MFp4 (113077, 113083, 113103, 113124, 113097):

Dont expose em->shared to the outside world before its properly
	initialized. Might not affect anything but its at least a better
	coding style.

	Dont expose em via p->p_emuldata until its properly initialized.
	This also enables us to get rid of some locking and simplify the
	code because we are workin on a local copy.

	In linux_fork and linux_vfork create the process in stopped state
	to be sure that the new process runs with fully initialized emuldata
	structure [1]. Also fix the vfork (both in linux_clone and linux_vfork)
	race that could result in never woken up process [2].

Reported by:	Scot Hetzel	[1]
Suggested by:	jhb		[2]
Reviewed by:	jhb (at least some important parts)
Submitted by:	rdivacky
Tested by:	Scot Hetzel (on amd64)

Change 2 comments (in the new code) to comply to style(9).

Suggested by:	jhb

sys/amd64/linux32/linux32_machdep.c

@@ -453,14 +453,21 @@ int
 linux_fork(struct thread *td, struct linux_fork_args *args)
 {
 	int error;
+	struct proc *p2;
+	struct thread *td2;
 
 #ifdef DEBUG
 	if (ldebug(fork))
 		printf(ARGS(fork, ""));
 #endif
 
-	if ((error = fork(td, (struct fork_args *)args)) != 0)
+	if ((error = fork1(td, RFFDG | RFPROC | RFSTOPPED, 0, &p2)) != 0)
 		return (error);
+	
+	if (error == 0) {
+		td->td_retval[0] = p2->p_pid;
+		td->td_retval[1] = 0;
+	}
 
 	if (td->td_retval[1] == 1)
 		td->td_retval[0] = 0;
@@ -468,6 +475,14 @@ linux_fork(struct thread *td, struct linux_fork_args *args)
 	if (error)
 		return (error);
 
+	td2 = FIRST_THREAD_IN_PROC(p2);
+
+	/* make it run */
+	mtx_lock_spin(&sched_lock);
+	TD_SET_CAN_RUN(td2);
+	setrunqueue(td2, SRQ_BORING);
+	mtx_unlock_spin(&sched_lock);
+
 	return (0);
 }
 
@@ -476,6 +491,7 @@ linux_vfork(struct thread *td, struct linux_vfork_args *args)
 {
 	int error;
 	struct proc *p2;
+	struct thread *td2;
 
 #ifdef DEBUG
 	if (ldebug(vfork))
@@ -483,7 +499,7 @@ linux_vfork(struct thread *td, struct linux_vfork_args *args)
 #endif
 
 	/* exclude RFPPWAIT */
-	if ((error = fork1(td, RFFDG | RFPROC | RFMEM, 0, &p2)) != 0)
+	if ((error = fork1(td, RFFDG | RFPROC | RFMEM | RFSTOPPED, 0, &p2)) != 0)
 		return (error);
 	if (error == 0) {
 	   	td->td_retval[0] = p2->p_pid;
@@ -495,12 +511,25 @@ linux_vfork(struct thread *td, struct linux_vfork_args *args)
 	error = linux_proc_init(td, td->td_retval[0], 0);
 	if (error)
 		return (error);
-	/* wait for the children to exit, ie. emulate vfork */
+
 	PROC_LOCK(p2);
 	p2->p_flag |= P_PPWAIT;
+	PROC_UNLOCK(p2);
+
+	td2 = FIRST_THREAD_IN_PROC(p2);
+	
+	/* make it run */
+	mtx_lock_spin(&sched_lock);
+	TD_SET_CAN_RUN(td2);
+	setrunqueue(td2, SRQ_BORING);
+	mtx_unlock_spin(&sched_lock);
+
+	/* wait for the children to exit, ie. emulate vfork */
+	PROC_LOCK(p2);
 	while (p2->p_flag & P_PPWAIT)
 	   	msleep(td->td_proc, &p2->p_mtx, PWAIT, "ppwait", 0);
 	PROC_UNLOCK(p2);
+	
 	return (0);
 }
 
