From owner-freebsd-hackers@FreeBSD.ORG  Wed Oct 21 15:06:05 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A31B9106568D
	for <freebsd-hackers@freebsd.org>; Wed, 21 Oct 2009 15:06:05 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 7B7F98FC1A
	for <freebsd-hackers@freebsd.org>; Wed, 21 Oct 2009 15:06:05 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 1A96A46B2C;
	Wed, 21 Oct 2009 11:06:05 -0400 (EDT)
Date: Wed, 21 Oct 2009 16:06:04 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Alexander Best <alexbestms@math.uni-muenster.de>
In-Reply-To: <permail-200910211353101e86ffa800007bec-a_best01@message-id.uni-muenster.de>
Message-ID: <alpine.BSF.2.00.0910211600310.15597@fledge.watson.org>
References: <permail-200910211353101e86ffa800007bec-a_best01@message-id.uni-muenster.de>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-hackers@freebsd.org, Nate Eldredge <nate@thatsmathematics.com>
Subject: Re: mmap(2) segaults with certain len values and MAP_ANON|MAP_FIXED
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2009 15:06:05 -0000


On Wed, 21 Oct 2009, Alexander Best wrote:

> this code serves only one purpose: to trigger a segfault. i don't use the 
> code for any other purpose. i was under the impression that mmap() should 
> either succeed or fail (tertium non datur). mmap's manual doesn't say 
> anything about mmap() causing segfaults.

Have you tried ktracing the application?  I think you'll find that mmap(2) 
system call succeeded fine, and that the segfault comes from attempting to 
execute the address in libc on return to userspace, as a result of libc not 
being at that address anymore (since you removed its mapping).  You can use 
procstat -v to inspect address space use by processes, but as a general rule 
you don't want to pass anything other than an address of 0x0 to mmap(2) unless 
you're very carefully managing the address space of the process.  Many 
userspace libraries are involved in using that address space, but especially 
the runtime linker which begins execution in userspace when a binary is 
started.

Robert N M Watson
Computer Laboratory
University of Cambridge