Chuck Ebbert wrote:

>
>>@@ -97,14 +96,16 @@
>> 
>> void destroy_ldt(struct mm_struct *mm)
>> {
>>+     int pages = mm->context.ldt_pages;
>>+
>>      if (mm == current->active_mm)
>>              clear_LDT();
>>-     ClearPagesLDT(mm->context.ldt, (mm->context.size * LDT_ENTRY_SIZE) / PAGE_SIZE);
>>-     if (mm->context.size*LDT_ENTRY_SIZE > PAGE_SIZE)
>>+     ClearPagesLDT(mm->context.ldt, pages);
>>+     if (pages > 1)
>>              vfree(mm->context.ldt);
>>      else
>>              kfree(mm->context.ldt);
>>-     mm->context.size = 0;
>>+     mm->context.ldt_pages = 0;   <====================
>> }
>> 
>> static int read_ldt(void __user * ptr, unsigned long bytecount)
>>    
>>
>
>  destroy_ldt does not zero "ldt", just the size.  Potential bug?
>  
>

Not a bug, truly unnecessary at all.