From owner-freebsd-hackers@FreeBSD.ORG Wed Oct 21 15:06:05 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A31B9106568D for ; Wed, 21 Oct 2009 15:06:05 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 7B7F98FC1A for ; Wed, 21 Oct 2009 15:06:05 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 1A96A46B2C; Wed, 21 Oct 2009 11:06:05 -0400 (EDT) Date: Wed, 21 Oct 2009 16:06:04 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Alexander Best In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org, Nate Eldredge Subject: Re: mmap(2) segaults with certain len values and MAP_ANON|MAP_FIXED X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2009 15:06:05 -0000 On Wed, 21 Oct 2009, Alexander Best wrote: > this code serves only one purpose: to trigger a segfault. i don't use the > code for any other purpose. i was under the impression that mmap() should > either succeed or fail (tertium non datur). mmap's manual doesn't say > anything about mmap() causing segfaults. Have you tried ktracing the application? I think you'll find that mmap(2) system call succeeded fine, and that the segfault comes from attempting to execute the address in libc on return to userspace, as a result of libc not being at that address anymore (since you removed its mapping). You can use procstat -v to inspect address space use by processes, but as a general rule you don't want to pass anything other than an address of 0x0 to mmap(2) unless you're very carefully managing the address space of the process. Many userspace libraries are involved in using that address space, but especially the runtime linker which begins execution in userspace when a binary is started. Robert N M Watson Computer Laboratory University of Cambridge