LXR linux-old/mm/mmap.c

   1/*
   2 *      linux/mm/mmap.c
   3 *
   4 * Written by obz.
   5 */
   6#include <linux/stat.h>
   7#include <linux/sched.h>
   8#include <linux/kernel.h>
   9#include <linux/mm.h>
  10#include <linux/slab.h>
  11#include <linux/shm.h>
  12#include <linux/errno.h>
  13#include <linux/mman.h>
  14#include <linux/string.h>
  15#include <linux/pagemap.h>
  16#include <linux/swap.h>
  17#include <linux/smp.h>
  18#include <linux/smp_lock.h>
  19#include <linux/init.h>
  20
  21#include <asm/uaccess.h>
  22#include <asm/system.h>
  23#include <asm/pgtable.h>
  24
  25/* description of effects of mapping type and prot in current implementation.
  26 * this is due to the limited x86 page protection hardware.  The expected
  27 * behavior is in parens:
  28 *
  29 * map_type     prot
  30 *              PROT_NONE       PROT_READ       PROT_WRITE      PROT_EXEC
  31 * MAP_SHARED   r: (no) no      r: (yes) yes    r: (no) yes     r: (no) yes
  32 *              w: (no) no      w: (no) no      w: (yes) yes    w: (no) no
  33 *              x: (no) no      x: (no) yes     x: (no) yes     x: (yes) yes
  34 *              
  35 * MAP_PRIVATE  r: (no) no      r: (yes) yes    r: (no) yes     r: (no) yes
  36 *              w: (no) no      w: (no) no      w: (copy) copy  w: (no) no
  37 *              x: (no) no      x: (no) yes     x: (no) yes     x: (yes) yes
  38 *
  39 */
  40pgprot_t protection_map[16] = {
  41        __P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
  42        __S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
  43};
  44
  45/* SLAB cache for vm_area_struct's. */
  46kmem_cache_t *vm_area_cachep;
  47
  48int sysctl_overcommit_memory;
  49
  50/* Check that a process has enough memory to allocate a
  51 * new virtual mapping.
  52 */
  53static inline int vm_enough_memory(long pages)
  54{
  55        /* Stupid algorithm to decide if we have enough memory: while
  56         * simple, it hopefully works in most obvious cases.. Easy to
  57         * fool it, but this should catch most mistakes.
  58         */
  59        long freepages;
  60        
  61        /* Sometimes we want to use more memory than we have. */
  62        if (sysctl_overcommit_memory)
  63            return 1;
  64
  65        freepages = buffermem >> PAGE_SHIFT;
  66        freepages += page_cache_size;
  67        freepages >>= 1;
  68        freepages += nr_free_pages;
  69        freepages += nr_swap_pages;
  70        freepages -= num_physpages >> 4;
  71        return freepages > pages;
  72}
  73
  74/* Remove one vm structure from the inode's i_mmap ring. */
  75static inline void remove_shared_vm_struct(struct vm_area_struct *vma)
  76{
  77        struct dentry * dentry = vma->vm_dentry;
  78
  79        if (dentry) {
  80                if (vma->vm_flags & VM_DENYWRITE)
  81                        dentry->d_inode->i_writecount++;
  82                if(vma->vm_next_share)
  83                        vma->vm_next_share->vm_pprev_share = vma->vm_pprev_share;
  84                *vma->vm_pprev_share = vma->vm_next_share;
  85        }
  86}
  87
  88asmlinkage unsigned long sys_brk(unsigned long brk)
  89{
  90        unsigned long rlim, retval;
  91        unsigned long newbrk, oldbrk;
  92        struct mm_struct *mm = current->mm;
  93
  94        lock_kernel();
  95        retval = mm->brk;
  96        if (brk < mm->end_code)
