/*
   *  linux/kernel/fork.c
   *
   *  Copyright (C) 1991, 1992  Linus Torvalds
   */
  
  /*
   *  'fork.c' contains the help-routines for the 'fork' system call
   * (see also entry.S and others).
   * Fork is rather simple, once you get the hang of it, but the memory
   * management can be a bitch. See 'mm/memory.c': 'copy_page_range()'
   */

  #include <linux/slab.h>

  #include <linux/sched/autogroup.h>

  #include <linux/sched/mm.h>

  #include <linux/sched/coredump.h>

  #include <linux/sched/user.h>

  #include <linux/sched/numa_balancing.h>

  #include <linux/sched/stat.h>

  #include <linux/sched/task.h>

  #include <linux/sched/task_stack.h>

  #include <linux/sched/cputime.h>

  #include <linux/rtmutex.h>

  #include <linux/init.h>
  #include <linux/unistd.h>

  #include <linux/module.h>
  #include <linux/vmalloc.h>
  #include <linux/completion.h>

  #include <linux/personality.h>
  #include <linux/mempolicy.h>
  #include <linux/sem.h>
  #include <linux/file.h>

  #include <linux/fdtable.h>

  #include <linux/iocontext.h>

  #include <linux/key.h>
  #include <linux/binfmts.h>
  #include <linux/mman.h>

  #include <linux/mmu_notifier.h>

  #include <linux/hmm.h>

  #include <linux/fs.h>

  #include <linux/mm.h>
  #include <linux/vmacache.h>

  #include <linux/nsproxy.h>

  #include <linux/capability.h>

  #include <linux/cpu.h>

  #include <linux/cgroup.h>

  #include <linux/security.h>

  #include <linux/hugetlb.h>

  #include <linux/seccomp.h>

  #include <linux/swap.h>
  #include <linux/syscalls.h>
  #include <linux/jiffies.h>
  #include <linux/futex.h>

  #include <linux/compat.h>

  #include <linux/kthread.h>

  #include <linux/task_io_accounting_ops.h>

  #include <linux/rcupdate.h>

  #include <linux/ptrace.h>
  #include <linux/mount.h>
  #include <linux/audit.h>

  #include <linux/memcontrol.h>

  #include <linux/ftrace.h>

  #include <linux/proc_fs.h>

  #include <linux/profile.h>
  #include <linux/rmap.h>

  #include <linux/ksm.h>

  #include <linux/acct.h>

  #include <linux/userfaultfd_k.h>

  #include <linux/tsacct_kern.h>

  #include <linux/cn_proc.h>

  #include <linux/freezer.h>

  #include <linux/delayacct.h>

  #include <linux/taskstats_kern.h>

  #include <linux/random.h>

  #include <linux/tty.h>

  #include <linux/blkdev.h>

  #include <linux/fs_struct.h>

  #include <linux/magic.h>

  #include <linux/perf_event.h>

  #include <linux/posix-timers.h>

  #include <linux/user-return-notifier.h>

  #include <linux/oom.h>

  #include <linux/khugepaged.h>

  #include <linux/signalfd.h>

  #include <linux/uprobes.h>

  #include <linux/aio.h>

  #include <linux/compiler.h>

  #include <linux/sysctl.h>

  #include <linux/kcov.h>

  #include <linux/livepatch.h>

  #include <linux/thread_info.h>

  
  #include <asm/pgtable.h>
  #include <asm/pgalloc.h>

  #include <linux/uaccess.h>

  #include <asm/mmu_context.h>
  #include <asm/cacheflush.h>
  #include <asm/tlbflush.h>

  #include <trace/events/sched.h>

  #define CREATE_TRACE_POINTS
  #include <trace/events/task.h>

  /*

   * Minimum number of threads to boot the kernel
   */
  #define MIN_THREADS 20
  
  /*
   * Maximum number of threads
   */
  #define MAX_THREADS FUTEX_TID_MASK
  
  /*

   * Protected counters by write_lock_irq(&tasklist_lock)
   */
  unsigned long total_forks;	/* Handle normal Linux uptimes. */

  int nr_threads;			/* The idle threads do not count.. */

  
  int max_threads;		/* tunable limit on nr_threads */
  
  DEFINE_PER_CPU(unsigned long, process_counts) = 0;

  __cacheline_aligned DEFINE_RWLOCK(tasklist_lock);  /* outer */

  
  #ifdef CONFIG_PROVE_RCU
  int lockdep_tasklist_lock_is_held(void)
  {
  	return lockdep_is_held(&tasklist_lock);
  }
  EXPORT_SYMBOL_GPL(lockdep_tasklist_lock_is_held);
  #endif /* #ifdef CONFIG_PROVE_RCU */

  
  int nr_processes(void)
  {
  	int cpu;
  	int total = 0;

  	for_each_possible_cpu(cpu)

  		total += per_cpu(process_counts, cpu);
  
  	return total;
  }

  void __weak arch_release_task_struct(struct task_struct *tsk)
  {
  }

  #ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR

  static struct kmem_cache *task_struct_cachep;

  
  static inline struct task_struct *alloc_task_struct_node(int node)
  {
  	return kmem_cache_alloc_node(task_struct_cachep, GFP_KERNEL, node);
  }

  static inline void free_task_struct(struct task_struct *tsk)
  {

  	kmem_cache_free(task_struct_cachep, tsk);
  }

  #endif

  void __weak arch_release_thread_stack(unsigned long *stack)

  {
  }

  #ifndef CONFIG_ARCH_THREAD_STACK_ALLOCATOR

  /*
   * Allocate pages if THREAD_SIZE is >= PAGE_SIZE, otherwise use a
   * kmemcache based allocator.
   */

  # if THREAD_SIZE >= PAGE_SIZE || defined(CONFIG_VMAP_STACK)

  
  #ifdef CONFIG_VMAP_STACK
  /*
   * vmalloc() is a bit slow, and calling vfree() enough times will force a TLB
   * flush.  Try to minimize the number of calls by caching stacks.
   */
  #define NR_CACHED_STACKS 2
  static DEFINE_PER_CPU(struct vm_struct *, cached_stacks[NR_CACHED_STACKS]);

  
  static int free_vm_stack_cache(unsigned int cpu)
  {
  	struct vm_struct **cached_vm_stacks = per_cpu_ptr(cached_stacks, cpu);
  	int i;
  
  	for (i = 0; i < NR_CACHED_STACKS; i++) {
  		struct vm_struct *vm_stack = cached_vm_stacks[i];
  
  		if (!vm_stack)
  			continue;
  
  		vfree(vm_stack->addr);
  		cached_vm_stacks[i] = NULL;
  	}
  
  	return 0;
  }

  #endif

  static unsigned long *alloc_thread_stack_node(struct task_struct *tsk, int node)

