From 90531c2a26c4e9d8df0ebb21430988b9393006f4 Mon Sep 17 00:00:00 2001
From: Ian Abbott <abbotti@mev.co.uk>
Date: Tue, 1 Nov 2011 09:43:56 +0000
Subject: [PATCH] Fix mmap_count.

Follow bug-fix by Federico Vaga in Linux "staging" version:

In comedi_fops, mmap_count is decremented at comedi_vm_ops->close but it
is not incremented at comedi_vm_ops->open. This may result in a negative
counter.  The patch introduces the open method to keep the counter
consistent.

The bug was triggerd by this sample code:

        mmap(0, ...., comedi_fd);
        fork();
        exit(0);
---
 comedi/comedi_fops.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/comedi/comedi_fops.c b/comedi/comedi_fops.c
index 29fbcb34..0b29573b 100644
--- a/comedi/comedi_fops.c
+++ b/comedi/comedi_fops.c
@@ -1463,7 +1463,20 @@ static int do_cancel(comedi_device * dev, comedi_subdevice * s)
 	return ret;
 }
 
-void comedi_unmap(struct vm_area_struct *area)
+void comedi_vm_open(struct vm_area_struct *area)
+{
+	comedi_async *async;
+	comedi_device *dev;
+
+	async = area->vm_private_data;
+	dev = async->subdevice->device;
+
+	mutex_lock(&dev->mutex);
+	async->mmap_count++;
+	mutex_unlock(&dev->mutex);
+}
+
+void comedi_vm_close(struct vm_area_struct *area)
 {
 	comedi_async *async;
 	comedi_device *dev;
@@ -1477,7 +1490,8 @@ void comedi_unmap(struct vm_area_struct *area)
 }
 
 static struct vm_operations_struct comedi_vm_ops = {
-      close:comedi_unmap,
+	.open = comedi_vm_open,
+	.close = comedi_vm_close,
 };
 
 static int comedi_mmap(struct file *file, struct vm_area_struct *vma)
-- 
2.26.2