  97                goto out;
  98        newbrk = PAGE_ALIGN(brk);
  99        oldbrk = PAGE_ALIGN(mm->brk);
 100        if (oldbrk == newbrk) {
 101                retval = mm->brk = brk;
 102                goto out;
 103        }
 104
 105        /* Always allow shrinking brk. */
 106        if (brk <= mm->brk) {
 107                retval = mm->brk = brk;
 108                do_munmap(newbrk, oldbrk-newbrk);
 109                goto out;
 110        }
 111
 112        /* Check against rlimit and stack.. */
 113        retval = mm->brk;
 114        rlim = current->rlim[RLIMIT_DATA].rlim_cur;
 115        if (rlim >= RLIM_INFINITY)
 116                rlim = ~0;
 117        if (brk - mm->end_code > rlim)
 118                goto out;
 119
 120        /* Check against existing mmap mappings. */
 121        if (find_vma_intersection(mm, oldbrk, newbrk+PAGE_SIZE))
 122                goto out;
 123
 124        /* Check if we have enough memory.. */
 125        if (!vm_enough_memory((newbrk-oldbrk) >> PAGE_SHIFT))
 126                goto out;
 127
 128        /* Ok, looks good - let it rip. */
 129        if(do_mmap(NULL, oldbrk, newbrk-oldbrk,
 130                   PROT_READ|PROT_WRITE|PROT_EXEC,
 131                   MAP_FIXED|MAP_PRIVATE, 0) == oldbrk)
 132                mm->brk = brk;
 133        retval = mm->brk;
 134out:
 135        unlock_kernel();
 136        return retval;
 137}
 138
 139/* Combine the mmap "prot" and "flags" argument into one "vm_flags" used
 140 * internally. Essentially, translate the "PROT_xxx" and "MAP_xxx" bits
 141 * into "VM_xxx".
 142 */
 143static inline unsigned long vm_flags(unsigned long prot, unsigned long flags)
 144{
 145#define _trans(x,bit1,bit2) \
 146((bit1==bit2)?(x&bit1):(x&bit1)?bit2:0)
 147
 148        unsigned long prot_bits, flag_bits;
 149        prot_bits =
 150                _trans(prot, PROT_READ, VM_READ) |
 151                _trans(prot, PROT_WRITE, VM_WRITE) |
 152                _trans(prot, PROT_EXEC, VM_EXEC);
 153        flag_bits =
 154                _trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN) |
 155                _trans(flags, MAP_DENYWRITE, VM_DENYWRITE) |
 156                _trans(flags, MAP_EXECUTABLE, VM_EXECUTABLE);
 157        return prot_bits | flag_bits;
 158#undef _trans
 159}
 160
 161unsigned long do_mmap(struct file * file, unsigned long addr, unsigned long len,
 162        unsigned long prot, unsigned long flags, unsigned long off)
 163{
 164        struct mm_struct * mm = current->mm;
 165        struct vm_area_struct * vma;
 166        int correct_wcount = 0;
 167
 168        if ((len = PAGE_ALIGN(len)) == 0)
 169                return addr;
 170
 171        if (len > TASK_SIZE || addr > TASK_SIZE-len)
 172                return -EINVAL;
 173
 174        /* offset overflow? */
 175        if (off + len < off)
 176                return -EINVAL;
 177
 178        /* mlock MCL_FUTURE? */
 179        if (mm->def_flags & VM_LOCKED) {
 180                unsigned long locked = mm->locked_vm << PAGE_SHIFT;
 181                locked += len;
 182                if (locked > current->rlim[RLIMIT_MEMLOCK].rlim_cur)
 183                        return -EAGAIN;
 184        }
 185
 186        /* Do simple checking here so the lower-level routines won't have
 187         * to. we assume access permissions have been handled by the open
 188         * of the memory object, so we don't do any here.