@@ -632,6 +661,11 @@ linux_clone(struct thread *td, struct linux_clone_args *args)
 		printf(LMSG("clone: successful rfork to %ld, stack %p sig = %d"),
 		    (long)p2->p_pid, args->stack, exit_signal);
 #endif
+	if (args->flags & CLONE_VFORK) {
+	   	PROC_LOCK(p2);
+	   	p2->p_flag |= P_PPWAIT;
+	   	PROC_UNLOCK(p2);
+	}
 
 	/*
 	 * Make this runnable after we are finished with it.
@@ -647,7 +681,6 @@ linux_clone(struct thread *td, struct linux_clone_args *args)
 	if (args->flags & CLONE_VFORK) {
    	   	/* wait for the children to exit, ie. emulate vfork */
    	   	PROC_LOCK(p2);
-		p2->p_flag |= P_PPWAIT;
 		while (p2->p_flag & P_PPWAIT)
    		   	msleep(td->td_proc, &p2->p_mtx, PWAIT, "ppwait", 0);
 		PROC_UNLOCK(p2);

sys/compat/linux/linux_emul.c

@@ -91,17 +91,12 @@ linux_proc_init(struct thread *td, pid_t child, int flags)
 			struct linux_emuldata_shared *s;
 
 			s = malloc(sizeof *s, M_LINUX, M_WAITOK | M_ZERO);
-			em->shared = s;
 			s->refs = 1;
 			s->group_pid = child;
 
 			LIST_INIT(&s->threads);
+			em->shared = s;
 		}
-		p = pfind(child);
-		KASSERT(p != NULL, ("process not found in proc_init\n"));
-		p->p_emuldata = em;
-		PROC_UNLOCK(p);
-		EMUL_LOCK(&emul_lock);
 	} else {
 		/* lookup the old one */
 		em = em_find(td->td_proc, EMUL_DOLOCK);
@@ -120,11 +115,12 @@ linux_proc_init(struct thread *td, pid_t child, int flags)
 		if (flags & CLONE_THREAD) {
 			/* lookup the parent */
 		   	EMUL_SHARED_WLOCK(&emul_shared_lock);
-			p_em = em_find(td->td_proc, EMUL_DONTLOCK);
+			p_em = em_find(td->td_proc, EMUL_DOLOCK);
 			KASSERT(p_em != NULL, ("proc_init: parent emuldata not found for CLONE_THREAD\n"));
 			em->shared = p_em->shared;
 			em->shared->refs++;
 		   	EMUL_SHARED_WUNLOCK(&emul_shared_lock);
+			EMUL_UNLOCK(&emul_lock);
 		} else {
 			/*
 			 * handled earlier to avoid malloc(M_WAITOK) with
@@ -133,12 +129,13 @@ linux_proc_init(struct thread *td, pid_t child, int flags)
 		}
 	}
 	if (child != 0) {
-		EMUL_UNLOCK(&emul_lock);
 		EMUL_SHARED_WLOCK(&emul_shared_lock);
 		LIST_INSERT_HEAD(&em->shared->threads, em, threads);
 		EMUL_SHARED_WUNLOCK(&emul_shared_lock);
 
 		p = pfind(child);
+		KASSERT(p != NULL, ("process not found in proc_init\n"));
+		p->p_emuldata = em;
 		/* we might have a sleeping linux_schedtail */
 		wakeup(&p->p_emuldata);
 		PROC_UNLOCK(p);

sys/i386/linux/linux_machdep.c

@@ -297,14 +297,21 @@ int
 linux_fork(struct thread *td, struct linux_fork_args *args)
 {
 	int error;
+	struct proc *p2;
+	struct thread *td2;
 
