Date: Sat, 5 Jan 2008 00:20:02 GMT From: "Zachary Loafman" <zachary.loafman@isilon.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/93396: dlopen crash with locked page Message-ID: <200801050020.m050K24m034997@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/93396; it has been noted by GNATS.
From: "Zachary Loafman" <zachary.loafman@isilon.com>
To: <bug-followup@FreeBSD.org>,
<fabien.thomas@netasq.com>
Cc:
Subject: Re: kern/93396: dlopen crash with locked page
Date: Fri, 4 Jan 2008 15:59:05 -0800
I debugged this issue a bit further before checking the FreeBSD PR
database. The fault in question ends up in this patch of code in
vm_map_lookup:
if ((entry->eflags & MAP_ENTRY_USER_WIRED) &&
(entry->eflags & MAP_ENTRY_COW) &&
(fault_type & VM_PROT_WRITE) &&
(fault_typea & VM_PROT_OVERRIDE_WRITE) =3D=3D 0) {
RETURN(KERN_PROTECTION_FAILURE);
}
I can't discern why this check in vm_map_lookup even exists, but it
borks RTLD completely after mlockall is called. Specifically, it breaks
map_object, which does an mprotect to make the last page of a segment
writable then tries to do a memset to test it, resulting in the crash
above.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801050020.m050K24m034997>