 189         */
 190        if (file != NULL) {
 191                switch (flags & MAP_TYPE) {
 192                case MAP_SHARED:
 193                        if ((prot & PROT_WRITE) && !(file->f_mode & 2))
 194                                return -EACCES;
 195
 196                        /* make sure there are no mandatory locks on the file. */
 197                        if (locks_verify_locked(file->f_dentry->d_inode))
 198                                return -EAGAIN;
 199                        /* fall through */
 200                case MAP_PRIVATE:
 201                        if (!(file->f_mode & 1))
 202                                return -EACCES;
 203                        break;
 204
 205                default:
 206                        return -EINVAL;
 207                }
 208        } else if ((flags & MAP_TYPE) != MAP_PRIVATE)
 209                return -EINVAL;
 210
 211        /* Obtain the address to map to. we verify (or select) it and ensure
 212         * that it represents a valid section of the address space.
 213         */
 214        if (flags & MAP_FIXED) {
 215                if (addr & ~PAGE_MASK)
 216                        return -EINVAL;
 217        } else {
 218                addr = get_unmapped_area(addr, len);
 219                if (!addr)
 220                        return -ENOMEM;
 221        }
 222
 223        /* Determine the object being mapped and call the appropriate
 224         * specific mapper. the address has already been validated, but
 225         * not unmapped, but the maps are removed from the list.
 226         */
 227        if (file && (!file->f_op || !file->f_op->mmap))
 228                return -ENODEV;
 229
 230        vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
 231        if (!vma)
 232                return -ENOMEM;
 233
 234        vma->vm_mm = mm;
 235        vma->vm_start = addr;
 236        vma->vm_end = addr + len;
 237        vma->vm_flags = vm_flags(prot,flags) | mm->def_flags;
 238
 239        if (file) {
 240                if (file->f_mode & 1)
 241                        vma->vm_flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
 242                if (flags & MAP_SHARED) {
 243                        vma->vm_flags |= VM_SHARED | VM_MAYSHARE;
 244
 245                        /* This looks strange, but when we don't have the file open
 246                         * for writing, we can demote the shared mapping to a simpler
 247                         * private mapping. That also takes care of a security hole
 248                         * with ptrace() writing to a shared mapping without write
 249                         * permissions.
 250                         *
 251                         * We leave the VM_MAYSHARE bit on, just to get correct output
 252                         * from /proc/xxx/maps..
 253                         */
 254                        if (!(file->f_mode & 2))
 255                                vma->vm_flags &= ~(VM_MAYWRITE | VM_SHARED);
 256                }
 257        } else
 258                vma->vm_flags |= VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
 259        vma->vm_page_prot = protection_map[vma->vm_flags & 0x0f];
 260        vma->vm_ops = NULL;
 261        vma->vm_offset = off;
 262        vma->vm_dentry = NULL;
 263        vma->vm_pte = 0;
 264
 265        do_munmap(addr, len);   /* Clear old maps */
 266
 267        /* Check against address space limit. */
 268        if ((mm->total_vm << PAGE_SHIFT) + len
 269            > current->rlim[RLIMIT_AS].rlim_cur) {
 270                kmem_cache_free(vm_area_cachep, vma);
 271                return -ENOMEM;
 272        }
 273
 274        /* Private writable mapping? Check memory availability.. */
 275        if ((vma->vm_flags & (VM_SHARED | VM_WRITE)) == VM_WRITE) {
 276                if (!(flags & MAP_NORESERVE) &&
 277                    !vm_enough_memory(len >> PAGE_SHIFT)) {
 278                        kmem_cache_free(vm_area_cachep, vma);
 279                        return -ENOMEM;
 280                }
 281        }
 282
 283        if (file) {
 284                int error = 0;
 285                if (vma->vm_flags & VM_DENYWRITE) {
 286                        if (file->f_dentry->d_inode->i_writecount > 0)
 287                                error = -ETXTBSY;
 288                        else {
 289                                /* f_op->mmap might possibly sleep
 290                                 * (generic_file_mmap doesn't, but other code
 291                                 * might). In any case, this takes care of any
 292                                 * race that this might cause.
