From owner-freebsd-hackers@FreeBSD.ORG Wed Oct 21 13:53:13 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E29791065697 for ; Wed, 21 Oct 2009 13:53:13 +0000 (UTC) (envelope-from a_best01@uni-muenster.de) Received: from zivm-exrelay2.uni-muenster.de (ZIVM-EXRELAY2.UNI-MUENSTER.DE [128.176.192.15]) by mx1.freebsd.org (Postfix) with ESMTP id 758168FC08 for ; Wed, 21 Oct 2009 13:53:12 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.44,597,1249250400"; d="scan'208";a="226843881" Received: from zivmaildisp1.uni-muenster.de (HELO ZIVMAILUSER03.UNI-MUENSTER.DE) ([128.176.188.85]) by zivm-relay2.uni-muenster.de with ESMTP; 21 Oct 2009 15:53:11 +0200 Received: by ZIVMAILUSER03.UNI-MUENSTER.DE (Postfix, from userid 149459) id 7405B1B0750; Wed, 21 Oct 2009 15:53:11 +0200 (CEST) Date: Wed, 21 Oct 2009 15:53:10 +0200 (CEST) From: Alexander Best Sender: Organization: Westfaelische Wilhelms-Universitaet Muenster To: Nate Eldredge Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: mmap(2) segaults with certain len values and MAP_ANON|MAP_FIXED X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2009 13:53:14 -0000 Nate Eldredge schrieb am 2009-10-21: > On Wed, 21 Oct 2009, Alexander Best wrote: > >hi there, > This is on a 32-bit platform I take it? yes. > >just a little mmap(2) related question. running the following code > >causes a > >segfault: > >mmap( (void*)0x1000, 0x80047000, PROT_NONE, MAP_ANON|MAP_FIXED, -1, > >0 ); > I don't doubt it. You mapped over a big chunk of your address space > with memory that's inaccessible (PROT_NONE). This probably includes > your program's code. So when the mmap call returns from the kernel > and tries to execute the next instruction of your program, it finds > that the instruction pointer is pointing to inaccessible memory. > Result: segfault. This is quite normal. > What are you actually trying to accomplish with this? this code serves only one purpose: to trigger a segfault. i don't use the code for any other purpose. i was under the impression that mmap() should either succeed or fail (tertium non datur). mmap's manual doesn't say anything about mmap() causing segfaults. from your description of the problem i don't think there's a quick fix to it. so it might be a good idea to add this case to the mmap(2) bug section. > >while the following doesn't: > >mmap( (void*)0x1000, 0xffffffff, PROT_NONE, MAP_ANON|MAP_FIXED, -1, > >0 ); > Did you check whether the mmap actually succeeded? I bet it didn't. > You have a length that isn't a multiple of the page size and wraps > around 32 bits. I bet you got an EINVAL, and the mmap call didn't > actually do anything. > >is this a known problem? seems reproducible on all branches. > Not a problem at all, I suspect. > -- indeed the mmap() call fails with EINVAL but it doesn't segfault. to make this clear: i don't expect either one of the mmap() calls to succeed. > Nate Eldredge > nate@thatsmathematics.com