Chuck Ebbert wrote:
@@ -97,14 +96,16 @@
void destroy_ldt(struct mm_struct *mm)
{
+ int pages = mm->context.ldt_pages;
+
if (mm == current->active_mm)
clear_LDT();
- ClearPagesLDT(mm->context.ldt, (mm->context.size * LDT_ENTRY_SIZE) / PAGE_SIZE);
- if (mm->context.size*LDT_ENTRY_SIZE > PAGE_SIZE)
+ ClearPagesLDT(mm->context.ldt, pages);
+ if (pages > 1)
vfree(mm->context.ldt);
else
kfree(mm->context.ldt);
- mm->context.size = 0;
+ mm->context.ldt_pages = 0; <====================
}
static int read_ldt(void __user * ptr, unsigned long bytecount)
destroy_ldt does not zero "ldt", just the size. Potential bug?
Not a bug, truly unnecessary at all.
Several reviewers noticed that initialization and destruction of the
mm->context is unnecessary, since the entire MM struct is zeroed on
allocation anyways.
Verified with BUG_ON(mm->context.ldt || mm->context.ldt_pages);
Signed-off-by: Zachary Amsden <[email protected]>
Index: linux-2.6.13/include/asm-i386/mmu_context.h
===================================================================
--- linux-2.6.13.orig/include/asm-i386/mmu_context.h 2005-08-15 11:23:32.000000000 -0700
+++ linux-2.6.13/include/asm-i386/mmu_context.h 2005-08-16 11:35:11.000000000 -0700
@@ -16,7 +16,6 @@
struct mm_struct * old_mm;
int retval = 0;
- memset(&mm->context, 0, sizeof(mm->context));
init_MUTEX(&mm->context.sem);
old_mm = current->mm;
if (old_mm && unlikely(old_mm->context.ldt)) {
Index: linux-2.6.13/arch/i386/kernel/ldt.c
===================================================================
--- linux-2.6.13.orig/arch/i386/kernel/ldt.c 2005-08-15 11:23:32.000000000 -0700
+++ linux-2.6.13/arch/i386/kernel/ldt.c 2005-08-16 11:12:59.000000000 -0700
@@ -105,7 +105,6 @@
vfree(mm->context.ldt);
else
kfree(mm->context.ldt);
- mm->context.ldt_pages = 0;
}
static int read_ldt(void __user * ptr, unsigned long bytecount)
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |