/sched.h>

  #define CREATE_TRACE_POINTS
  #include <trace/events/task.h>

  /*
   * Protected counters by write_lock_irq(&tasklist_lock)
   */
  unsigned long total_forks;	/* Handle normal Linux uptimes. */

  int nr_threads;			/* The idle threads do not count.. */

  
  int max_threads;		/* tunable limit on nr_threads */
  
  DEFINE_PER_CPU(unsigned long, process_counts) = 0;

  __cacheline_aligned DEFINE_RWLOCK(tasklist_lock);  /* outer */

  
  #ifdef CONFIG_PROVE_RCU
  int lockdep_tasklist_lock_is_held(void)
  {
  	return lockdep_is_held(&tasklist_lock);
  }
  EXPORT_SYMBOL_GPL(lockdep_tasklist_lock_is_held);
  #endif /* #ifdef CONFIG_PROVE_RCU */

  
  int nr_processes(void)
  {
  	int cpu;
  	int total = 0;

  	for_each_possible_cpu(cpu)

  		total += per_cpu(process_counts, cpu);
  
  	return total;
  }

  #ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR

  static struct kmem_cache *task_struct_cachep;

  
  static inline struct task_struct *alloc_task_struct_node(int node)
  {
  	return kmem_cache_alloc_node(task_struct_cachep, GFP_KERNEL, node);
  }
  
  void __weak arch_release_task_struct(struct task_struct *tsk) { }
  
  static inline void free_task_struct(struct task_struct *tsk)
  {
  	arch_release_task_struct(tsk);
  	kmem_cache_free(task_struct_cachep, tsk);
  }

  #endif

  #ifndef CONFIG_ARCH_THREAD_INFO_ALLOCATOR

  void __weak arch_release_thread_info(struct thread_info *ti) { }

  /*
   * Allocate pages if THREAD_SIZE is >= PAGE_SIZE, otherwise use a
   * kmemcache based allocator.
   */
  # if THREAD_SIZE >= PAGE_SIZE

  static struct thread_info *alloc_thread_info_node(struct task_struct *tsk,
  						  int node)

  {

  	struct page *page = alloc_pages_node(node, THREADINFO_GFP,
  					     THREAD_SIZE_ORDER);

  
  	return page ? page_address(page) : NULL;

  }
  
  static inline void free_thread_info(struct thread_info *ti)
  {

  	arch_release_thread_info(ti);

  	free_pages((unsigned long)ti, THREAD_SIZE_ORDER);
  }

  # else
  static struct kmem_cache *thread_info_cache;
  
  static struct thread_info *alloc_thread_info_node(struct task_struct *tsk,
  						  int node)
  {
  	return kmem_cache_alloc_node(thread_info_cache, THREADINFO_GFP, node);
  }
  
  static void free_thread_info(struct thread_info *ti)
  {
  	arch_release_thread_info(ti);
  	kmem_cache_free(thread_info_cache, ti);
  }
  
  void thread_info_cache_init(void)
  {
  	thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE,
  					      THREAD_SIZE, 0, NULL);
  	BUG_ON(thread_info_cache == NULL);
  }
  # endif

  #endif

  /* SLAB cache for signal_struct structures (tsk->signal) */

  static struct kmem_cache *signal_cachep;

  
  /* SLAB cache for sighand_struct structures (tsk->sighand) */

  struct kmem_cache *sighand_cachep;

  
  /* SLAB cache for files_struct structures (tsk->files) */

  struct kmem_cache *files_cachep;

  
  /* SLAB cache for fs_struct structures (tsk->fs) */

  struct kmem_cache *fs_cachep;

  
  /* SLAB cache for vm_area_struct structures */

  struct kmem_cache *vm_area_cachep;

  
  /* SLAB cache for mm_struct structures (tsk->mm) */

  static struct kmem_cache *mm_cachep;

  static void account_kernel_stack(struct thread_info *ti, int account)
  {
  	struct zone *zone = page_zone(virt_to_page(ti));
  
  	mod_zone_page_state(zone, NR_KERNEL_STACK, account);
  }

  void free_task(struct task_struct *tsk)
  {

  	account_kernel_stack(tsk->stack, -1);

  	free_thread_info(tsk->stack);

  	rt_mutex_debug_task_free(tsk);

  	ftrace_graph_exit_task(tsk);

  	put_seccomp_filter(tsk);

  	free_task_struct(tsk);
  }
  EXPORT_SYMBOL(free_task);

  static inline void free_signal_struct(struct signal_struct *sig)
  {

  	taskstats_tgid_free(sig);

  	sched_autogroup_exit(sig);

  	kmem_cache_free(signal_cachep, sig);
  }
  
  static inline void put_signal_struct(struct signal_struct *sig)
  {

  	if (atomic_dec_and_test(&sig->sigcnt))

  		free_signal_struct(sig);
  }

  void __put_task_struct(struct task_struct *tsk)

  {

  	WARN_ON(!tsk->exit_state);

  	WARN_ON(atomic_read(&tsk->usage));
  	WARN_ON(tsk == current);

  	security_task_free(tsk);

  	exit_creds(tsk);

  	delayacct_tsk_free(tsk);

  	put_signal_struct(tsk->signal);

  
  	if (!profile_handoff_task(tsk))
  		free_task(tsk);
  }

  EXPORT_SYMBOL_GPL(__put_task_struct);

  void __init __weak arch_task_cache_init(void) { }

  void __init fork_init(unsigned long mempages)
  {

  #ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR

  #ifndef ARCH_MIN_TASKALIGN
  #define ARCH_MIN_TASKALIGN	L1_CACHE_BYTES
  #endif
  	/* create a slab on which task_structs can be allocated */
  	task_struct_cachep =
  		kmem_cache_create("task_struct", sizeof(struct task_struct),

  			ARCH_MIN_TASKALIGN, SLAB_PANIC | SLAB_NOTRACK, NULL);

  #endif

  	/* do the arch specific task caches init */
  	arch_task_cache_init();

  	/*
  	 * The default maximum number of threads is set to a safe
  	 * value: the thread structures can take up at most half
  	 * of memory.
  	 */
  	max_threads = mempages / (8 * THREAD_SIZE / PAGE_SIZE);
  
