Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm...

Pull namespace fixes from Eric Biederman:
 "This is a set of 3 regression fixes.

  This fixes /proc/mounts when using "ip netns add <netns>" to display
  the actual mount point.

  This fixes a regression in clone that broke lxc-attach.

  This fixes a regression in the permission checks for mounting /proc
  that made proc unmountable if binfmt_misc was in use.  Oops.

  My apologies for sending this pull request so late.  Al Viro gave
  interesting review comments about the d_path fix that I wanted to
  address in detail before I sent this pull request.  Unfortunately a
  bad round of colds kept from addressing that in detail until today.
  The executive summary of the review was:

  Al: Is patching d_path really sufficient?
      The prepend_path, d_path, d_absolute_path, and __d_path family of
      functions is a really mess.

  Me: Yes, patching d_path is really sufficient.  Yes, the code is mess.
      No it is not appropriate to rewrite all of d_path for a regression
      that has existed for entirely too long already, when a two line
      change will do"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  vfs: Fix a regression in mounting proc
  fork:  Allow CLONE_PARENT after setns(CLONE_NEWPID)
  vfs: In d_path don't call d_dname on a mount point

diff --combined fs/dcache.c
index 6055d61,f7282eb..cb4a106
--- 1/fs/dcache.c
--- 2/fs/dcache.c
+++ b/fs/dcache.c
@@@ -192,7 -192,7 +192,7 @@@ static inline int dentry_string_cmp(con
                if (!tcount)
                        return 0;
        }
 -      mask = ~(~0ul << tcount*8);
 +      mask = bytemask_from_count(tcount);
        return unlikely(!!((a ^ b) & mask));
  }
  
@@@ -3061,8 -3061,13 +3061,13 @@@ char *d_path(const struct path *path, c
         * thus don't need to be hashed.  They also don't need a name until a
         * user wants to identify the object in /proc/pid/fd/.  The little hack
         * below allows us to generate a name for these objects on demand:
+        *
+        * Some pseudo inodes are mountable.  When they are mounted
+        * path->dentry == path->mnt->mnt_root.  In that case don't call d_dname
+        * and instead have d_path return the mounted path.
         */
-       if (path->dentry->d_op && path->dentry->d_op->d_dname)
+       if (path->dentry->d_op && path->dentry->d_op->d_dname &&
+           (!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root))
                return path->dentry->d_op->d_dname(path->dentry, buf, buflen);
  
        rcu_read_lock();

diff --combined kernel/fork.c
index 5721f0e,f82fa2e..dfa736c
--- 1/kernel/fork.c
--- 2/kernel/fork.c
+++ b/kernel/fork.c
@@@ -537,7 -537,6 +537,7 @@@ static struct mm_struct *mm_init(struc
        spin_lock_init(&mm->page_table_lock);
        mm_init_aio(mm);
        mm_init_owner(mm, p);
 +      clear_tlb_flush_pending(mm);
  
        if (likely(!mm_alloc_pgd(mm))) {
                mm->def_flags = 0;
@@@ -1172,7 -1171,7 +1172,7 @@@ static struct task_struct *copy_process
         * do not allow it to share a thread group or signal handlers or
         * parent with the forking task.
         */
-       if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) {
+       if (clone_flags & CLONE_SIGHAND) {
                if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
                    (task_active_pid_ns(current) !=
                                current->nsproxy->pid_ns_for_children))