 293                                 */
 294                                file->f_dentry->d_inode->i_writecount--;
 295                                correct_wcount = 1;
 296                        }
 297                }
 298                if (!error)
 299                        error = file->f_op->mmap(file, vma);
 300        
 301                if (error) {
 302                        if (correct_wcount)
 303                                file->f_dentry->d_inode->i_writecount++;
 304                        kmem_cache_free(vm_area_cachep, vma);
 305                        return error;
 306                }
 307        }
 308
 309        flags = vma->vm_flags;
 310        insert_vm_struct(mm, vma);
 311        if (correct_wcount)
 312                file->f_dentry->d_inode->i_writecount++;
 313        merge_segments(mm, vma->vm_start, vma->vm_end);
 314        
 315        addr = vma->vm_start;
 316
 317        /* merge_segments might have merged our vma, so we can't use it any more */
 318        mm->total_vm += len >> PAGE_SHIFT;
 319        if ((flags & VM_LOCKED) && !(flags & VM_IO)) {
 320                unsigned long start = addr;
 321                mm->locked_vm += len >> PAGE_SHIFT;
 322                do {
 323                        char c;
 324                        get_user(c,(char *) start);
 325                        len -= PAGE_SIZE;
 326                        start += PAGE_SIZE;
 327                        __asm__ __volatile__("": :"r" (c));
 328                } while (len > 0);
 329        }
 330        return addr;
 331}
 332
 333/* Get an address range which is currently unmapped.
 334 * For mmap() without MAP_FIXED and shmat() with addr=0.
 335 * Return value 0 means ENOMEM.
 336 */
 337unsigned long get_unmapped_area(unsigned long addr, unsigned long len)
 338{
 339        struct vm_area_struct * vmm;
 340
 341        if (len > TASK_SIZE)
 342                return 0;
 343        if (!addr)
 344                addr = TASK_UNMAPPED_BASE;
 345        addr = PAGE_ALIGN(addr);
 346
 347        for (vmm = find_vma(current->mm, addr); ; vmm = vmm->vm_next) {
 348                /* At this point:  (!vmm || addr < vmm->vm_end). */
 349                if (TASK_SIZE - len < addr)
 350                        return 0;
 351                if (!vmm || addr + len <= vmm->vm_start)
 352                        return addr;
 353                addr = vmm->vm_end;
 354        }
 355}
 356
 357/* Normal function to fix up a mapping
 358 * This function is the default for when an area has no specific
 359 * function.  This may be used as part of a more specific routine.
 360 * This function works out what part of an area is affected and
 361 * adjusts the mapping information.  Since the actual page
 362 * manipulation is done in do_mmap(), none need be done here,
 363 * though it would probably be more appropriate.
 364 *
 365 * By the time this function is called, the area struct has been
 366 * removed from the process mapping list, so it needs to be
 367 * reinserted if necessary.
 368 *
 369 * The 4 main cases are:
 370 *    Unmapping the whole area
 371 *    Unmapping from the start of the segment to a point in it
 372 *    Unmapping from an intermediate point to the end
 373 *    Unmapping between to intermediate points, making a hole.
 374 *
 375 * Case 4 involves the creation of 2 new areas, for each side of
 376 * the hole.  If possible, we reuse the existing area rather than
 377 * allocate a new one, and the return indicates whether the old
 378 * area was reused.