  	/*
  	 * we need to allow at least 20 threads to boot a system
  	 */

  	if (max_threads < 20)

  		max_threads = 20;
  
  	init_task.signal->rlim[RLIMIT_NPROC].rlim_cur = max_threads/2;
  	init_task.signal->rlim[RLIMIT_NPROC].rlim_max = max_threads/2;
  	init_task.signal->rlim[RLIMIT_SIGPENDING] =
  		init_task.signal->rlim[RLIMIT_NPROC];
  }

  int __attribute__((weak)) arch_dup_task_struct(struct task_struct *dst,
  					       struct task_struct *src)
  {
  	*dst = *src;
  	return 0;
  }

  static struct task_struct *dup_task_struct(struct task_struct *orig)
  {
  	struct task_struct *tsk;
  	struct thread_info *ti;

  	unsigned long *stackend;

  	int node = tsk_fork_get_node(orig);

  	int err;

  	tsk = alloc_task_struct_node(node);

  	if (!tsk)
  		return NULL;

  	ti = alloc_thread_info_node(tsk, node);

  	if (!ti) {
  		free_task_struct(tsk);
  		return NULL;
  	}

  	err = arch_dup_task_struct(tsk, orig);

  	if (err)
  		goto out;

  	tsk->stack = ti;

  	setup_thread_stack(tsk, orig);

  	clear_user_return_notifier(tsk);

  	clear_tsk_need_resched(tsk);

  	stackend = end_of_stack(tsk);
  	*stackend = STACK_END_MAGIC;	/* for overflow detection */

  #ifdef CONFIG_CC_STACKPROTECTOR
  	tsk->stack_canary = get_random_int();
  #endif

  	/*
  	 * One for us, one for whoever does the "release_task()" (usually
  	 * parent)
  	 */
  	atomic_set(&tsk->usage, 2);

  #ifdef CONFIG_BLK_DEV_IO_TRACE

  	tsk->btrace_seq = 0;

  #endif

  	tsk->splice_pipe = NULL;

  
  	account_kernel_stack(ti, 1);

  	return tsk;

  
  out:
  	free_thread_info(ti);
  	free_task_struct(tsk);
  	return NULL;

  }
  
  #ifdef CONFIG_MMU

  static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)

  {

  	struct vm_area_struct *mpnt, *tmp, *prev, **pprev;

  	struct rb_node **rb_link, *rb_parent;
  	int retval;
  	unsigned long charge;
  	struct mempolicy *pol;
  
  	down_write(&oldmm->mmap_sem);

  	flush_cache_dup_mm(oldmm);

  	/*
  	 * Not linked in yet - no deadlock potential:
  	 */
  	down_write_nested(&mm->mmap_sem, SINGLE_DEPTH_NESTING);

  	mm->locked_vm = 0;
  	mm->mmap = NULL;
  	mm->mmap_cache = NULL;
  	mm->free_area_cache = oldmm->mmap_base;

  	mm->cached_hole_size = ~0UL;

  	mm->map_count = 0;

  	cpumask_clear(mm_cpumask(mm));

  	mm->mm_rb = RB_ROOT;
  	rb_link = &mm->mm_rb.rb_node;
  	rb_parent = NULL;
  	pprev = &mm->mmap;

  	retval = ksm_fork(mm, oldmm);
  	if (retval)
  		goto out;

  	retval = khugepaged_fork(mm, oldmm);
  	if (retval)
  		goto out;

  	prev = NULL;

  	for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {

  		struct file *file;
  
  		if (mpnt->vm_flags & VM_DONTCOPY) {

  			long pages = vma_pages(mpnt);
  			mm->total_vm -= pages;

  			vm_stat_account(mm, mpnt->vm_flags, mpnt->vm_file,

  								-pages);

  			continue;
  		}
  		charge = 0;
  		if (mpnt->vm_flags & VM_ACCOUNT) {

  			unsigned long len;
  			len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;

  			if (security_vm_enough_memory_mm(oldmm, len)) /* sic */

  				goto fail_nomem;
  			charge = len;
  		}

  		tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);

  		if (!tmp)
  			goto fail_nomem;
  		*tmp = *mpnt;

  		INIT_LIST_HEAD(&tmp->anon_vma_chain);

  		pol = mpol_dup(vma_policy(mpnt));

  		retval = PTR_ERR(pol);
  		if (IS_ERR(pol))
  			goto fail_nomem_policy;
  		vma_set_policy(tmp, pol);

  		tmp->vm_mm = mm;

  		if (anon_vma_fork(tmp, mpnt))
  			goto fail_nomem_anon_vma_fork;

  		tmp->vm_flags &= ~VM_LOCKED;

  		tmp->vm_next = tmp->vm_prev = NULL;

  		file = tmp->vm_file;
  		if (file) {

  			struct inode *inode = file->f_path.dentry->d_inode;

  			struct address_space *mapping = file->f_mapping;

  			get_file(file);
  			if (tmp->vm_flags & VM_DENYWRITE)
  				atomic_dec(&inode->i_writecount);

  			mutex_lock(&mapping->i_mmap_mutex);

  			if (tmp->vm_flags & VM_SHARED)
  				mapping->i_mmap_writable++;

  			flush_dcache_mmap_lock(mapping);
  			/* insert tmp into the share list, just after mpnt */

  			vma_prio_tree_add(tmp, mpnt);

  			flush_dcache_mmap_unlock(mapping);

  			mutex_unlock(&mapping->i_mmap_mutex);

  		}
  
  		/*

  		 * Clear hugetlb-related page reserves for children. This only
  		 * affects MAP_PRIVATE mappings. Faults generated by the child
  		 * are not guaranteed to succeed, even if read-only
  		 */
  		if (is_vm_hugetlb_page(tmp))
  			reset_vma_resv_huge_pages(tmp);
  
  		/*

  		 * Link in the new vma and copy the page table entries.

