current-users: Re: mprotect(2) strange behaviour under compat linux

Subject: Re: mprotect(2) strange behaviour under compat linux
To: None <current-users@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: current-users
Date: 12/18/2007 03:32:37
In article <20071217223029.GA31529@medusa.sis.pasteur.fr>,
Nicolas Joly  <njoly@pasteur.fr> wrote:
>-=-=-=-=-=-
>
>
>Hi,
>
>While working on compat linux i encountered some strange mprotect(2)
>behaviour.
>
>The attached piece of code work on NetBSD i386/amd64, Linux
>i386/x86_64, but not under compat linux/i386 or linux32/amd64.
>
>njoly@cixy [~]> uname -a
>NetBSD cixy.sis.pasteur.fr 4.99.42 NetBSD 4.99.42 (CIXY_DEVEL) #48: Sun
>Dec 16 22:59:40 CET 2007 
>njoly@cixy.si.pasteur.fr:/local/src/NetBSD/obj.i386/sys/arch/i386/compile/CIXY_DEVEL i386
>
>njoly@cixy [~]> file ./mprotect
>./mprotect: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
>for GNU/Linux 2.4.1, dynamically linked (uses shared libs), not stripped
>njoly@cixy [~]> ktrace -di ./mprotect
>zsh: segmentation fault (core dumped)  ktrace -di ./mprotect
>njoly@cixy [~]> kdump
>[...]
> 17981      1 mprotect CALL  old_mmap(0xbfbfe810)
> 17981      1 mprotect RET   old_mmap -1146380288/0xbbaba000
> 17981      1 mprotect CALL  mprotect(0xbbaba000,0xa000,2)
> 17981      1 mprotect RET   mprotect 0
> 17981      1 mprotect PSIG  SIGSEGV SIG_DFL
> 17981      1 mprotect NAMI  "mprotect.core"
>
>njoly@cixy [~]> gdb ./mprotect
>GNU gdb 6.5
>Copyright (C) 2006 Free Software Foundation, Inc.
>[...]
>(gdb) b main
>Breakpoint 1 at 0x80484d4: file mprotect.c, line 13.
>(gdb) run
>Starting program: /home/njoly/mprotect 
>warning: no shared library support for this OS / ABI
>
>Breakpoint 1, main () at mprotect.c:13
>13        len = 10 * getpagesize();
>(gdb) n
>15        buf = mmap(NULL, len, PROT_NONE, MAP_ANON|MAP_SHARED, -1, 0);
>(gdb) 
>16        if (buf == MAP_FAILED)
>(gdb) 
>19        res = mprotect(buf, len, PROT_WRITE);
>(gdb) 
>20        if (res == -1)
>(gdb) 
>23        (void)memset(buf, 0, len);
>(gdb) 
>
>Program received signal SIGSEGV, Segmentation fault.
>0xbbb2f7dd in ?? ()
>
>In the mean time, if i modify mprotect protection option from
>`PROT_WRITE' to `PROT_READ|PROT_WRITE', the program does not crash
>anymore.
>
>Any idea ?
>
>-- 
>Nicolas Joly
>
>Biological Software and Databanks.
>Institut Pasteur, Paris.
>
>-=-=-=-=-=-
>
>
>#include <sys/mman.h>
>
>#include <err.h>
>#include <string.h>
>#include <unistd.h>
>
>int main() {
>  int res;
>  size_t len;
>  void *buf;
>
>  len = 10 * getpagesize();
>
>  buf = mmap(NULL, len, PROT_NONE, MAP_ANON|MAP_SHARED, -1, 0);
>  if (buf == MAP_FAILED)
>    err(1, "mmap failed");
>
>  res = mprotect(buf, len, PROT_WRITE);
>  if (res == -1)
>    err(1, "mprotect failed");
>
>  (void)memset(buf, 0, len);
>
>  res = munmap(buf, len);
>  if (res == -1)
>    err(1, "munmap failed");
>
>  return 0; }

Can you add a segv handler in the program so that ktrace prints more
info as it passes it to the signal handler? I am interested if it is
a protection error or an access error. If it is an access error, please
try to instrument line 771 in uvm_fault.c to see what's causing it.

christos