 379 */
 380static int unmap_fixup(struct vm_area_struct *area, unsigned long addr,
 381                         size_t len, struct vm_area_struct **extra)
 382{
 383        struct vm_area_struct *mpnt;
 384        unsigned long end = addr + len;
 385
 386        area->vm_mm->total_vm -= len >> PAGE_SHIFT;
 387        if (area->vm_flags & VM_LOCKED)
 388                area->vm_mm->locked_vm -= len >> PAGE_SHIFT;
 389
 390        /* Unmapping the whole area. */
 391        if (addr == area->vm_start && end == area->vm_end) {
 392                if (area->vm_ops && area->vm_ops->close)
 393                        area->vm_ops->close(area);
 394                if (area->vm_dentry)
 395                        dput(area->vm_dentry);
 396                return 0;
 397        }
 398
 399        /* Work out to one of the ends. */
 400        if (end == area->vm_end)
 401                area->vm_end = addr;
 402        else if (addr == area->vm_start) {
 403                area->vm_offset += (end - area->vm_start);
 404                area->vm_start = end;
 405        } else {
 406        /* Unmapping a hole: area->vm_start < addr <= end < area->vm_end */
 407                /* Add end mapping -- leave beginning for below */
 408                mpnt = *extra;
 409                *extra = NULL;
 410
 411                mpnt->vm_mm = area->vm_mm;
 412                mpnt->vm_start = end;
 413                mpnt->vm_end = area->vm_end;
 414                mpnt->vm_page_prot = area->vm_page_prot;
 415                mpnt->vm_flags = area->vm_flags;
 416                mpnt->vm_ops = area->vm_ops;
 417                mpnt->vm_offset = area->vm_offset + (end - area->vm_start);
 418                mpnt->vm_dentry = dget(area->vm_dentry);
 419                if (mpnt->vm_ops && mpnt->vm_ops->open)
 420                        mpnt->vm_ops->open(mpnt);
 421                area->vm_end = addr;    /* Truncate area */
 422                insert_vm_struct(current->mm, mpnt);
 423        }
 424
 425        /* Close the current area ... */
 426        if (area->vm_ops && area->vm_ops->close) {
 427                end = area->vm_end; /* save new end */
 428                area->vm_end = area->vm_start;
 429                area->vm_ops->close(area);
 430                area->vm_end = end;
 431        }
 432        /* ... then reopen and reinsert. */
 433        if (area->vm_ops && area->vm_ops->open)
 434                area->vm_ops->open(area);
 435        insert_vm_struct(current->mm, area);
 436        return 1;
 437}
 438
 439asmlinkage int sys_munmap(unsigned long addr, size_t len)
 440{
 441        int ret;
 442
 443        lock_kernel();
 444        ret = do_munmap(addr, len);
 445        unlock_kernel();
 446        return ret;
 447}
 448
 449/* Munmap is split into 2 main parts -- this part which finds
 450 * what needs doing, and the areas themselves, which do the
 451 * work.  This now handles partial unmappings.
 452 * Jeremy Fitzhardine <jeremy@sw.oz.au>
 453 */
 454int do_munmap(unsigned long addr, size_t len)
 455{
 456        struct vm_area_struct *mpnt, *next, *free, *extra;
 457        int freed;
 458
 459        if ((addr & ~PAGE_MASK) || addr > TASK_SIZE || len > TASK_SIZE-addr)
 460                return -EINVAL;
 461
 462        if ((len = PAGE_ALIGN(len)) == 0)
 463                return 0;
 464
 465        /* Check if this memory area is ok - put it on the temporary
 466         * list if so..  The checks here are pretty simple --
 467         * every area affected in some way (by any overlap) is put
 468         * on the list.  If nothing is put on, nothing is affected.
 469         */
 470        mpnt = current->mm->mmap;
 471        while(mpnt && mpnt->vm_end <= addr)
 472                mpnt = mpnt->vm_next;
 473        if (!mpnt)
 474                return 0;
 475
 476        /*
 477         * We may need one additional vma to fix up the mappings ... 
 478         * and this is the last chance for an easy error exit.
 479         */
 480        extra = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
 481        if (!extra)
 482                return -ENOMEM;
 483
 484        next = mpnt->vm_next;
 485
 486        /* we have mpnt->vm_next = next and addr < mpnt->vm_end */
 487        free = NULL;
 488        for ( ; mpnt && mpnt->vm_start < addr+len; ) {
 489                struct vm_area_struct *next = mpnt->vm_next;
 490
 491                if(mpnt->vm_next)
 492                        mpnt->vm_next->vm_pprev = mpnt->vm_pprev;
 493                *mpnt->vm_pprev = mpnt->vm_next;
 494
 495                mpnt->vm_next = free;
 496                free = mpnt;
 497                mpnt = next;
 498        }
 499
 500        /* Ok - we have the memory areas we should free on the 'free' list,
 501         * so release them, and unmap the page range..