  {

  #ifdef CONFIG_VMAP_STACK

  	void *stack;
  	int i;

  	for (i = 0; i < NR_CACHED_STACKS; i++) {

  		struct vm_struct *s;
  
  		s = this_cpu_xchg(cached_stacks[i], NULL);

  
  		if (!s)
  			continue;

  		/* Clear stale pointers from reused stack. */
  		memset(s->addr, 0, THREAD_SIZE);

  		tsk->stack_vm_area = s;

  		return s->addr;
  	}

  	stack = __vmalloc_node_range(THREAD_SIZE, THREAD_ALIGN,

  				     VMALLOC_START, VMALLOC_END,

  				     THREADINFO_GFP,

  				     PAGE_KERNEL,
  				     0, node, __builtin_return_address(0));

  
  	/*
  	 * We can't call find_vm_area() in interrupt context, and
  	 * free_thread_stack() can be called in interrupt context,
  	 * so cache the vm_struct.
  	 */
  	if (stack)
  		tsk->stack_vm_area = find_vm_area(stack);
  	return stack;
  #else

  	struct page *page = alloc_pages_node(node, THREADINFO_GFP,
  					     THREAD_SIZE_ORDER);

  
  	return page ? page_address(page) : NULL;

  #endif

  }

  static inline void free_thread_stack(struct task_struct *tsk)

  {

  #ifdef CONFIG_VMAP_STACK
  	if (task_stack_vm_area(tsk)) {

  		int i;

  		for (i = 0; i < NR_CACHED_STACKS; i++) {

  			if (this_cpu_cmpxchg(cached_stacks[i],
  					NULL, tsk->stack_vm_area) != NULL)

  				continue;

  			return;
  		}

  		vfree_atomic(tsk->stack);

  		return;
  	}
  #endif
  
  	__free_pages(virt_to_page(tsk->stack), THREAD_SIZE_ORDER);

  }

  # else

  static struct kmem_cache *thread_stack_cache;

  static unsigned long *alloc_thread_stack_node(struct task_struct *tsk,

  						  int node)
  {

  	return kmem_cache_alloc_node(thread_stack_cache, THREADINFO_GFP, node);

  }

  static void free_thread_stack(struct task_struct *tsk)

  {

  	kmem_cache_free(thread_stack_cache, tsk->stack);

  }

  void thread_stack_cache_init(void)

  {

  	thread_stack_cache = kmem_cache_create("thread_stack", THREAD_SIZE,

  					      THREAD_SIZE, 0, NULL);

  	BUG_ON(thread_stack_cache == NULL);

  }
  # endif

  #endif

  /* SLAB cache for signal_struct structures (tsk->signal) */

  static struct kmem_cache *signal_cachep;

  
  /* SLAB cache for sighand_struct structures (tsk->sighand) */

  struct kmem_cache *sighand_cachep;

  
  /* SLAB cache for files_struct structures (tsk->files) */

  struct kmem_cache *files_cachep;

  
  /* SLAB cache for fs_struct structures (tsk->fs) */

  struct kmem_cache *fs_cachep;

  
  /* SLAB cache for vm_area_struct structures */

  struct kmem_cache *vm_area_cachep;

  
  /* SLAB cache for mm_struct structures (tsk->mm) */

  static struct kmem_cache *mm_cachep;

  static void account_kernel_stack(struct task_struct *tsk, int account)

  {

  	void *stack = task_stack_page(tsk);
  	struct vm_struct *vm = task_stack_vm_area(tsk);
  
  	BUILD_BUG_ON(IS_ENABLED(CONFIG_VMAP_STACK) && PAGE_SIZE % 1024 != 0);
  
  	if (vm) {
  		int i;
  
  		BUG_ON(vm->nr_pages != THREAD_SIZE / PAGE_SIZE);
  
  		for (i = 0; i < THREAD_SIZE / PAGE_SIZE; i++) {
  			mod_zone_page_state(page_zone(vm->pages[i]),
  					    NR_KERNEL_STACK_KB,
  					    PAGE_SIZE / 1024 * account);
  		}
  
  		/* All stack pages belong to the same memcg. */

  		mod_memcg_page_state(vm->pages[0], MEMCG_KERNEL_STACK_KB,
  				     account * (THREAD_SIZE / 1024));

  	} else {
  		/*
  		 * All stack pages are in the same zone and belong to the
  		 * same memcg.
  		 */
  		struct page *first_page = virt_to_page(stack);
  
  		mod_zone_page_state(page_zone(first_page), NR_KERNEL_STACK_KB,
  				    THREAD_SIZE / 1024 * account);

  		mod_memcg_page_state(first_page, MEMCG_KERNEL_STACK_KB,
  				     account * (THREAD_SIZE / 1024));

  	}

  }

  static void release_task_stack(struct task_struct *tsk)

  {

  	if (WARN_ON(tsk->state != TASK_DEAD))
  		return;  /* Better to leak the stack than to free prematurely */

  	account_kernel_stack(tsk, -1);

  	arch_release_thread_stack(tsk->stack);

  	free_thread_stack(tsk);

  	tsk->stack = NULL;
  #ifdef CONFIG_VMAP_STACK
  	tsk->stack_vm_area = NULL;
  #endif
  }
  
  #ifdef CONFIG_THREAD_INFO_IN_TASK
  void put_task_stack(struct task_struct *tsk)
  {
  	if (atomic_dec_and_test(&tsk->stack_refcount))
  		release_task_stack(tsk);
  }
  #endif
  
  void free_task(struct task_struct *tsk)
  {
  #ifndef CONFIG_THREAD_INFO_IN_TASK
  	/*
  	 * The task is finally done with both the stack and thread_info,
  	 * so free both.
  	 */
  	release_task_stack(tsk);
  #else
  	/*
  	 * If the task had a separate stack allocation, it should be gone
  	 * by now.
  	 */
  	WARN_ON_ONCE(atomic_read(&tsk->stack_refcount) != 0);
  #endif

  	rt_mutex_debug_task_free(tsk);

  	ftrace_graph_exit_task(tsk);

  	put_seccomp_filter(tsk);

  	arch_release_task_struct(tsk);

  	if (tsk->flags & PF_KTHREAD)
  		free_kthread_struct(tsk);

  	free_task_struct(tsk);
  }
  EXPORT_SYMBOL(free_task);

  static inline void free_signal_struct(struct signal_struct *sig)
  {

  	taskstats_tgid_free(sig);

  	sched_autogroup_exit(sig);