  		 */

  		*pprev = tmp;
  		pprev = &tmp->vm_next;

  		tmp->vm_prev = prev;
  		prev = tmp;

  
  		__vma_link_rb(mm, tmp, rb_link, rb_parent);
  		rb_link = &tmp->vm_rb.rb_right;
  		rb_parent = &tmp->vm_rb;
  
  		mm->map_count++;

  		retval = copy_page_range(mm, oldmm, mpnt);

  
  		if (tmp->vm_ops && tmp->vm_ops->open)
  			tmp->vm_ops->open(tmp);
  
  		if (retval)
  			goto out;

  
  		if (file && uprobe_mmap(tmp))
  			goto out;

  	}

  	/* a new mm has just been created */
  	arch_dup_mmap(oldmm, mm);

  	retval = 0;

  out:

  	up_write(&mm->mmap_sem);

  	flush_tlb_mm(oldmm);

  	up_write(&oldmm->mmap_sem);
  	return retval;

  fail_nomem_anon_vma_fork:
  	mpol_put(pol);

  fail_nomem_policy:
  	kmem_cache_free(vm_area_cachep, tmp);
  fail_nomem:
  	retval = -ENOMEM;
  	vm_unacct_memory(charge);
  	goto out;
  }

  static inline int mm_alloc_pgd(struct mm_struct *mm)

  {
  	mm->pgd = pgd_alloc(mm);
  	if (unlikely(!mm->pgd))
  		return -ENOMEM;
  	return 0;
  }

  static inline void mm_free_pgd(struct mm_struct *mm)

  {

  	pgd_free(mm, mm->pgd);

  }
  #else
  #define dup_mmap(mm, oldmm)	(0)
  #define mm_alloc_pgd(mm)	(0)
  #define mm_free_pgd(mm)
  #endif /* CONFIG_MMU */

  __cacheline_aligned_in_smp DEFINE_SPINLOCK(mmlist_lock);

  #define allocate_mm()	(kmem_cache_alloc(mm_cachep, GFP_KERNEL))

  #define free_mm(mm)	(kmem_cache_free(mm_cachep, (mm)))

  static unsigned long default_dump_filter = MMF_DUMP_FILTER_DEFAULT;
  
  static int __init coredump_filter_setup(char *s)
  {
  	default_dump_filter =
  		(simple_strtoul(s, NULL, 0) << MMF_DUMP_FILTER_SHIFT) &
  		MMF_DUMP_FILTER_MASK;
  	return 1;
  }
  
  __setup("coredump_filter=", coredump_filter_setup);

  #include <linux/init_task.h>

  static void mm_init_aio(struct mm_struct *mm)
  {
  #ifdef CONFIG_AIO
  	spin_lock_init(&mm->ioctx_lock);
  	INIT_HLIST_HEAD(&mm->ioctx_list);
  #endif
  }

  static struct mm_struct *mm_init(struct mm_struct *mm, struct task_struct *p)

  {
  	atomic_set(&mm->mm_users, 1);
  	atomic_set(&mm->mm_count, 1);
  	init_rwsem(&mm->mmap_sem);
  	INIT_LIST_HEAD(&mm->mmlist);

  	mm->flags = (current->mm) ?
  		(current->mm->flags & MMF_INIT_MASK) : default_dump_filter;

  	mm->core_state = NULL;

  	mm->nr_ptes = 0;

  	memset(&mm->rss_stat, 0, sizeof(mm->rss_stat));

  	spin_lock_init(&mm->page_table_lock);

  	mm->free_area_cache = TASK_UNMAPPED_BASE;

  	mm->cached_hole_size = ~0UL;

  	mm_init_aio(mm);

  	mm_init_owner(mm, p);

  
  	if (likely(!mm_alloc_pgd(mm))) {
  		mm->def_flags = 0;

  		mmu_notifier_mm_init(mm);

  		return mm;
  	}

  	free_mm(mm);
  	return NULL;
  }

  static void check_mm(struct mm_struct *mm)
  {
  	int i;
  
  	for (i = 0; i < NR_MM_COUNTERS; i++) {
  		long x = atomic_long_read(&mm->rss_stat.count[i]);
  
  		if (unlikely(x))
  			printk(KERN_ALERT "BUG: Bad rss-counter state "
  					  "mm:%p idx:%d val:%ld
  ", mm, i, x);
  	}
  
  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
  	VM_BUG_ON(mm->pmd_huge_pte);
  #endif
  }

  /*
   * Allocate and initialize an mm_struct.
   */

  struct mm_struct *mm_alloc(void)

  {

  	struct mm_struct *mm;

  
  	mm = allocate_mm();

  	if (!mm)
  		return NULL;
  
  	memset(mm, 0, sizeof(*mm));

  	mm_init_cpumask(mm);
  	return mm_init(mm, current);

  }
  
  /*
   * Called when the last reference to the mm
   * is dropped: either by a lazy thread or by
   * mmput. Free the page directory and the mm.
   */

  void __mmdrop(struct mm_struct *mm)

  {
  	BUG_ON(mm == &init_mm);
  	mm_free_pgd(mm);
  	destroy_context(mm);

  	mmu_notifier_mm_destroy(mm);

  	check_mm(mm);

  	free_mm(mm);
  }

  EXPORT_SYMBOL_GPL(__mmdrop);

  
  /*
   * Decrement the use count and release all resources for an mm.
   */
  void mmput(struct mm_struct *mm)
  {

  	might_sleep();

  	if (atomic_dec_and_test(&mm->mm_users)) {

  		uprobe_clear_state(mm);

  		exit_aio(mm);

  		ksm_exit(mm);

  		khugepaged_exit(mm); /* must run before exit_mmap */

  		exit_mmap(mm);

  		set_mm_exe_file(mm, NULL);

  		if (!list_empty(&mm->mmlist)) {
  			spin_lock(&mmlist_lock);
  			list_del(&mm->mmlist);
  			spin_unlock(&mmlist_lock);
  		}

  		if (mm->binfmt)
  			module_put(mm->binfmt->module);

  		mmdrop(mm);
  	}
  }
  EXPORT_SYMBOL_GPL(mmput);

