From owner-freebsd-hackers@FreeBSD.ORG  Wed Oct 21 15:30:54 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 193EF106566B;
	Wed, 21 Oct 2009 15:30:54 +0000 (UTC)
	(envelope-from a_best01@uni-muenster.de)
Received: from zivm-exrelay2.uni-muenster.de (ZIVM-EXRELAY2.UNI-MUENSTER.DE
	[128.176.192.15])
	by mx1.freebsd.org (Postfix) with ESMTP id 6C0658FC08;
	Wed, 21 Oct 2009 15:30:53 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="4.44,597,1249250400"; d="scan'208";a="226853123"
Received: from zivmaildisp1.uni-muenster.de (HELO
	ZIVMAILUSER01.UNI-MUENSTER.DE) ([128.176.188.85])
	by zivm-relay2.uni-muenster.de with ESMTP; 21 Oct 2009 17:30:52 +0200
Received: by ZIVMAILUSER01.UNI-MUENSTER.DE (Postfix, from userid 149459)
	id 455031B0766; Wed, 21 Oct 2009 17:30:52 +0200 (CEST)
Date: Wed, 21 Oct 2009 17:30:51 +0200 (CEST)
From: Alexander Best <alexbestms@math.uni-muenster.de>
Sender: <a_best01@uni-muenster.de>
Organization: Westfaelische Wilhelms-Universitaet Muenster
To: Robert Watson <rwatson@FreeBSD.org>
Message-ID: <permail-20091021153051f0889e8400007aa5-a_best01@message-id.uni-muenster.de>
In-Reply-To: <alpine.BSF.2.00.0910211600310.15597@fledge.watson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org, Nate Eldredge <nate@thatsmathematics.com>
Subject: Re: mmap(2) segaults with certain len values and MAP_ANON|MAP_FIXED
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2009 15:30:54 -0000

Robert Watson schrieb am 2009-10-21:

> On Wed, 21 Oct 2009, Alexander Best wrote:

> >this code serves only one purpose: to trigger a segfault. i don't
> >use the code for any other purpose. i was under the impression that
> >mmap() should either succeed or fail (tertium non datur). mmap's
> >manual doesn't say anything about mmap() causing segfaults.

> Have you tried ktracing the application?  I think you'll find that
> mmap(2) system call succeeded fine, and that the segfault comes from
> attempting to execute the address in libc on return to userspace, as
> a result of libc not being at that address anymore (since you
> removed its mapping).  You can use procstat -v to inspect address
> space use by processes, but as a general rule you don't want to pass
> anything other than an address of 0x0 to mmap(2) unless you're very
> carefully managing the address space of the process.  Many userspace
> libraries are involved in using that address space, but especially
> the runtime linker which begins execution in userspace when a binary
> is started.

> Robert N M Watson
> Computer Laboratory
> University of Cambridge


you're right. this kdump shows that the segfault isn't being caused by the
mmap() call:

 88343 mmap_test CALL
 mmap(0x1000,0x80047000,PROT_NONE,MAP_FIXED|MAP_ANON,0xffffffff,0,0)
 88343 mmap_test RET   mmap 4096/0x1000
 88343 mmap_test PSIG  SIGSEGV SIG_DFL
 88343 mmap_test NAMI  "mmap_test.core"

thanks for clearing things up.

however i stil think mentioning this situation in the mmap(2) manual (maybe in
section MAP_FIXED) would be a good idea.

cheers.
alex