  	/*
  	 * __mmdrop is not safe to call from softirq context on x86 due to
  	 * pgd_dtor so postpone it to the async context
  	 */

  	if (sig->oom_mm)

  		mmdrop_async(sig->oom_mm);

  	kmem_cache_free(signal_cachep, sig);
  }
  
  static inline void put_signal_struct(struct signal_struct *sig)
  {

  	if (atomic_dec_and_test(&sig->sigcnt))

  		free_signal_struct(sig);
  }

  void __put_task_struct(struct task_struct *tsk)

  {

  	WARN_ON(!tsk->exit_state);

  	WARN_ON(atomic_read(&tsk->usage));
  	WARN_ON(tsk == current);

  	cgroup_free(tsk);

  	task_numa_free(tsk);

  	security_task_free(tsk);

  	exit_creds(tsk);

  	delayacct_tsk_free(tsk);

  	put_signal_struct(tsk->signal);

  
  	if (!profile_handoff_task(tsk))
  		free_task(tsk);
  }

  EXPORT_SYMBOL_GPL(__put_task_struct);

  void __init __weak arch_task_cache_init(void) { }

  /*
   * set_max_threads
   */

  static void set_max_threads(unsigned int max_threads_suggested)

  {

  	u64 threads;

  
  	/*

  	 * The number of threads shall be limited such that the thread
  	 * structures may only consume a small part of the available memory.

  	 */

  	if (fls64(totalram_pages) + fls64(PAGE_SIZE) > 64)
  		threads = MAX_THREADS;
  	else
  		threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE,
  				    (u64) THREAD_SIZE * 8UL);

  	if (threads > max_threads_suggested)
  		threads = max_threads_suggested;

  	max_threads = clamp_t(u64, threads, MIN_THREADS, MAX_THREADS);

  }

  #ifdef CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT
  /* Initialized by the architecture: */
  int arch_task_struct_size __read_mostly;
  #endif

  void __init fork_init(void)

  {

  	int i;

  #ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR

  #ifndef ARCH_MIN_TASKALIGN

  #define ARCH_MIN_TASKALIGN	0

  #endif

  	int align = max_t(int, L1_CACHE_BYTES, ARCH_MIN_TASKALIGN);

  	/* create a slab on which task_structs can be allocated */

  	task_struct_cachep = kmem_cache_create("task_struct",

  			arch_task_struct_size, align,

  			SLAB_PANIC|SLAB_ACCOUNT, NULL);

  #endif

  	/* do the arch specific task caches init */
  	arch_task_cache_init();

  	set_max_threads(MAX_THREADS);

  
  	init_task.signal->rlim[RLIMIT_NPROC].rlim_cur = max_threads/2;
  	init_task.signal->rlim[RLIMIT_NPROC].rlim_max = max_threads/2;
  	init_task.signal->rlim[RLIMIT_SIGPENDING] =
  		init_task.signal->rlim[RLIMIT_NPROC];

  	for (i = 0; i < UCOUNT_COUNTS; i++) {
  		init_user_ns.ucount_max[i] = max_threads/2;
  	}

  
  #ifdef CONFIG_VMAP_STACK
  	cpuhp_setup_state(CPUHP_BP_PREPARE_DYN, "fork:vm_stack_cache",
  			  NULL, free_vm_stack_cache);
  #endif

  
  	lockdep_init_task(&init_task);

  }

  int __weak arch_dup_task_struct(struct task_struct *dst,

  					       struct task_struct *src)
  {
  	*dst = *src;
  	return 0;
  }

  void set_task_stack_end_magic(struct task_struct *tsk)
  {
  	unsigned long *stackend;
  
  	stackend = end_of_stack(tsk);
  	*stackend = STACK_END_MAGIC;	/* for overflow detection */
  }

  static struct task_struct *dup_task_struct(struct task_struct *orig, int node)

  {
  	struct task_struct *tsk;

  	unsigned long *stack;

  	struct vm_struct *stack_vm_area;

  	int err;

  	if (node == NUMA_NO_NODE)
  		node = tsk_fork_get_node(orig);

  	tsk = alloc_task_struct_node(node);

  	if (!tsk)
  		return NULL;

  	stack = alloc_thread_stack_node(tsk, node);
  	if (!stack)

  		goto free_tsk;

  	stack_vm_area = task_stack_vm_area(tsk);

  	err = arch_dup_task_struct(tsk, orig);

  
  	/*
  	 * arch_dup_task_struct() clobbers the stack-related fields.  Make
  	 * sure they're properly initialized before using any stack-related
  	 * functions again.
  	 */
  	tsk->stack = stack;
  #ifdef CONFIG_VMAP_STACK
  	tsk->stack_vm_area = stack_vm_area;
  #endif

  #ifdef CONFIG_THREAD_INFO_IN_TASK
  	atomic_set(&tsk->stack_refcount, 1);
  #endif

  	if (err)

  		goto free_stack;

  #ifdef CONFIG_SECCOMP
  	/*
  	 * We must handle setting up seccomp filters once we're under
  	 * the sighand lock in case orig has changed between now and
  	 * then. Until then, filter must be NULL to avoid messing up
  	 * the usage counts on the error path calling free_task.
  	 */
  	tsk->seccomp.filter = NULL;
  #endif

  
  	setup_thread_stack(tsk, orig);

  	clear_user_return_notifier(tsk);

  	clear_tsk_need_resched(tsk);

  	set_task_stack_end_magic(tsk);

  #ifdef CONFIG_CC_STACKPROTECTOR

  	tsk->stack_canary = get_random_canary();

  #endif

  	/*
  	 * One for us, one for whoever does the "release_task()" (usually
  	 * parent)
  	 */
  	atomic_set(&tsk->usage, 2);

  #ifdef CONFIG_BLK_DEV_IO_TRACE

  	tsk->btrace_seq = 0;

  #endif

  	tsk->splice_pipe = NULL;

  	tsk->task_frag.page = NULL;

  	tsk->wake_q.next = NULL;

  	account_kernel_stack(tsk, 1);

  	kcov_task_init(tsk);

  #ifdef CONFIG_FAULT_INJECTION
  	tsk->fail_nth = 0;
  #endif

  	return tsk;

  free_stack:

  	free_thread_stack(tsk);

  free_tsk:

  	free_task_struct(tsk);
  	return NULL;

  }
  
  #ifdef CONFIG_MMU

  static __latent_entropy int dup_mmap(struct mm_struct *mm,
  					struct mm_struct *oldmm)