  /*
   * We added or removed a vma mapping the executable. The vmas are only mapped
   * during exec and are not mapped with the mmap system call.
   * Callers must hold down_write() on the mm's mmap_sem for these
   */
  void added_exe_file_vma(struct mm_struct *mm)
  {
  	mm->num_exe_file_vmas++;
  }
  
  void removed_exe_file_vma(struct mm_struct *mm)
  {
  	mm->num_exe_file_vmas--;

  	if ((mm->num_exe_file_vmas == 0) && mm->exe_file) {

  		fput(mm->exe_file);
  		mm->exe_file = NULL;
  	}
  
  }
  
  void set_mm_exe_file(struct mm_struct *mm, struct file *new_exe_file)
  {
  	if (new_exe_file)
  		get_file(new_exe_file);
  	if (mm->exe_file)
  		fput(mm->exe_file);
  	mm->exe_file = new_exe_file;
  	mm->num_exe_file_vmas = 0;
  }
  
  struct file *get_mm_exe_file(struct mm_struct *mm)
  {
  	struct file *exe_file;
  
  	/* We need mmap_sem to protect against races with removal of
  	 * VM_EXECUTABLE vmas */
  	down_read(&mm->mmap_sem);
  	exe_file = mm->exe_file;
  	if (exe_file)
  		get_file(exe_file);
  	up_read(&mm->mmap_sem);
  	return exe_file;
  }
  
  static void dup_mm_exe_file(struct mm_struct *oldmm, struct mm_struct *newmm)
  {
  	/* It's safe to write the exe_file pointer without exe_file_lock because
  	 * this is called during fork when the task is not yet in /proc */
  	newmm->exe_file = get_mm_exe_file(oldmm);
  }

  /**
   * get_task_mm - acquire a reference to the task's mm
   *

   * Returns %NULL if the task has no mm.  Checks PF_KTHREAD (meaning

   * this kernel workthread has transiently adopted a user mm with use_mm,
   * to do its AIO) is not set and if so returns a reference to it, after
   * bumping up the use count.  User must release the mm via mmput()
   * after use.  Typically used by /proc and ptrace.
   */
  struct mm_struct *get_task_mm(struct task_struct *task)
  {
  	struct mm_struct *mm;
  
  	task_lock(task);
  	mm = task->mm;
  	if (mm) {

  		if (task->flags & PF_KTHREAD)

  			mm = NULL;
  		else
  			atomic_inc(&mm->mm_users);
  	}
  	task_unlock(task);
  	return mm;
  }
  EXPORT_SYMBOL_GPL(get_task_mm);

  struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
  {
  	struct mm_struct *mm;
  	int err;
  
  	err =  mutex_lock_killable(&task->signal->cred_guard_mutex);
  	if (err)
  		return ERR_PTR(err);
  
  	mm = get_task_mm(task);
  	if (mm && mm != current->mm &&
  			!ptrace_may_access(task, mode)) {
  		mmput(mm);
  		mm = ERR_PTR(-EACCES);
  	}
  	mutex_unlock(&task->signal->cred_guard_mutex);
  
  	return mm;
  }

  static void complete_vfork_done(struct task_struct *tsk)

  {

  	struct completion *vfork;

  	task_lock(tsk);
  	vfork = tsk->vfork_done;
  	if (likely(vfork)) {
  		tsk->vfork_done = NULL;
  		complete(vfork);
  	}
  	task_unlock(tsk);
  }
  
  static int wait_for_vfork_done(struct task_struct *child,
  				struct completion *vfork)
  {
  	int killed;
  
  	freezer_do_not_count();
  	killed = wait_for_completion_killable(vfork);
  	freezer_count();
  
  	if (killed) {
  		task_lock(child);
  		child->vfork_done = NULL;
  		task_unlock(child);
  	}
  
  	put_task_struct(child);
  	return killed;

  }

  /* Please note the differences between mmput and mm_release.
   * mmput is called whenever we stop holding onto a mm_struct,
   * error success whatever.
   *
   * mm_release is called after a mm_struct has been removed
   * from the current process.
   *
   * This difference is important for error handling, when we
   * only half set up a mm_struct for a new process and need to restore
   * the old one.  Because we mmput the new mm_struct before
   * restoring the old one. . .
   * Eric Biederman 10 January 1998
   */
  void mm_release(struct task_struct *tsk, struct mm_struct *mm)
  {

  	/* Get rid of any futexes when releasing the mm */
  #ifdef CONFIG_FUTEX

  	if (unlikely(tsk->robust_list)) {

  		exit_robust_list(tsk);

  		tsk->robust_list = NULL;
  	}

  #ifdef CONFIG_COMPAT

  	if (unlikely(tsk->compat_robust_list)) {

  		compat_exit_robust_list(tsk);

  		tsk->compat_robust_list = NULL;
  	}

  #endif

  	if (unlikely(!list_empty(&tsk->pi_state_list)))
  		exit_pi_state_list(tsk);

  #endif

  	uprobe_free_utask(tsk);

  	/* Get rid of any cached register state */
  	deactivate_mm(tsk, mm);

  	/*
  	 * If we're exiting normally, clear a user-space tid field if
  	 * requested.  We leave this alone when dying by signal, to leave
  	 * the value intact in a core dump, and to save the unnecessary

  	 * trouble, say, a killed vfork parent shouldn't touch this mm.
  	 * Userland only wants this done for a sys_exit.

  	 */

  	if (tsk->clear_child_tid) {
  		if (!(tsk->flags & PF_SIGNALED) &&
  		    atomic_read(&mm->mm_users) > 1) {
  			/*
  			 * We don't check the error code - if userspace has
  			 * not set up a proper pointer then tough luck.
  			 */
  			put_user(0, tsk->clear_child_tid);
  			sys_futex(tsk->clear_child_tid, FUTEX_WAKE,
  					1, NULL, NULL, 0);
  		}

  		tsk->clear_child_tid = NULL;

  	}

  
  	/*
  	 * All done, finally we can wake up parent and return this mm to him.
  	 * Also kthread_stop() uses this completion for synchronization.
  	 */
  	if (tsk->vfork_done)
  		complete_vfork_done(tsk);

  }

  /*
   * Allocate a new mm structure and copy contents from the
   * mm structure of the passed in task structure.
   */

  struct mm_struct *dup_mm(struct task_struct *tsk)

