From: Manfred Spraul There are a few unchecked do_munmap()s in the shm code. Manfred's comment explains why they are OK. --- 25-akpm/ipc/shm.c | 15 +++++++++++++++ 1 files changed, 15 insertions(+) diff -puN ipc/shm.c~smh-do_unmap-comments ipc/shm.c --- 25/ipc/shm.c~smh-do_unmap-comments 2004-03-14 11:41:52.657337880 -0800 +++ 25-akpm/ipc/shm.c 2004-03-14 11:41:52.660337424 -0800 @@ -760,6 +760,21 @@ asmlinkage long sys_shmdt(char __user *s down_write(&mm->mmap_sem); /* + * This function tries to be smart and unmap shm segments that + * were modified by partial mlock or munmap calls: + * - It first determines the size of the shm segment that should be + * unmapped: It searches for a vma that is backed by shm and that + * started at address shmaddr. It records it's size and then unmaps + * it. + * - Then it unmaps all shm vmas that started at shmaddr and that + * are within the initially determined size. + * Errors from do_munmap are ignored: the function only fails if + * it's called with invalid parameters or if it's called to unmap + * a part of a vma. Both calls in this function are for full vmas, + * the parameters are directly copied from the vma itself and always + * valid - therefore do_munmap cannot fail. (famous last words?) + */ + /* * If it had been mremap()'d, the starting address would not * match the usual checks anyway. So assume all vma's are * above the starting address given. _