  {

  	struct vm_area_struct *mpnt, *tmp, *prev, **pprev;

  	struct rb_node **rb_link, *rb_parent;
  	int retval;
  	unsigned long charge;

  	LIST_HEAD(uf);

  	uprobe_start_dup_mmap();

  	if (down_write_killable(&oldmm->mmap_sem)) {
  		retval = -EINTR;
  		goto fail_uprobe_end;
  	}

  	flush_cache_dup_mm(oldmm);

  	uprobe_dup_mmap(oldmm, mm);

  	/*
  	 * Not linked in yet - no deadlock potential:
  	 */
  	down_write_nested(&mm->mmap_sem, SINGLE_DEPTH_NESTING);

  	/* No ordering required: file already has been exposed. */
  	RCU_INIT_POINTER(mm->exe_file, get_mm_exe_file(oldmm));

  	mm->total_vm = oldmm->total_vm;

  	mm->data_vm = oldmm->data_vm;

  	mm->exec_vm = oldmm->exec_vm;
  	mm->stack_vm = oldmm->stack_vm;

  	rb_link = &mm->mm_rb.rb_node;
  	rb_parent = NULL;
  	pprev = &mm->mmap;

  	retval = ksm_fork(mm, oldmm);
  	if (retval)
  		goto out;

  	retval = khugepaged_fork(mm, oldmm);
  	if (retval)
  		goto out;

  	prev = NULL;

  	for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {

  		struct file *file;
  
  		if (mpnt->vm_flags & VM_DONTCOPY) {

  			vm_stat_account(mm, mpnt->vm_flags, -vma_pages(mpnt));

  			continue;
  		}
  		charge = 0;
  		if (mpnt->vm_flags & VM_ACCOUNT) {

  			unsigned long len = vma_pages(mpnt);

  			if (security_vm_enough_memory_mm(oldmm, len)) /* sic */

  				goto fail_nomem;
  			charge = len;
  		}

  		tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);

  		if (!tmp)
  			goto fail_nomem;
  		*tmp = *mpnt;

  		INIT_LIST_HEAD(&tmp->anon_vma_chain);

  		retval = vma_dup_policy(mpnt, tmp);
  		if (retval)

  			goto fail_nomem_policy;

  		tmp->vm_mm = mm;

  		retval = dup_userfaultfd(tmp, &uf);
  		if (retval)
  			goto fail_nomem_anon_vma_fork;

  		if (tmp->vm_flags & VM_WIPEONFORK) {
  			/* VM_WIPEONFORK gets a clean slate in the child. */
  			tmp->anon_vma = NULL;
  			if (anon_vma_prepare(tmp))
  				goto fail_nomem_anon_vma_fork;
  		} else if (anon_vma_fork(tmp, mpnt))

  			goto fail_nomem_anon_vma_fork;

  		tmp->vm_flags &= ~(VM_LOCKED | VM_LOCKONFAULT);

  		tmp->vm_next = tmp->vm_prev = NULL;

  		file = tmp->vm_file;
  		if (file) {

  			struct inode *inode = file_inode(file);

  			struct address_space *mapping = file->f_mapping;

  			get_file(file);
  			if (tmp->vm_flags & VM_DENYWRITE)
  				atomic_dec(&inode->i_writecount);

  			i_mmap_lock_write(mapping);

  			if (tmp->vm_flags & VM_SHARED)

  				atomic_inc(&mapping->i_mmap_writable);

  			flush_dcache_mmap_lock(mapping);
  			/* insert tmp into the share list, just after mpnt */

  			vma_interval_tree_insert_after(tmp, mpnt,
  					&mapping->i_mmap);

  			flush_dcache_mmap_unlock(mapping);

  			i_mmap_unlock_write(mapping);

  		}
  
  		/*

  		 * Clear hugetlb-related page reserves for children. This only
  		 * affects MAP_PRIVATE mappings. Faults generated by the child
  		 * are not guaranteed to succeed, even if read-only
  		 */
  		if (is_vm_hugetlb_page(tmp))
  			reset_vma_resv_huge_pages(tmp);
  
  		/*

  		 * Link in the new vma and copy the page table entries.

  		 */

  		*pprev = tmp;
  		pprev = &tmp->vm_next;

  		tmp->vm_prev = prev;
  		prev = tmp;

  
  		__vma_link_rb(mm, tmp, rb_link, rb_parent);
  		rb_link = &tmp->vm_rb.rb_right;
  		rb_parent = &tmp->vm_rb;
  
  		mm->map_count++;

  		if (!(tmp->vm_flags & VM_WIPEONFORK))
  			retval = copy_page_range(mm, oldmm, mpnt);

  
  		if (tmp->vm_ops && tmp->vm_ops->open)
  			tmp->vm_ops->open(tmp);
  
  		if (retval)
  			goto out;
  	}

  	/* a new mm has just been created */

  	retval = arch_dup_mmap(oldmm, mm);

  out:

  	up_write(&mm->mmap_sem);

  	flush_tlb_mm(oldmm);

  	up_write(&oldmm->mmap_sem);

  	dup_userfaultfd_complete(&uf);

  fail_uprobe_end:

  	uprobe_end_dup_mmap();

  	return retval;

  fail_nomem_anon_vma_fork:

  	mpol_put(vma_policy(tmp));

  fail_nomem_policy:
  	kmem_cache_free(vm_area_cachep, tmp);
  fail_nomem:
  	retval = -ENOMEM;
  	vm_unacct_memory(charge);
  	goto out;
  }

  static inline int mm_alloc_pgd(struct mm_struct *mm)

  {
  	mm->pgd = pgd_alloc(mm);
  	if (unlikely(!mm->pgd))
  		return -ENOMEM;
  	return 0;
  }

  static inline void mm_free_pgd(struct mm_struct *mm)

  {

  	pgd_free(mm, mm->pgd);

  }
  #else

  static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
  {
  	down_write(&oldmm->mmap_sem);
  	RCU_INIT_POINTER(mm->exe_file, get_mm_exe_file(oldmm));
  	up_write(&oldmm->mmap_sem);
  	return 0;
  }

  #define mm_alloc_pgd(mm)	(0)
  #define mm_free_pgd(mm)
  #endif /* CONFIG_MMU */

  __cacheline_aligned_in_smp DEFINE_SPINLOCK(mmlist_lock);

  #define allocate_mm()	(kmem_cache_alloc(mm_cachep, GFP_KERNEL))

