> Kai Henningsen wrote:
>
> > I made a very crude patch which, with some obscene command line for
> > searching /var/log/messages, made me find it, I think.
> >
> > It's in process.c, line 484. It's when dosemu forks Linux programs. (This
> > is in copy_thread, but only if the thread has an ldt.)
>
> Ah yes, I remember seeing this once and forgot to follow up on it -- the
> ldt is allocated but doesn't seem to be freed. Looks like a job for
> Ingo ...
>
Actually, the solution might be very simple. Have a look at exit_thread:
if (current->ldt) {
void * ldt = current->ldt;
current->ldt = NULL;
vfree(ldt);
}
but flush_thread, which is only called on exec (it seems since I've only
found it in fs/exec.c):
if (current->ldt) {
free_page((unsigned long) current->ldt);
current->ldt = NULL;
Isn't it calling the wrong function ? The ldt is allocated with vmalloc().
I've just started studying linux mm, so for now my knowledge is very
superficial, but I would replace this free_page(...) by vfree(ldt).
Note: I don't have the latest source trees, but this code is identical in my
2.0 and 2.1 trees.
BTW: is't allocating an ldt a way to make fork bombs much more harmful
(at 64kB unswappable memory per process) ? Just a thought.
Regards,
Gabriel.