patch for small bug in shmdt()

Computer Engineering Project BRAVO (bravo@bovet.ccd.utovrm.it)
Mon, 6 Oct 1997 17:18:31 +0200


There is a small bug in the implementation of the shmdt() system call.

According both to

"System V Interface Definition, AT&T Bell Laboratories, 1985"

and to

"B. Goodheart & J. Cox, The Magic Garden Explained -- The Internals of UNIX(R)
System V Release 4, Prentice Hall, 1994",

shmdt() should check whether the second argument is the data segment start
address of a shared memory segment; if not, it should return -1 and set errno
to EINVAL. The current implementation always returns 0.

A patch against version 2.0.30 (but it should work also for 2.1.57) is included
below.

Sandra Celiberti
Serena Ramovecchi

+---------------------------------------------------------------+
| Computer Engineering - Project BRAVO |
+---------------------------------------------------------------+
| University of Rome "Tor Vergata" |
| Dept. of Computer Science, Systems and Industrial Engineering |
| via della Ricerca Scientifica, 00133 Rome (Italy) |
| e-mail: bravo@bovet.ccd.utovrm.it |
+---------------------------------------------------------------+

diff -u --recursive --new-file linux-2.0.30/ipc/shm.c linux/ipc/shm.c
--- linux-2.0.30/ipc/shm.c Wed Apr 23 13:02:01 1997
+++ linux/ipc/shm.c Mon Sep 22 18:35:41 1997
@@ -608,10 +608,12 @@
for (shmd = current->mm->mmap; shmd; shmd = shmdnext) {
shmdnext = shmd->vm_next;
if (shmd->vm_ops == &shm_vm_ops
- && shmd->vm_start - shmd->vm_offset == (ulong) shmaddr)
+ && shmd->vm_start - shmd->vm_offset == (ulong) shmaddr) {
do_munmap(shmd->vm_start, shmd->vm_end - shmd->vm_start);
+ return 0;
+ }
}
- return 0;
+ return -EINVAL;
}

/*