  {
  	struct mm_struct *mm, *oldmm = current->mm;
  	int err;
  
  	if (!oldmm)
  		return NULL;
  
  	mm = allocate_mm();
  	if (!mm)
  		goto fail_nomem;
  
  	memcpy(mm, oldmm, sizeof(*mm));

  	mm_init_cpumask(mm);

  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
  	mm->pmd_huge_pte = NULL;
  #endif

  	uprobe_reset_state(mm);

  	if (!mm_init(mm, tsk))

  		goto fail_nomem;
  
  	if (init_new_context(tsk, mm))
  		goto fail_nocontext;

  	dup_mm_exe_file(oldmm, mm);

  	err = dup_mmap(mm, oldmm);
  	if (err)
  		goto free_pt;
  
  	mm->hiwater_rss = get_mm_rss(mm);
  	mm->hiwater_vm = mm->total_vm;

  	if (mm->binfmt && !try_module_get(mm->binfmt->module))
  		goto free_pt;

  	return mm;
  
  free_pt:

  	/* don't put binfmt in mmput, we haven't got module yet */
  	mm->binfmt = NULL;

  	mmput(mm);
  
  fail_nomem:
  	return NULL;
  
  fail_nocontext:
  	/*
  	 * If init_new_context() failed, we cannot use mmput() to free the mm
  	 * because it calls destroy_context()
  	 */
  	mm_free_pgd(mm);
  	free_mm(mm);
  	return NULL;
  }

  static int copy_mm(unsigned long clone_flags, struct task_struct *tsk)

  {

  	struct mm_struct *mm, *oldmm;

  	int retval;
  
  	tsk->min_flt = tsk->maj_flt = 0;
  	tsk->nvcsw = tsk->nivcsw = 0;

  #ifdef CONFIG_DETECT_HUNG_TASK
  	tsk->last_switch_count = tsk->nvcsw + tsk->nivcsw;
  #endif

  
  	tsk->mm = NULL;
  	tsk->active_mm = NULL;
  
  	/*
  	 * Are we cloning a kernel thread?
  	 *
  	 * We need to steal a active VM for that..
  	 */
  	oldmm = current->mm;
  	if (!oldmm)
  		return 0;
  
  	if (clone_flags & CLONE_VM) {
  		atomic_inc(&oldmm->mm_users);
  		mm = oldmm;

  		goto good_mm;
  	}
  
  	retval = -ENOMEM;

  	mm = dup_mm(tsk);

  	if (!mm)
  		goto fail_nomem;

  good_mm:
  	tsk->mm = mm;
  	tsk->active_mm = mm;
  	return 0;

  fail_nomem:
  	return retval;

  }

  static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)

  {

  	struct fs_struct *fs = current->fs;

  	if (clone_flags & CLONE_FS) {

  		/* tsk->fs is already what we want */

  		spin_lock(&fs->lock);

  		if (fs->in_exec) {

  			spin_unlock(&fs->lock);

  			return -EAGAIN;
  		}
  		fs->users++;

  		spin_unlock(&fs->lock);

  		return 0;
  	}

  	tsk->fs = copy_fs_struct(fs);

  	if (!tsk->fs)
  		return -ENOMEM;
  	return 0;
  }

  static int copy_files(unsigned long clone_flags, struct task_struct *tsk)

  {
  	struct files_struct *oldf, *newf;
  	int error = 0;
  
  	/*
  	 * A background process may not have any files ...
  	 */
  	oldf = current->files;
  	if (!oldf)
  		goto out;
  
  	if (clone_flags & CLONE_FILES) {
  		atomic_inc(&oldf->count);
  		goto out;
  	}

  	newf = dup_fd(oldf, &error);
  	if (!newf)
  		goto out;
  
  	tsk->files = newf;
  	error = 0;
  out:
  	return error;
  }

  static int copy_io(unsigned long clone_flags, struct task_struct *tsk)

  {
  #ifdef CONFIG_BLOCK
  	struct io_context *ioc = current->io_context;

  	struct io_context *new_ioc;

  
  	if (!ioc)
  		return 0;

  	/*
  	 * Share io context with parent, if CLONE_IO is set
  	 */
  	if (clone_flags & CLONE_IO) {

  		ioc_task_link(ioc);
  		tsk->io_context = ioc;

  	} else if (ioprio_valid(ioc->ioprio)) {

  		new_ioc = get_task_io_context(tsk, GFP_KERNEL, NUMA_NO_NODE);
  		if (unlikely(!new_ioc))

  			return -ENOMEM;

  		new_ioc->ioprio = ioc->ioprio;

  		put_io_context(new_ioc);

  	}
  #endif
  	return 0;
  }

  static int copy_sighand(unsigned long clone_flags, struct task_struct *tsk)

  {
  	struct sighand_struct *sig;

  	if (clone_flags & CLONE_SIGHAND) {

  		atomic_inc(&current->sighand->count);
  		return 0;
  	}
  	sig = kmem_cache_alloc(sighand_cachep, GFP_KERNEL);

  	rcu_assign_pointer(tsk->sighand, sig);

  	if (!sig)
  		return -ENOMEM;

  	atomic_set(&sig->count, 1);
  	memcpy(sig->action, current->sighand->action, sizeof(sig->action));
  	return 0;
  }

  void __cleanup_sighand(struct sighand_struct *sighand)

  {

  	if (atomic_dec_and_test(&sighand->count)) {
  		signalfd_cleanup(sighand);

  		kmem_cache_free(sighand_cachep, sighand);

  	}

  }

  
  /*
   * Initialize POSIX timer handling for a thread group.
   */
  static void posix_cpu_timers_init_group(struct signal_struct *sig)
  {

  	unsigned long cpu_limit;

  	/* Thread group counters. */
  	thread_group_cputime_init(sig);

  	cpu_limit = ACCESS_ONCE(sig->rlim[RLIMIT_CPU].rlim_cur);
  	if (cpu_limit != RLIM_INFINITY) {
  		sig->cputime_expires.prof_exp = secs_to_cputime(cpu_limit);

  		sig->cputimer.running = 1;
  	}

  	/* The timer lists. */
  	INIT_LIST_HEAD(&sig->cpu_timers[0]);
  	INIT_LIST_HEAD(&sig->cpu_timers[1]);
  	INIT_LIST_HEAD(&sig->cpu_timers[2]);
  }

  static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)