  #define free_mm(mm)	(kmem_cache_free(mm_cachep, (mm)))

  static unsigned long default_dump_filter = MMF_DUMP_FILTER_DEFAULT;
  
  static int __init coredump_filter_setup(char *s)
  {
  	default_dump_filter =
  		(simple_strtoul(s, NULL, 0) << MMF_DUMP_FILTER_SHIFT) &
  		MMF_DUMP_FILTER_MASK;
  	return 1;
  }
  
  __setup("coredump_filter=", coredump_filter_setup);

  #include <linux/init_task.h>

  static void mm_init_aio(struct mm_struct *mm)
  {
  #ifdef CONFIG_AIO
  	spin_lock_init(&mm->ioctx_lock);

  	mm->ioctx_table = NULL;

  #endif
  }

  static void mm_init_owner(struct mm_struct *mm, struct task_struct *p)
  {
  #ifdef CONFIG_MEMCG
  	mm->owner = p;
  #endif
  }

  static void mm_init_uprobes_state(struct mm_struct *mm)
  {
  #ifdef CONFIG_UPROBES
  	mm->uprobes_state.xol_area = NULL;
  #endif
  }

  static struct mm_struct *mm_init(struct mm_struct *mm, struct task_struct *p,
  	struct user_namespace *user_ns)

  {

  	mm->mmap = NULL;
  	mm->mm_rb = RB_ROOT;
  	mm->vmacache_seqnum = 0;

  	atomic_set(&mm->mm_users, 1);
  	atomic_set(&mm->mm_count, 1);
  	init_rwsem(&mm->mmap_sem);
  	INIT_LIST_HEAD(&mm->mmlist);

  	mm->core_state = NULL;

  	atomic_long_set(&mm->nr_ptes, 0);

  	mm_nr_pmds_init(mm);

  	mm->map_count = 0;
  	mm->locked_vm = 0;

  	mm->pinned_vm = 0;

  	memset(&mm->rss_stat, 0, sizeof(mm->rss_stat));

  	spin_lock_init(&mm->page_table_lock);

  	mm_init_cpumask(mm);

  	mm_init_aio(mm);

  	mm_init_owner(mm, p);

  	RCU_INIT_POINTER(mm->exe_file, NULL);

  	mmu_notifier_mm_init(mm);

  	hmm_mm_init(mm);

  	init_tlb_flush_pending(mm);

  #if defined(CONFIG_TRANSPARENT_HUGEPAGE) && !USE_SPLIT_PMD_PTLOCKS
  	mm->pmd_huge_pte = NULL;
  #endif

  	mm_init_uprobes_state(mm);

  	if (current->mm) {
  		mm->flags = current->mm->flags & MMF_INIT_MASK;
  		mm->def_flags = current->mm->def_flags & VM_INIT_DEF_MASK;
  	} else {
  		mm->flags = default_dump_filter;

  		mm->def_flags = 0;

  	}

  	if (mm_alloc_pgd(mm))
  		goto fail_nopgd;
  
  	if (init_new_context(p, mm))
  		goto fail_nocontext;

  	mm->user_ns = get_user_ns(user_ns);

  	return mm;
  
  fail_nocontext:
  	mm_free_pgd(mm);
  fail_nopgd:

  	free_mm(mm);
  	return NULL;
  }

  static void check_mm(struct mm_struct *mm)
  {
  	int i;
  
  	for (i = 0; i < NR_MM_COUNTERS; i++) {
  		long x = atomic_long_read(&mm->rss_stat.count[i]);
  
  		if (unlikely(x))
  			printk(KERN_ALERT "BUG: Bad rss-counter state "
  					  "mm:%p idx:%d val:%ld
  ", mm, i, x);
  	}

  
  	if (atomic_long_read(&mm->nr_ptes))
  		pr_alert("BUG: non-zero nr_ptes on freeing mm: %ld
  ",
  				atomic_long_read(&mm->nr_ptes));
  	if (mm_nr_pmds(mm))
  		pr_alert("BUG: non-zero nr_pmds on freeing mm: %ld
  ",
  				mm_nr_pmds(mm));

  #if defined(CONFIG_TRANSPARENT_HUGEPAGE) && !USE_SPLIT_PMD_PTLOCKS

  	VM_BUG_ON_MM(mm->pmd_huge_pte, mm);

  #endif
  }

  /*
   * Allocate and initialize an mm_struct.
   */

  struct mm_struct *mm_alloc(void)

  {

  	struct mm_struct *mm;

  
  	mm = allocate_mm();

  	if (!mm)
  		return NULL;
  
  	memset(mm, 0, sizeof(*mm));

  	return mm_init(mm, current, current_user_ns());

  }
  
  /*
   * Called when the last reference to the mm
   * is dropped: either by a lazy thread or by
   * mmput. Free the page directory and the mm.
   */

  void __mmdrop(struct mm_struct *mm)

  {
  	BUG_ON(mm == &init_mm);
  	mm_free_pgd(mm);
  	destroy_context(mm);

  	hmm_mm_destroy(mm);

  	mmu_notifier_mm_destroy(mm);

  	check_mm(mm);

  	put_user_ns(mm->user_ns);

  	free_mm(mm);
  }

  EXPORT_SYMBOL_GPL(__mmdrop);

  static inline void __mmput(struct mm_struct *mm)
  {
  	VM_BUG_ON(atomic_read(&mm->mm_users));
  
  	uprobe_clear_state(mm);
  	exit_aio(mm);
  	ksm_exit(mm);
  	khugepaged_exit(mm); /* must run before exit_mmap */
  	exit_mmap(mm);

  	mm_put_huge_zero_page(mm);

  	set_mm_exe_file(mm, NULL);
  	if (!list_empty(&mm->mmlist)) {
  		spin_lock(&mmlist_lock);
  		list_del(&mm->mmlist);
  		spin_unlock(&mmlist_lock);
  	}
  	if (mm->binfmt)
  		module_put(mm->binfmt->module);
  	mmdrop(mm);
  }

  /*
   * Decrement the use count and release all resources for an mm.
   */
  void mmput(struct mm_struct *mm)
  {

  	might_sleep();

  	if (atomic_dec_and_test(&mm->mm_users))
  		__mmput(mm);
  }
  EXPORT_SYMBOL_GPL(mmput);

  #ifdef CONFIG_MMU
  static void mmput_async_fn(struct work_struct *work)
  {
  	struct mm_struct *mm = container_of(work, struct mm_struct,
  					    async_put_work);
  
  	__mmput(mm);
  }
  
  void mmput_async(struct mm_struct *mm)
  {
  	if (atomic_dec_and_test(&mm->mm_users)) {
  		INIT_WORK(&mm->async_put_work, mmput_async_fn);
  		schedule_work(&mm->async_put_work);
  	}
  }
  #endif

  /**
   * set_mm_exe_file - change a reference to the mm's executable file
   *
   * This changes mm's executable file (shown as symlink /proc/[pid]/exe).
   *

   * Main users are mmput() and sys_execve(). Callers prevent concurrent
   * invocations: in mmput() nobody alive left, in execve task is single
   * threaded. sys_prctl(PR_SET_MM_MAP/EXE_FILE) also needs to set the
   * mm->exe_file, but does so without using set_mm_exe_file() in order
   * to do avoid the need for any locks.

