On Mon, 2014-11-03 at 16:06 -0800, Dave Hansen wrote: > From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> > > This is a highly-contrived scenario. But, a single shmdt() call > can be induced in to unmapping memory from mulitple shm segments. > Example code is here: > > http://www.sr71.net/~dave/intel/shmfun.c > > The fix is pretty simple: Record the 'struct file' for the first > VMA we encounter and then stick to it. Decline to unmap anything > not from the same file and thus the same segment. > > I found this by inspection and the odds of anyone hitting this in > practice are pretty darn small. > > Lightly tested, but it's a pretty small patch. Passed shmdt ltp tests, fwiw. > Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> Reviewed-by: Davidlohr Bueso <dave@xxxxxxxxxxxx> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>