  {
  	struct signal_struct *sig;

  	if (clone_flags & CLONE_THREAD)

  		return 0;

  	sig = kmem_cache_zalloc(signal_cachep, GFP_KERNEL);

  	tsk->signal = sig;
  	if (!sig)
  		return -ENOMEM;

  	sig->nr_threads = 1;

  	atomic_set(&sig->live, 1);

  	atomic_set(&sig->sigcnt, 1);

  	init_waitqueue_head(&sig->wait_chldexit);

  	if (clone_flags & CLONE_NEWPID)
  		sig->flags |= SIGNAL_UNKILLABLE;

  	sig->curr_target = tsk;

  	init_sigpending(&sig->shared_pending);
  	INIT_LIST_HEAD(&sig->posix_timers);

  	hrtimer_init(&sig->real_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);

  	sig->real_timer.function = it_real_fn;

  	task_lock(current->group_leader);
  	memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim);
  	task_unlock(current->group_leader);

  	posix_cpu_timers_init_group(sig);

  	tty_audit_fork(sig);

  	sched_autogroup_fork(sig);

  #ifdef CONFIG_CGROUPS

  	init_rwsem(&sig->group_rwsem);

  #endif

  	sig->oom_adj = current->signal->oom_adj;

  	sig->oom_score_adj = current->signal->oom_score_adj;

  	sig->oom_score_adj_min = current->signal->oom_score_adj_min;

  	sig->has_child_subreaper = current->signal->has_child_subreaper ||
  				   current->signal->is_child_subreaper;

  	mutex_init(&sig->cred_guard_mutex);

  	return 0;
  }

  static void copy_flags(unsigned long clone_flags, struct task_struct *p)

  {
  	unsigned long new_flags = p->flags;

  	new_flags &= ~(PF_SUPERPRIV | PF_WQ_WORKER);

  	new_flags |= PF_FORKNOEXEC;

  	p->flags = new_flags;
  }

  SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr)

  {
  	current->clear_child_tid = tidptr;

  	return task_pid_vnr(current);

  }

  static void rt_mutex_init_task(struct task_struct *p)

  {

  	raw_spin_lock_init(&p->pi_lock);

  #ifdef CONFIG_RT_MUTEXES

  	plist_head_init(&p->pi_waiters);

  	p->pi_blocked_on = NULL;

  #endif
  }

  #ifdef CONFIG_MM_OWNER
  void mm_init_owner(struct mm_struct *mm, struct task_struct *p)
  {
  	mm->owner = p;
  }
  #endif /* CONFIG_MM_OWNER */

  /*

   * Initialize POSIX timer handling for a single task.
   */
  static void posix_cpu_timers_init(struct task_struct *tsk)
  {

  	tsk->cputime_expires.prof_exp = 0;
  	tsk->cputime_expires.virt_exp = 0;

  	tsk->cputime_expires.sched_exp = 0;
  	INIT_LIST_HEAD(&tsk->cpu_timers[0]);
  	INIT_LIST_HEAD(&tsk->cpu_timers[1]);
  	INIT_LIST_HEAD(&tsk->cpu_timers[2]);
  }
  
  /*

   * This creates a new process as a copy of the old one,
   * but does not actually start it yet.
   *
   * It copies the registers, and all the appropriate
   * parts of the process environment (as per the clone
   * flags). The actual kick-off is left to the caller.
   */

  static struct task_struct *copy_process(unsigned long clone_flags,
  					unsigned long stack_start,
  					struct pt_regs *regs,
  					unsigned long stack_size,

  					int __user *child_tidptr,

  					struct pid *pid,
  					int trace)

  {
  	int retval;

  	struct task_struct *p;

  	int cgroup_callbacks_done = 0;

  
  	if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
  	 */
  	if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND))
  		return ERR_PTR(-EINVAL);
  
  	/*
  	 * Shared signal handlers imply shared VM. By way of the above,
  	 * thread groups also imply shared VM. Blocking this case allows
  	 * for various simplifications in other code.
  	 */
  	if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
  		return ERR_PTR(-EINVAL);

  	/*
  	 * Siblings of global init remain as zombies on exit since they are
  	 * not reaped by their parent (swapper). To solve this and to avoid
  	 * multi-rooted process trees, prevent global and container-inits
  	 * from creating siblings.
  	 */
  	if ((clone_flags & CLONE_PARENT) &&
  				current->signal->flags & SIGNAL_UNKILLABLE)
  		return ERR_PTR(-EINVAL);

  	retval = security_task_create(clone_flags);
  	if (retval)
  		goto fork_out;
  
  	retval = -ENOMEM;
  	p = dup_task_struct(current);
  	if (!p)
  		goto fork_out;

  	ftrace_graph_init_task(p);

  	get_seccomp_filter(p);

  	rt_mutex_init_task(p);

  #ifdef CONFIG_PROVE_LOCKING

  	DEBUG_LOCKS_WARN_ON(!p->hardirqs_enabled);
  	DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
  #endif

  	retval = -EAGAIN;

  	if (atomic_read(&p->real_cred->user->processes) >=

  			task_rlimit(p, RLIMIT_NPROC)) {

  		if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&

  		    p->real_cred->user != INIT_USER)

  			goto bad_fork_free;
  	}

  	current->flags &= ~PF_NPROC_EXCEEDED;

  	retval = copy_creds(p, clone_flags);
  	if (retval < 0)
  		goto bad_fork_free;

  
  	/*
  	 * If multiple threads are within copy_process(), then this check
  	 * triggers too late. This doesn't hurt, the check is only there
  	 * to stop root fork bombs.
  	 */

  	retval = -EAGAIN;

  	if (nr_threads >= max_threads)
  		goto bad_fork_cleanup_count;

  	if (!try_module_get(task_thread_info(p)->exec_domain->module))

  		goto bad_fork_cleanup_count;

  	p->did_exec = 0;

  	delayacct_tsk_init(p);	/* Must remain after dup_task_struct() */

  	copy_flags(clone_flags, p);