   */

  void set_mm_exe_file(struct mm_struct *mm, struct file *new_exe_file)
  {

  	struct file *old_exe_file;
  
  	/*
  	 * It is safe to dereference the exe_file without RCU as
  	 * this function is only called if nobody else can access
  	 * this mm -- see comment above for justification.
  	 */
  	old_exe_file = rcu_dereference_raw(mm->exe_file);

  	if (new_exe_file)
  		get_file(new_exe_file);

  	rcu_assign_pointer(mm->exe_file, new_exe_file);
  	if (old_exe_file)
  		fput(old_exe_file);

  }

  /**
   * get_mm_exe_file - acquire a reference to the mm's executable file
   *
   * Returns %NULL if mm has no associated executable file.
   * User must release file via fput().
   */

  struct file *get_mm_exe_file(struct mm_struct *mm)
  {
  	struct file *exe_file;

  	rcu_read_lock();
  	exe_file = rcu_dereference(mm->exe_file);
  	if (exe_file && !get_file_rcu(exe_file))
  		exe_file = NULL;
  	rcu_read_unlock();

  	return exe_file;
  }

  EXPORT_SYMBOL(get_mm_exe_file);

  /**

   * get_task_exe_file - acquire a reference to the task's executable file
   *
   * Returns %NULL if task's mm (if any) has no associated executable file or
   * this is a kernel thread with borrowed mm (see the comment above get_task_mm).
   * User must release file via fput().
   */
  struct file *get_task_exe_file(struct task_struct *task)
  {
  	struct file *exe_file = NULL;
  	struct mm_struct *mm;
  
  	task_lock(task);
  	mm = task->mm;
  	if (mm) {
  		if (!(task->flags & PF_KTHREAD))
  			exe_file = get_mm_exe_file(mm);
  	}
  	task_unlock(task);
  	return exe_file;
  }
  EXPORT_SYMBOL(get_task_exe_file);

  /**
   * get_task_mm - acquire a reference to the task's mm
   *

   * Returns %NULL if the task has no mm.  Checks PF_KTHREAD (meaning

   * this kernel workthread has transiently adopted a user mm with use_mm,
   * to do its AIO) is not set and if so returns a reference to it, after
   * bumping up the use count.  User must release the mm via mmput()
   * after use.  Typically used by /proc and ptrace.
   */
  struct mm_struct *get_task_mm(struct task_struct *task)
  {
  	struct mm_struct *mm;
  
  	task_lock(task);
  	mm = task->mm;
  	if (mm) {

  		if (task->flags & PF_KTHREAD)

  			mm = NULL;
  		else

  			mmget(mm);

  	}
  	task_unlock(task);
  	return mm;
  }
  EXPORT_SYMBOL_GPL(get_task_mm);

  struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
  {
  	struct mm_struct *mm;
  	int err;
  
  	err =  mutex_lock_killable(&task->signal->cred_guard_mutex);
  	if (err)
  		return ERR_PTR(err);
  
  	mm = get_task_mm(task);
  	if (mm && mm != current->mm &&
  			!ptrace_may_access(task, mode)) {
  		mmput(mm);
  		mm = ERR_PTR(-EACCES);
  	}
  	mutex_unlock(&task->signal->cred_guard_mutex);
  
  	return mm;
  }

  static void complete_vfork_done(struct task_struct *tsk)

  {

  	struct completion *vfork;

  	task_lock(tsk);
  	vfork = tsk->vfork_done;
  	if (likely(vfork)) {
  		tsk->vfork_done = NULL;
  		complete(vfork);
  	}
  	task_unlock(tsk);
  }
  
  static int wait_for_vfork_done(struct task_struct *child,
  				struct completion *vfork)
  {
  	int killed;
  
  	freezer_do_not_count();
  	killed = wait_for_completion_killable(vfork);
  	freezer_count();
  
  	if (killed) {
  		task_lock(child);
  		child->vfork_done = NULL;
  		task_unlock(child);
  	}
  
  	put_task_struct(child);
  	return killed;

  }

  /* Please note the differences between mmput and mm_release.
   * mmput is called whenever we stop holding onto a mm_struct,
   * error success whatever.
   *
   * mm_release is called after a mm_struct has been removed
   * from the current process.
   *
   * This difference is important for error handling, when we
   * only half set up a mm_struct for a new process and need to restore
   * the old one.  Because we mmput the new mm_struct before
   * restoring the old one. . .
   * Eric Biederman 10 January 1998
   */
  void mm_release(struct task_struct *tsk, struct mm_struct *mm)
  {

  	/* Get rid of any futexes when releasing the mm */
  #ifdef CONFIG_FUTEX

  	if (unlikely(tsk->robust_list)) {

  		exit_robust_list(tsk);

  		tsk->robust_list = NULL;
  	}

  #ifdef CONFIG_COMPAT

  	if (unlikely(tsk->compat_robust_list)) {

  		compat_exit_robust_list(tsk);

  		tsk->compat_robust_list = NULL;
  	}

  #endif

  	if (unlikely(!list_empty(&tsk->pi_state_list)))
  		exit_pi_state_list(tsk);

  #endif

  	uprobe_free_utask(tsk);

  	/* Get rid of any cached register state */
  	deactivate_mm(tsk, mm);

  	/*

  	 * Signal userspace if we're not exiting with a core dump
  	 * because we want to leave the value intact for debugging
  	 * purposes.

