From: Bart Oldeman DOSEMU needs to alias memory, for instance to emulate the HMA. A long time ago this was done using mmaps of /proc/self/mem. This was replaced by mremap combined with IPC SHM during 2.1 development. According to DOSEMUs changelog you agreed to allow old_len==0: - using _one_ big IPC shm segment and mremap(addr, 0 ...) (Linus agreed on keeping shmat()+mremap(,0,..) functionality) so you agreed on something you have removed after all now! (comment in DOSEMU source) /* The trick is to set old_len = 0, * this won't unmap at the old address, but with * shared mem the 'nopage' vm_op will map in the right * pages. */ An example usage is as follows: shmget(IPC_PRIVATE, 31498240, 0x1c0|0600) = 11337732 shmat(11337732, 0, 0) = 0x40299000 shmctl(11337732, IPC_RMID, 0) = 0 mremap(0x402a9000, 0, 65536, MREMAP_MAYMOVE|MREMAP_FIXED, 0) = 0 mremap(0x402a9000, 0, 65536, MREMAP_MAYMOVE|MREMAP_FIXED, 0x100000) = 0x100000 The security problems only affect the case new_len==0 so I don't see any reason for not applying this patch. --- 25-akpm/mm/mremap.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) diff -puN mm/mremap.c~mremap-dosemu-fix mm/mremap.c --- 25/mm/mremap.c~mremap-dosemu-fix Mon Jan 12 17:08:19 2004 +++ 25-akpm/mm/mremap.c Mon Jan 12 17:08:43 2004 @@ -315,8 +315,11 @@ unsigned long do_mremap(unsigned long ad old_len = PAGE_ALIGN(old_len); new_len = PAGE_ALIGN(new_len); - /* Don't allow the degenerate cases */ - if (!old_len || !new_len) + /* + * We allow a zero old-len as a special case for DOS-emu "duplicate + * shm area" thing. But a zero new-len is nonsensical. + */ + if (!new_len) goto out; /* new_addr is only valid if MREMAP_FIXED is specified */ _