 502         * If the one of the segments is only being partially unmapped,
 503         * it will put new vm_area_struct(s) into the address space.
 504         */
 505        freed = 0;
 506        while ((mpnt = free) != NULL) {
 507                unsigned long st, end, size;
 508
 509                free = free->vm_next;
 510                freed = 1;
 511
 512                remove_shared_vm_struct(mpnt);
 513
 514                st = addr < mpnt->vm_start ? mpnt->vm_start : addr;
 515                end = addr+len;
 516                end = end > mpnt->vm_end ? mpnt->vm_end : end;
 517                size = end - st;
 518
 519                if (mpnt->vm_ops && mpnt->vm_ops->unmap)
 520                        mpnt->vm_ops->unmap(mpnt, st, size);
 521
 522                flush_cache_range(current->mm, st, end);
 523                zap_page_range(current->mm, st, size);
 524                flush_tlb_range(current->mm, st, end);
 525
 526                /*
 527                 * Fix the mapping, and free the old area if it wasn't reused.
 528                 */
 529                if (!unmap_fixup(mpnt, st, size, &extra))
 530                        kmem_cache_free(vm_area_cachep, mpnt);
 531        }
 532
 533        /* Release the extra vma struct if it wasn't used */
 534        if (extra)
 535                kmem_cache_free(vm_area_cachep, extra);
 536
 537        if (freed)
 538                current->mm->mmap_cache = NULL; /* Kill the cache. */
 539        return 0;
 540}
 541
 542/* Release all mmaps. */
 543void exit_mmap(struct mm_struct * mm)
 544{
 545        struct vm_area_struct * mpnt;
 546
 547        mpnt = mm->mmap;
 548        mm->mmap = mm->mmap_cache = NULL;
 549        mm->rss = 0;
 550        mm->total_vm = 0;
 551        mm->locked_vm = 0;
 552        while (mpnt) {
 553                struct vm_area_struct * next = mpnt->vm_next;
 554                unsigned long start = mpnt->vm_start;
 555                unsigned long end = mpnt->vm_end;
 556                unsigned long size = end - start;
 557
 558                if (mpnt->vm_ops) {
 559                        if (mpnt->vm_ops->unmap)
 560                                mpnt->vm_ops->unmap(mpnt, start, size);
 561                        if (mpnt->vm_ops->close)
 562                                mpnt->vm_ops->close(mpnt);
 563                }
 564                remove_shared_vm_struct(mpnt);
 565                zap_page_range(mm, start, size);
 566                if (mpnt->vm_dentry)
 567                        dput(mpnt->vm_dentry);
 568                kmem_cache_free(vm_area_cachep, mpnt);
 569                mpnt = next;
 570        }
 571}
 572
 573/* Insert vm structure into process list sorted by address
 574 * and into the inode's i_mmap ring.
 575 */
 576void insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vmp)
 577{
 578        struct vm_area_struct **pprev = &mm->mmap;
 579        struct dentry * dentry;
 580
 581        /* Find where to link it in. */
 582        while(*pprev && (*pprev)->vm_start <= vmp->vm_start)
 583                pprev = &(*pprev)->vm_next;
 584
 585        /* Insert it. */
 586        if((vmp->vm_next = *pprev) != NULL)
 587                (*pprev)->vm_pprev = &vmp->vm_next;
 588        *pprev = vmp;
 589        vmp->vm_pprev = pprev;
 590
 591        dentry = vmp->vm_dentry;
 592        if (dentry) {
 593                struct inode * inode = dentry->d_inode;
 594                if (vmp->vm_flags & VM_DENYWRITE)
 595                        inode->i_writecount--;
 596      
 597                /* insert vmp into inode's share list */
 598                if((vmp->vm_next_share = inode->i_mmap) != NULL)
 599                        inode->i_mmap->vm_pprev_share = &vmp->vm_next_share;
 600                inode->i_mmap = vmp;
 601                vmp->vm_pprev_share = &inode->i_mmap;
 602        }
 603}
 604
 605/* Merge the list of memory segments if possible.
