From: Manfred Spraul <manfred@colorfullife.com>

There are a few unchecked do_munmap()s in the shm code.  Manfred's comment
explains why they are OK.


---

 25-akpm/ipc/shm.c |   15 +++++++++++++++
 1 files changed, 15 insertions(+)

diff -puN ipc/shm.c~smh-do_unmap-comments ipc/shm.c
--- 25/ipc/shm.c~smh-do_unmap-comments	2004-03-14 11:41:52.657337880 -0800
+++ 25-akpm/ipc/shm.c	2004-03-14 11:41:52.660337424 -0800
@@ -760,6 +760,21 @@ asmlinkage long sys_shmdt(char __user *s
 	down_write(&mm->mmap_sem);
 
 	/*
+	 * This function tries to be smart and unmap shm segments that
+	 * were modified by partial mlock or munmap calls:
+	 * - It first determines the size of the shm segment that should be
+	 *   unmapped: It searches for a vma that is backed by shm and that
+	 *   started at address shmaddr. It records it's size and then unmaps
+	 *   it.
+	 * - Then it unmaps all shm vmas that started at shmaddr and that
+	 *   are within the initially determined size.
+	 * Errors from do_munmap are ignored: the function only fails if
+	 * it's called with invalid parameters or if it's called to unmap
+	 * a part of a vma. Both calls in this function are for full vmas,
+	 * the parameters are directly copied from the vma itself and always
+	 * valid - therefore do_munmap cannot fail. (famous last words?)
+	 */
+	/*
 	 * If it had been mremap()'d, the starting address would not
 	 * match the usual checks anyway. So assume all vma's are
 	 * above the starting address given.

_