  	 */

  	if (tsk->clear_child_tid) {

  		if (!(tsk->signal->flags & SIGNAL_GROUP_COREDUMP) &&

  		    atomic_read(&mm->mm_users) > 1) {
  			/*
  			 * We don't check the error code - if userspace has
  			 * not set up a proper pointer then tough luck.
  			 */
  			put_user(0, tsk->clear_child_tid);
  			sys_futex(tsk->clear_child_tid, FUTEX_WAKE,
  					1, NULL, NULL, 0);
  		}

  		tsk->clear_child_tid = NULL;

  	}

  
  	/*
  	 * All done, finally we can wake up parent and return this mm to him.
  	 * Also kthread_stop() uses this completion for synchronization.
  	 */
  	if (tsk->vfork_done)
  		complete_vfork_done(tsk);

  }

  /*
   * Allocate a new mm structure and copy contents from the
   * mm structure of the passed in task structure.
   */

  static struct mm_struct *dup_mm(struct task_struct *tsk)

  {
  	struct mm_struct *mm, *oldmm = current->mm;
  	int err;

  	mm = allocate_mm();
  	if (!mm)
  		goto fail_nomem;
  
  	memcpy(mm, oldmm, sizeof(*mm));

  	if (!mm_init(mm, tsk, mm->user_ns))

  		goto fail_nomem;

  	err = dup_mmap(mm, oldmm);
  	if (err)
  		goto free_pt;
  
  	mm->hiwater_rss = get_mm_rss(mm);
  	mm->hiwater_vm = mm->total_vm;

  	if (mm->binfmt && !try_module_get(mm->binfmt->module))
  		goto free_pt;

  	return mm;
  
  free_pt:

  	/* don't put binfmt in mmput, we haven't got module yet */
  	mm->binfmt = NULL;

  	mmput(mm);
  
  fail_nomem:
  	return NULL;

  }

  static int copy_mm(unsigned long clone_flags, struct task_struct *tsk)

  {

  	struct mm_struct *mm, *oldmm;

  	int retval;
  
  	tsk->min_flt = tsk->maj_flt = 0;
  	tsk->nvcsw = tsk->nivcsw = 0;

  #ifdef CONFIG_DETECT_HUNG_TASK
  	tsk->last_switch_count = tsk->nvcsw + tsk->nivcsw;
  #endif

  
  	tsk->mm = NULL;
  	tsk->active_mm = NULL;
  
  	/*
  	 * Are we cloning a kernel thread?
  	 *
  	 * We need to steal a active VM for that..
  	 */
  	oldmm = current->mm;
  	if (!oldmm)
  		return 0;

  	/* initialize the new vmacache entries */
  	vmacache_flush(tsk);

  	if (clone_flags & CLONE_VM) {

  		mmget(oldmm);

  		mm = oldmm;

  		goto good_mm;
  	}
  
  	retval = -ENOMEM;

  	mm = dup_mm(tsk);

  	if (!mm)
  		goto fail_nomem;

  good_mm:
  	tsk->mm = mm;
  	tsk->active_mm = mm;
  	return 0;

  fail_nomem:
  	return retval;

  }

  static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)

  {

  	struct fs_struct *fs = current->fs;

  	if (clone_flags & CLONE_FS) {

  		/* tsk->fs is already what we want */

  		spin_lock(&fs->lock);

  		if (fs->in_exec) {

  			spin_unlock(&fs->lock);

  			return -EAGAIN;
  		}
  		fs->users++;

  		spin_unlock(&fs->lock);

  		return 0;
  	}

  	tsk->fs = copy_fs_struct(fs);

  	if (!tsk->fs)
  		return -ENOMEM;
  	return 0;
  }

  static int copy_files(unsigned long clone_flags, struct task_struct *tsk)

  {
  	struct files_struct *oldf, *newf;
  	int error = 0;
  
  	/*
  	 * A background process may not have any files ...
  	 */
  	oldf = current->files;
  	if (!oldf)
  		goto out;
  
  	if (clone_flags & CLONE_FILES) {
  		atomic_inc(&oldf->count);
  		goto out;
  	}

  	newf = dup_fd(oldf, &error);
  	if (!newf)
  		goto out;
  
  	tsk->files = newf;
  	error = 0;
  out:
  	return error;
  }

  static int copy_io(unsigned long clone_flags, struct task_struct *tsk)

  {
  #ifdef CONFIG_BLOCK
  	struct io_context *ioc = current->io_context;

  	struct io_context *new_ioc;

  
  	if (!ioc)
  		return 0;

  	/*
  	 * Share io context with parent, if CLONE_IO is set
  	 */
  	if (clone_flags & CLONE_IO) {

  		ioc_task_link(ioc);
  		tsk->io_context = ioc;

  	} else if (ioprio_valid(ioc->ioprio)) {

  		new_ioc = get_task_io_context(tsk, GFP_KERNEL, NUMA_NO_NODE);
  		if (unlikely(!new_ioc))

  			return -ENOMEM;

  		new_ioc->ioprio = ioc->ioprio;

  		put_io_context(new_ioc);

  	}
  #endif
  	return 0;
  }

  static int copy_sighand(unsigned long clone_flags, struct task_struct *tsk)

  {
  	struct sighand_struct *sig;

  	if (clone_flags & CLONE_SIGHAND) {

  		atomic_inc(&current->sighand->count);
  		return 0;
  	}
  	sig = kmem_cache_alloc(sighand_cachep, GFP_KERNEL);

  	rcu_assign_pointer(tsk->sighand, sig);

  	if (!sig)
  		return -ENOMEM;

  	atomic_set(&sig->count, 1);

  	spin_lock_irq(&current->sighand->siglock);

  	memcpy(sig->action, current->sighand->action, sizeof(sig->action));

  	spin_unlock_irq(&current->sighand->siglock);

  	return 0;
  }

  void __cleanup_sighand(struct sighand_struct *sighand)

  {

  	if (atomic_dec_and_test(&sighand->count)) {
  		signalfd_cleanup(sighand);

  		/*

  		 * sighand_cachep is SLAB_TYPESAFE_BY_RCU so we can free it

  		 * without an RCU grace period, see __lock_task_sighand().
  		 */

  		kmem_cache_free(sighand_cachep, sighand);

  	}

  }

  #ifdef CONFIG_POSIX_TIMERS

  /*
   * Initialize POSIX timer handling for a thread group.
   */
  static void posix_cpu_timers_init_group(struct signal_struct *sig)
  {

  	unsigned long cpu_limit;

  	cpu_limit = READ_ONCE(sig->rlim[RLIMIT_CPU].rlim_cur);

  	if (cpu_limit != RLIM_INFINITY) {

  		sig->cputime_expires.prof_exp = cpu_limit * NSEC_PER_SEC;

  		sig->cputimer.running = true;

  	}

  	/* The timer lists. */
  	INIT_LIST_HEAD(&sig->cpu_timers[0]);
  	INIT_LIST_HEAD(&sig->cpu_timers[1]);
  	INIT_LIST_HEAD(&sig->cpu_timers[2]);
  }

  #else
  static inline void posix_cpu_timers_init_group(struct signal_struct *sig) { }
  #endif

  static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)

  {
  	struct signal_struct *sig;

  	if (clone_flags & CLONE_THREAD)

  		return 0;

  	sig = kmem_cache_zalloc(signal_cachep, GFP_KERNEL);

  	tsk->signal = sig;
  	if (!sig)
  		return -ENOMEM;

  	sig->nr_threads = 1;

  	atomic_set(&sig->live, 1);

  	atomic_set(&sig->sigcnt, 1);

  
  	/* list_add(thread_node, thread_head) without INIT_LIST_HEAD() */
  	sig->thread_head = (struct list_head)LIST_HEAD_INIT(tsk->thread_node);
  	tsk->thread_node = (struct list_head)LIST_HEAD_INIT(sig->thread_head);

  	init_waitqueue_head(&sig->wait_chldexit);

  	sig->curr_target = tsk;

  	init_sigpending(&sig->shared_pending);

  	seqlock_init(&sig->stats_lock);

  	prev_cputime_init(&sig->prev_cputime);

  #ifdef CONFIG_POSIX_TIMERS

  	INIT_LIST_HEAD(&sig->posix_timers);

  	hrtimer_init(&sig->real_timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);

  	sig->real_timer.function = it_real_fn;

  #endif

  	task_lock(current->group_leader);
  	memcpy(sig->rlim, current->signal->rlim, sizeof sig->rlim);
  	task_unlock(current->group_leader);

  	posix_cpu_timers_init_group(sig);

  	tty_audit_fork(sig);

  	sched_autogroup_fork(sig);

  	sig->oom_score_adj = current->signal->oom_score_adj;

  	sig->oom_score_adj_min = current->signal->oom_score_adj_min;

  	mutex_init(&sig->cred_guard_mutex);

  	return 0;
  }

  static void copy_seccomp(struct task_struct *p)
  {
  #ifdef CONFIG_SECCOMP
  	/*
  	 * Must be called with sighand->lock held, which is common to
  	 * all threads in the group. Holding cred_guard_mutex is not
  	 * needed because this new task is not yet running and cannot
  	 * be racing exec.
  	 */

  	assert_spin_locked(&current->sighand->siglock);

  
  	/* Ref-count the new filter user, and assign it. */
  	get_seccomp_filter(current);
  	p->seccomp = current->seccomp;
  
  	/*
  	 * Explicitly enable no_new_privs here in case it got set
  	 * between the task_struct being duplicated and holding the
  	 * sighand lock. The seccomp state and nnp must be in sync.
  	 */
  	if (task_no_new_privs(current))
  		task_set_no_new_privs(p);
  
  	/*
  	 * If the parent gained a seccomp mode after copying thread
  	 * flags and between before we held the sighand lock, we have
  	 * to manually enable the seccomp thread flag here.
  	 */
  	if (p->seccomp.mode != SECCOMP_MODE_DISABLED)
  		set_tsk_thread_flag(p, TIF_SECCOMP);
  #endif
  }

  SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr)

  {
  	current->clear_child_tid = tidptr;

  	return task_pid_vnr(current);

  }

  static void rt_mutex_init_task(struct task_struct *p)

  {

  	raw_spin_lock_init(&p->pi_lock);

  #ifdef CONFIG_RT_MUTEXES

  	p->pi_waiters = RB_ROOT_CACHED;

  	p->pi_top_task = NULL;

  	p->pi_blocked_on = NULL;

  #endif
  }

  #ifdef CONFIG_POSIX_TIMERS

  /*

   * Initialize POSIX timer handling for a single task.
   */
  static void posix_cpu_timers_init(struct task_struct *tsk)
  {

  	tsk->cputime_expires.prof_exp = 0;
  	tsk->cputime_expires.virt_exp = 0;

  	tsk->cputime_expires.sched_exp = 0;
  	INIT_LIST_HEAD(&tsk->cpu_timers[0]);
  	INIT_LIST_HEAD(&tsk->cpu_timers[1]);
  	INIT_LIST_HEAD(&tsk->cpu_timers[2]);
  }

  #else
  static inline void posix_cpu_timers_init(struct task_struct *tsk) { }
  #endif

  static inline void
  init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
  {
  	 task->pids[type].pid = pid;
  }

  static inline void rcu_copy_process(struct task_struct *p)
  {
  #ifdef CONFIG_PREEMPT_RCU
  	p->rcu_read_lock_nesting = 0;
  	p->rcu_read_unlock_special.s = 0;
  	p->rcu_blocked_node = NULL;
  	INIT_LIST_HEAD(&p->rcu_node_entry);
  #endif /* #ifdef CONFIG_PREEMPT_RCU */
  #ifdef CONFIG_TASKS_RCU
  	p->rcu_tasks_holdout = false;
  	INIT_LIST_HEAD(&p->rcu_tasks_holdout_list);
  	p->rcu_tasks_idle_cpu = -1;
  #endif /* #ifdef CONFIG_TASKS_RCU */
  }

  /*

   * This creates a new process as a copy of the old one,
   * but does not actually start it yet.
   *
   * It copies the registers, and all the appropriate
   * parts of the process environment (as per the clone
   * flags). The actual kick-off is left to the caller.
   */

  static __latent_entropy struct task_struct *copy_process(
  					unsigned long clone_flags,

  					unsigned long stack_start,

  					unsigned long stack_size,

  					int __user *child_tidptr,

  					struct pid *pid,

  					int trace,

  					unsigned long tls,
  					int node)

  {
  	int retval;

  	struct task_struct *p;

  
  	if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
  		return ERR_PTR(-EINVAL);

  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);

  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
  	 */
  	if ((clone_flags & CLONE_THREAD) && !(clone_flags & CLONE_SIGHAND))
  		return ERR_PTR(-EINVAL);
  
  	/*
  	 * Shared signal handlers imply shared VM. By way of the above,
  	 * thread groups also imply shared VM. Blocking this case allows
  	 * for various simplifications in other code.
  	 */
  	if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
  		return ERR_PTR(-EINVAL);

  	/*
  	 * Siblings of global init remain as zombies on exit since they are
  	 * not reaped by their parent (swapper). To solve this and to avoid
  	 * multi-rooted process trees, prevent global and container-inits
  	 * from creating siblings.
  	 */
  	if ((clone_flags & CLONE_PARENT) &&
  				current->signal->flags & SIGNAL_UNKILLABLE)
  		return ERR_PTR(-EINVAL);

  	/*

  	 * If the new process will be in a different pid or user namespace

  	 * do not allow it to share a thread group with the forking task.

  	 */

  	if (clone_flags & CLONE_THREAD) {