exit: Factor coredump_exit_mm out of exit_mm

	 *

	 * do_exit:

	 *	The caller holds mm->mmap_lock. This means that the task which

	 *	uses this mm can't pass exit_mm(), so it can't exit or clear

	 *	its ->mm.

	 *	uses this mm can't pass coredump_exit_mm(), so it can't exit or

	 *	clear its ->mm.

	 *

	 * de_thread:

	 *	It does list_replace_rcu(&leader->tasks, &current->tasks),

		next = curr->next;

		task = curr->task;

		/*

		 * see exit_mm(), curr->task must not see

		 * see coredump_exit_mm(), curr->task must not see

		 * ->task == NULL before we read ->next.

		 */

		smp_mb();

	}

}

static void coredump_exit_mm(struct mm_struct *mm)

{

	struct core_state *core_state;

	/*

	 * Serialize with any possible pending coredump.

	 * We must hold mmap_lock around checking core_state

	 * and clearing tsk->mm.  The core-inducing thread

	 * will increment ->nr_threads for each thread in the

	 * group with ->mm != NULL.

	 */

	core_state = mm->core_state;

	if (core_state) {

		struct core_thread self;

		mmap_read_unlock(mm);

		self.task = current;

		if (self.task->flags & PF_SIGNALED)

			self.next = xchg(&core_state->dumper.next, &self);

		else

			self.task = NULL;

		/*

		 * Implies mb(), the result of xchg() must be visible

		 * to core_state->dumper.

		 */

		if (atomic_dec_and_test(&core_state->nr_threads))

			complete(&core_state->startup);

		for (;;) {

			set_current_state(TASK_UNINTERRUPTIBLE);

			if (!self.task) /* see coredump_finish() */

				break;

			freezable_schedule();

		}

		__set_current_state(TASK_RUNNING);

		mmap_read_lock(mm);

	}

}

#ifdef CONFIG_MEMCG

/*

 * A task is exiting.   If it owned this mm, find a new owner for the mm.

static void exit_mm(void)

{

	struct mm_struct *mm = current->mm;

	struct core_state *core_state;

	exit_mm_release(current, mm);

	if (!mm)

		return;

	sync_mm_rss(mm);

	/*

	 * Serialize with any possible pending coredump.

	 * We must hold mmap_lock around checking core_state

	 * and clearing tsk->mm.  The core-inducing thread

	 * will increment ->nr_threads for each thread in the

	 * group with ->mm != NULL.

	 */

	mmap_read_lock(mm);

	core_state = mm->core_state;

	if (core_state) {

		struct core_thread self;

		mmap_read_unlock(mm);

		self.task = current;

		if (self.task->flags & PF_SIGNALED)

			self.next = xchg(&core_state->dumper.next, &self);

		else

			self.task = NULL;

		/*

		 * Implies mb(), the result of xchg() must be visible

		 * to core_state->dumper.

		 */

		if (atomic_dec_and_test(&core_state->nr_threads))

			complete(&core_state->startup);

		for (;;) {

			set_current_state(TASK_UNINTERRUPTIBLE);

			if (!self.task) /* see coredump_finish() */

				break;

			freezable_schedule();

		}

		__set_current_state(TASK_RUNNING);

		mmap_read_lock(mm);

	}

	coredump_exit_mm(mm);

	mmgrab(mm);

	BUG_ON(mm != current->active_mm);

	/* more a memory barrier than a real lock */

	struct signal_struct *sig = task->signal;

	/*

	 * A coredumping process may sleep for an extended period in exit_mm(),

	 * so the oom killer cannot assume that the process will promptly exit

	 * and release memory.

	 * A coredumping process may sleep for an extended period in

	 * coredump_exit_mm(), so the oom killer cannot assume that

	 * the process will promptly exit and release memory.

	 */

	if (sig->flags & SIGNAL_GROUP_COREDUMP)

		return false;