  	INIT_LIST_HEAD(&p->children);
  	INIT_LIST_HEAD(&p->sibling);

  	rcu_copy_process(p);

  	p->vfork_done = NULL;
  	spin_lock_init(&p->alloc_lock);

  	init_sigpending(&p->pending);

  	p->utime = p->stime = p->gtime = 0;
  	p->utimescaled = p->stimescaled = 0;

  #ifndef CONFIG_VIRT_CPU_ACCOUNTING

  	p->prev_utime = p->prev_stime = 0;

  #endif

  #if defined(SPLIT_RSS_COUNTING)
  	memset(&p->rss_stat, 0, sizeof(p->rss_stat));
  #endif

  	p->default_timer_slack_ns = current->timer_slack_ns;

  	task_io_accounting_init(&p->ioac);

  	acct_clear_integrals(p);

  	posix_cpu_timers_init(p);

  	do_posix_clock_monotonic_gettime(&p->start_time);

  	p->real_start_time = p->start_time;
  	monotonic_to_bootbased(&p->real_start_time);

  	p->io_context = NULL;

  	p->audit_context = NULL;

  	if (clone_flags & CLONE_THREAD)

  		threadgroup_change_begin(current);

  	cgroup_fork(p);

  #ifdef CONFIG_NUMA

  	p->mempolicy = mpol_dup(p->mempolicy);

  	if (IS_ERR(p->mempolicy)) {
  		retval = PTR_ERR(p->mempolicy);
  		p->mempolicy = NULL;
  		goto bad_fork_cleanup_cgroup;
  	}

  	mpol_fix_fork_child_flag(p);

  #endif

  #ifdef CONFIG_CPUSETS
  	p->cpuset_mem_spread_rotor = NUMA_NO_NODE;
  	p->cpuset_slab_spread_rotor = NUMA_NO_NODE;

  	seqcount_init(&p->mems_allowed_seq);

  #endif

  #ifdef CONFIG_TRACE_IRQFLAGS
  	p->irq_events = 0;

  #ifdef __ARCH_WANT_INTERRUPTS_ON_CTXSW
  	p->hardirqs_enabled = 1;
  #else

  	p->hardirqs_enabled = 0;

  #endif

  	p->hardirq_enable_ip = 0;
  	p->hardirq_enable_event = 0;
  	p->hardirq_disable_ip = _THIS_IP_;
  	p->hardirq_disable_event = 0;
  	p->softirqs_enabled = 1;
  	p->softirq_enable_ip = _THIS_IP_;
  	p->softirq_enable_event = 0;
  	p->softirq_disable_ip = 0;
  	p->softirq_disable_event = 0;
  	p->hardirq_context = 0;
  	p->softirq_context = 0;
  #endif

  #ifdef CONFIG_LOCKDEP
  	p->lockdep_depth = 0; /* no locks held yet */
  	p->curr_chain_key = 0;
  	p->lockdep_recursion = 0;
  #endif

  #ifdef CONFIG_DEBUG_MUTEXES
  	p->blocked_on = NULL; /* not blocked yet */
  #endif

  #ifdef CONFIG_CGROUP_MEM_RES_CTLR
  	p->memcg_batch.do_batch = 0;
  	p->memcg_batch.memcg = NULL;
  #endif

  	/* Perform scheduler related setup. Assign this task to a CPU. */

  	sched_fork(p);

  	retval = perf_event_init_task(p);

  	if (retval)
  		goto bad_fork_cleanup_policy;

  	retval = audit_alloc(p);
  	if (retval)

  		goto bad_fork_cleanup_policy;

  	/* copy all the process information */

  	retval = copy_semundo(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_audit;

  	retval = copy_files(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_semundo;

  	retval = copy_fs(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_files;

  	retval = copy_sighand(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_fs;

  	retval = copy_signal(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_sighand;

  	retval = copy_mm(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_signal;

  	retval = copy_namespaces(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_mm;

  	retval = copy_io(clone_flags, p);
  	if (retval)

  		goto bad_fork_cleanup_namespaces;

  	retval = copy_thread(clone_flags, stack_start, stack_size, p, regs);

  	if (retval)

  		goto bad_fork_cleanup_io;

  	if (pid != &init_struct_pid) {
  		retval = -ENOMEM;

  		pid = alloc_pid(p->nsproxy->pid_ns);

  		if (!pid)

  			goto bad_fork_cleanup_io;

  	}
  
  	p->pid = pid_nr(pid);
  	p->tgid = p->pid;
  	if (clone_flags & CLONE_THREAD)
  		p->tgid = current->tgid;

  	p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
  	/*
  	 * Clear TID on mm_release()?
  	 */

  	p->clear_child_tid = (clone_flags & CLONE_CHILD_CLEARTID) ? child_tidptr : NULL;

  #ifdef CONFIG_BLOCK
  	p->plug = NULL;
  #endif

  #ifdef CONFIG_FUTEX

  	p->robust_list = NULL;
  #ifdef CONFIG_COMPAT
  	p->compat_robust_list = NULL;
  #endif

  	INIT_LIST_HEAD(&p->pi_state_list);
  	p->pi_state_cache = NULL;

  #endif

  	uprobe_copy_process(p);

  	/*

  	 * sigaltstack should be cleared when sharing the same VM
  	 */
  	if ((clone_flags & (CLONE_VM|CLONE_VFORK)) == CLONE_VM)
  		p->sas_ss_sp = p->sas_ss_size = 0;
  
  	/*

  	 * Syscall tracing and stepping should be turned off in the
  	 * child regardless of CLONE_PTRACE.