 #ifdef DEBUG
 	if (ldebug(fork))
 		printf(ARGS(fork, ""));
 #endif
 
-	if ((error = fork(td, (struct fork_args *)args)) != 0)
+	if ((error = fork1(td, RFFDG | RFPROC | RFSTOPPED, 0, &p2)) != 0)
 		return (error);
+	
+	if (error == 0) {
+		td->td_retval[0] = p2->p_pid;
+		td->td_retval[1] = 0;
+	}
 
 	if (td->td_retval[1] == 1)
 		td->td_retval[0] = 0;
@@ -312,6 +319,16 @@ linux_fork(struct thread *td, struct linux_fork_args *args)
 	if (error)
 		return (error);
 
+	td2 = FIRST_THREAD_IN_PROC(p2);
+
+	/*
+	 * Make this runnable after we are finished with it.
+	 */
+	mtx_lock_spin(&sched_lock);
+	TD_SET_CAN_RUN(td2);
+	setrunqueue(td2, SRQ_BORING);
+	mtx_unlock_spin(&sched_lock);
+
 	return (0);
 }
 
@@ -320,6 +337,7 @@ linux_vfork(struct thread *td, struct linux_vfork_args *args)
 {
 	int error;
 	struct proc *p2;
+	struct thread *td2;
 
 #ifdef DEBUG
 	if (ldebug(vfork))
@@ -327,10 +345,10 @@ linux_vfork(struct thread *td, struct linux_vfork_args *args)
 #endif
 
 	/* exclude RFPPWAIT */
-	if ((error = fork1(td, RFFDG | RFPROC | RFMEM, 0, &p2)) != 0)
+	if ((error = fork1(td, RFFDG | RFPROC | RFMEM | RFSTOPPED, 0, &p2)) != 0)
 		return (error);
 	if (error == 0) {
-	   	td->td_retval[0] = p2->p_pid;
+		td->td_retval[0] = p2->p_pid;
 		td->td_retval[1] = 0;
 	}
 	/* Are we the child? */
@@ -339,9 +357,23 @@ linux_vfork(struct thread *td, struct linux_vfork_args *args)
 	error = linux_proc_init(td, td->td_retval[0], 0);
 	if (error)
 		return (error);
-	/* wait for the children to exit, ie. emulate vfork */
+
 	PROC_LOCK(p2);
 	p2->p_flag |= P_PPWAIT;
+	PROC_UNLOCK(p2);
+
+	td2 = FIRST_THREAD_IN_PROC(p2);
+	
+	/*
+	 * Make this runnable after we are finished with it.
+	 */
+	mtx_lock_spin(&sched_lock);
+	TD_SET_CAN_RUN(td2);
+	setrunqueue(td2, SRQ_BORING);
+	mtx_unlock_spin(&sched_lock);
+
+	/* wait for the children to exit, ie. emulate vfork */
+	PROC_LOCK(p2);
 	while (p2->p_flag & P_PPWAIT)
 	   	msleep(td->td_proc, &p2->p_mtx, PWAIT, "ppwait", 0);
 	PROC_UNLOCK(p2);
@@ -523,6 +555,11 @@ linux_clone(struct thread *td, struct linux_clone_args *args)
 		printf(LMSG("clone: successful rfork to %ld, stack %p sig = %d"),
 		    (long)p2->p_pid, args->stack, exit_signal);
 #endif
+	if (args->flags & CLONE_VFORK) {
+	   	PROC_LOCK(p2);
+		p2->p_flag |= P_PPWAIT;
+	   	PROC_UNLOCK(p2);
+	}
 
 	/*
 	 * Make this runnable after we are finished with it.
@@ -538,7 +575,6 @@ linux_clone(struct thread *td, struct linux_clone_args *args)
 	if (args->flags & CLONE_VFORK) {
    	   	/* wait for the children to exit, ie. emulate vfork */
    	   	PROC_LOCK(p2);
-		p2->p_flag |= P_PPWAIT;
 		while (p2->p_flag & P_PPWAIT)
    		   	msleep(td->td_proc, &p2->p_mtx, PWAIT, "ppwait", 0);
 		PROC_UNLOCK(p2);