Fix mmap_count.

Follow bug-fix by Federico Vaga in Linux "staging" version:

In comedi_fops, mmap_count is decremented at comedi_vm_ops->close but it
is not incremented at comedi_vm_ops->open. This may result in a negative
counter.  The patch introduces the open method to keep the counter
consistent.

The bug was triggerd by this sample code:

        mmap(0, ...., comedi_fd);
        fork();
        exit(0);

diff --git a/comedi/comedi_fops.c b/comedi/comedi_fops.c
index 29fbcb34842e32c95fe5d14ce31bb1915a53b0f8..0b29573b02cb0c7075cb28a671ddddb10c48b74a 100644 (file)
--- a/comedi/comedi_fops.c
+++ b/comedi/comedi_fops.c
@@ -1463,7 +1463,20 @@ static int do_cancel(comedi_device * dev, comedi_subdevice * s)
        return ret;
 }
 
-void comedi_unmap(struct vm_area_struct *area)
+void comedi_vm_open(struct vm_area_struct *area)
+{
+       comedi_async *async;
+       comedi_device *dev;
+
+       async = area->vm_private_data;
+       dev = async->subdevice->device;
+
+       mutex_lock(&dev->mutex);
+       async->mmap_count++;
+       mutex_unlock(&dev->mutex);
+}
+
+void comedi_vm_close(struct vm_area_struct *area)
 {
        comedi_async *async;
        comedi_device *dev;
@@ -1477,7 +1490,8 @@ void comedi_unmap(struct vm_area_struct *area)
 }
 
 static struct vm_operations_struct comedi_vm_ops = {
-      close:comedi_unmap,
+       .open = comedi_vm_open,
+       .close = comedi_vm_close,
 };
 
 static int comedi_mmap(struct file *file, struct vm_area_struct *vma)