  	 */

  	user_disable_single_step(p);

  	clear_tsk_thread_flag(p, TIF_SYSCALL_TRACE);

  #ifdef TIF_SYSCALL_EMU
  	clear_tsk_thread_flag(p, TIF_SYSCALL_EMU);
  #endif

  	clear_all_latency_tracing(p);

  	/* ok, now we should be set up.. */

  	if (clone_flags & CLONE_THREAD)
  		p->exit_signal = -1;
  	else if (clone_flags & CLONE_PARENT)
  		p->exit_signal = current->group_leader->exit_signal;
  	else
  		p->exit_signal = (clone_flags & CSIGNAL);

  	p->pdeath_signal = 0;
  	p->exit_state = 0;

  	p->nr_dirtied = 0;
  	p->nr_dirtied_pause = 128 >> (PAGE_SHIFT - 10);

  	p->dirty_paused_when = 0;

  	/*
  	 * Ok, make it visible to the rest of the system.
  	 * We dont wake it up yet.
  	 */
  	p->group_leader = p;

  	INIT_LIST_HEAD(&p->thread_group);

  	INIT_HLIST_HEAD(&p->task_works);

  	/* Now that the task is set up, run cgroup callbacks if
  	 * necessary. We need to run them before the task is visible
  	 * on the tasklist. */
  	cgroup_fork_callbacks(p);
  	cgroup_callbacks_done = 1;

  	/* Need tasklist lock for parent etc handling! */
  	write_lock_irq(&tasklist_lock);

  	/* CLONE_PARENT re-uses the old parent */

  	if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {

  		p->real_parent = current->real_parent;

  		p->parent_exec_id = current->parent_exec_id;
  	} else {

  		p->real_parent = current;

  		p->parent_exec_id = current->self_exec_id;
  	}

  	spin_lock(&current->sighand->siglock);

  
  	/*
  	 * Process group and session signals need to be delivered to just the
  	 * parent before the fork or both the parent and the child after the
  	 * fork. Restart if a signal comes in before we add the new process to
  	 * it's process group.
  	 * A fatal signal pending means that current will exit, so the new
  	 * thread can't slip out of an OOM kill (or normal SIGKILL).

  	*/

  	recalc_sigpending();

  	if (signal_pending(current)) {
  		spin_unlock(&current->sighand->siglock);
  		write_unlock_irq(&tasklist_lock);
  		retval = -ERESTARTNOINTR;

  		goto bad_fork_free_pid;

  	}

  	if (clone_flags & CLONE_THREAD) {

  		current->signal->nr_threads++;

  		atomic_inc(&current->signal->live);

  		atomic_inc(&current->signal->sigcnt);

  		p->group_leader = current->group_leader;

  		list_add_tail_rcu(&p->thread_group, &p->group_leader->thread_group);

  	}

  	if (likely(p->pid)) {

  		ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);

  
  		if (thread_group_leader(p)) {

  			if (is_child_reaper(pid))

  				p->nsproxy->pid_ns->child_reaper = p;

  			p->signal->leader_pid = pid;

  			p->signal->tty = tty_kref_get(current->signal->tty);

  			attach_pid(p, PIDTYPE_PGID, task_pgrp(current));
  			attach_pid(p, PIDTYPE_SID, task_session(current));

  			list_add_tail(&p->sibling, &p->real_parent->children);

  			list_add_tail_rcu(&p->tasks, &init_task.tasks);

  			__this_cpu_inc(process_counts);

  		}

  		attach_pid(p, PIDTYPE_PID, pid);

  		nr_threads++;

  	}

  	total_forks++;

  	spin_unlock(&current->sighand->siglock);

  	write_unlock_irq(&tasklist_lock);

  	proc_fork_connector(p);

  	cgroup_post_fork(p);

  	if (clone_flags & CLONE_THREAD)

  		threadgroup_change_end(current);

  	perf_event_fork(p);

  
  	trace_task_newtask(p, clone_flags);

  	return p;

  bad_fork_free_pid:
  	if (pid != &init_struct_pid)
  		free_pid(pid);

  bad_fork_cleanup_io:

  	if (p->io_context)
  		exit_io_context(p);

  bad_fork_cleanup_namespaces:

  	if (unlikely(clone_flags & CLONE_NEWPID))
  		pid_ns_release_proc(p->nsproxy->pid_ns);

  	exit_task_namespaces(p);

  bad_fork_cleanup_mm:

  	if (p->mm)

  		mmput(p->mm);
  bad_fork_cleanup_signal:

  	if (!(clone_flags & CLONE_THREAD))

  		free_signal_struct(p->signal);

  bad_fork_cleanup_sighand:

  	__cleanup_sighand(p->sighand);

  bad_fork_cleanup_fs:
  	exit_fs(p); /* blocking */
  bad_fork_cleanup_files:
  	exit_files(p); /* blocking */
  bad_fork_cleanup_semundo:
  	exit_sem(p);
  bad_fork_cleanup_audit:
  	audit_free(p);

  bad_fork_cleanup_policy:

  	perf_event_free_task(p);

  #ifdef CONFIG_NUMA

  	mpol_put(p->mempolicy);

  bad_fork_cleanup_cgroup:

  #endif

  	if (clone_flags & CLONE_THREAD)

  		threadgroup_change_end(current);

  	cgroup_exit(p, cgroup_callbacks_done);

  	delayacct_tsk_free(p);

  	module_put(task_thread_info(p)->exec_domain->module);

  bad_fork_cleanup_count:

  	atomic_dec(&p->cred->user->processes);

  	exit_creds(p);

  bad_fork_free:
  	free_task(p);

  fork_out:
  	return ERR_PTR(retval);

  }

  noinline struct pt_regs * __cpuinit __attribute__((weak)) idle_regs(struct pt_regs *regs)

  {
  	memset(regs, 0, sizeof(struct pt_regs));
  	return regs;
  }

  static inline void init_idle_pids(struct pid_link *links)
  {
  	enum pid_type type;
  
  	for (type = PIDTYPE_PID; type < PIDTYPE_MAX; ++type) {
  		INIT_HLIST_NODE(&links[type].node); /* not really needed */
  		links[type].pid = &init_struct_pid;
  	}
  }

  struct task_struct * __cpuinit fork_idle(int cpu)

  {

  	struct task_struct *task;

  	struct pt_regs regs;

  	task = copy_process(CLONE_VM, 0, idle_regs(&regs), 0, NULL,

  			    &init_struct_pid, 0);

  	if (!IS_ERR(task)) {
  		init_idle_pids(task->pids);

  		init_idle(task, cpu);

  	}

  	return task;
  }