 606 * Redundant vm_area_structs are freed.
 607 * This assumes that the list is ordered by address.
 608 * We don't need to traverse the entire list, only those segments
 609 * which intersect or are adjacent to a given interval.
 610 */
 611void merge_segments (struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
 612{
 613        struct vm_area_struct *prev, *mpnt, *next;
 614
 615        down(&mm->mmap_sem);
 616
 617        prev = NULL;
 618        mpnt = mm->mmap;
 619        while(mpnt && mpnt->vm_end <= start_addr) {
 620                prev = mpnt;
 621                mpnt = mpnt->vm_next;
 622        }
 623        if (!mpnt)
 624                goto no_vma;
 625
 626        next = mpnt->vm_next;
 627
 628        /* we have prev->vm_next == mpnt && mpnt->vm_next = next */
 629        if (!prev) {
 630                prev = mpnt;
 631                mpnt = next;
 632        }
 633
 634        /* prev and mpnt cycle through the list, as long as
 635         * start_addr < mpnt->vm_end && prev->vm_start < end_addr
 636         */
 637        for ( ; mpnt && prev->vm_start < end_addr ; prev = mpnt, mpnt = next) {
 638                next = mpnt->vm_next;
 639
 640                /* To share, we must have the same dentry, operations.. */
 641                if ((mpnt->vm_dentry != prev->vm_dentry)||
 642                    (mpnt->vm_pte != prev->vm_pte)      ||
 643                    (mpnt->vm_ops != prev->vm_ops)      ||
 644                    (mpnt->vm_flags != prev->vm_flags)  ||
 645                    (prev->vm_end != mpnt->vm_start))
 646                        continue;
 647
 648                /*
 649                 * If we have a dentry or it's a shared memory area
 650                 * the offsets must be contiguous..
 651                 */
 652                if ((mpnt->vm_dentry != NULL) || (mpnt->vm_flags & VM_SHM)) {
 653                        unsigned long off = prev->vm_offset+prev->vm_end-prev->vm_start;
 654                        if (off != mpnt->vm_offset)
 655                                continue;
 656                }
 657
 658                /* merge prev with mpnt and set up pointers so the new
 659                 * big segment can possibly merge with the next one.
 660                 * The old unused mpnt is freed.
 661                 */
 662                if(mpnt->vm_next)
 663                        mpnt->vm_next->vm_pprev = mpnt->vm_pprev;
 664                *mpnt->vm_pprev = mpnt->vm_next;
 665
 666                prev->vm_end = mpnt->vm_end;
 667                if (mpnt->vm_ops && mpnt->vm_ops->close) {
 668                        mpnt->vm_offset += mpnt->vm_end - mpnt->vm_start;
 669                        mpnt->vm_start = mpnt->vm_end;
 670                        mpnt->vm_ops->close(mpnt);
 671                }
 672                remove_shared_vm_struct(mpnt);
 673                if (mpnt->vm_dentry)
 674                        dput(mpnt->vm_dentry);
 675                kmem_cache_free(vm_area_cachep, mpnt);
 676                mpnt = prev;
 677        }
 678        mm->mmap_cache = NULL;          /* Kill the cache. */
 679no_vma:
 680        up(&mm->mmap_sem);
 681}
 682
 683__initfunc(void vma_init(void))
 684{
 685        vm_area_cachep = kmem_cache_create("vm_area_struct",
 686                                           sizeof(struct vm_area_struct),
 687                                           0, SLAB_HWCACHE_ALIGN,
 688                                           NULL, NULL);
 689        if(!vm_area_cachep)
 690                panic("vma_init: Cannot alloc vm_area_struct cache.");
 691
 692        mm_cachep = kmem_cache_create("mm_struct",
 693                                      sizeof(struct mm_struct),
 694                                      0, SLAB_HWCACHE_ALIGN,
 695                                      NULL, NULL);
 696        if(!mm_cachep)
 697                panic("vma_init: Cannot alloc mm_struct cache.");
 698}
 699