netbsd-bugs: port-i386/8533: memory not accessable after successful mmap()

Subject: port-i386/8533: memory not accessable after successful mmap()
To: None <gnats-bugs@gnats.netbsd.org>
From: Matthias Scheler <tron@netbsd.org>
List: netbsd-bugs
Date: 10/02/1999 07:40:01
>Number:         8533
>Category:       port-i386
>Synopsis:       memory not accessable after successful mmap()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-i386-maintainer (NetBSD/i386 Portmaster)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Oct  2 06:05:01 1999
>Last-Modified:
>Originator:     Matthias Scheler
>Organization:
Matthias Scheler                            http://www.sighardstrasse.de/~tron/
>Release:        991001
>Environment:
System: NetBSD lyssa.zhadum.de 1.4K NetBSD 1.4K (LYSSA) #0: Fri Oct 1 14:18:55 CEST 1999 tron@lyssa.zhadum.de:/src/sys/compile/LYSSA i386


>Description:
On i386 mmap()ing a high memory are (>= 0xee000000) succeeds but the memory
cannot be accessed afterwards.

>How-To-Repeat:
Compile and execute this program "mmap.c":

/*

	$Id: mmap.c,v 1.6 1999/10/02 12:47:47 tron Exp $

*/

#include <sys/types.h>
#include <sys/param.h>
#include <sys/mman.h>

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#ifndef MAP_FAILED	/* for NetBSD 1.3 */
#define MAP_FAILED (void *)-1
#endif

int main(int argc,char **argv)

{
 int Opt;
 char *Addr,*EndPtr;
 quad_t Value;
 size_t Length,Index;

 Addr=NULL;
 Length=getpagesize();

 while ((Opt=getopt(argc,argv,"a:l:"))!=-1)
  switch (Opt)
   {
    case 'a':
     Value=strtoq(optarg,&EndPtr,0);
     if (EndPtr!=optarg) Addr=(char *)((unsigned long)Value);
     break;
    case 'l':
     Value=strtoq(optarg,&EndPtr,0);
     if (EndPtr!=optarg) Length=(size_t)Value;
     break;
    default:
     (void)fprintf(stderr,"Usage: %s [-a address] [-l length]\n",argv[0]);
     return EXIT_FAILURE;
   }

 (void)printf("Trying to map %d bytes at %p\n",Length,Addr);
 if ((Addr=mmap(Addr,
                Length,
                PROT_READ|PROT_WRITE|PROT_EXEC,
                MAP_PRIVATE|MAP_ANON|((Addr!=NULL)?MAP_FIXED:0),
                -1,
                0))==MAP_FAILED)
  {
   perror("mmap");
   return EXIT_FAILURE;
  }
 (void)printf("Mapped %d bytes at %p\n",Length,Addr);

 for (Index=0; Index<Length; Index++)
  Addr[Index]=42;

 (void)puts("Test completed.");

 return EXIT_SUCCESS;
}

tron@lyssa:~>./mmap 
Trying to map 4096 bytes at 0x0
Mapped 4096 bytes at 0x480d7000
Test completed.
tron@lyssa:~>./mmap -a 0xed000000
Trying to map 4096 bytes at 0xed000000
Mapped 4096 bytes at 0xed000000
Test completed.
tron@lyssa:~>./mmap -a 0xee000000
Trying to map 4096 bytes at 0xee000000
Mapped 4096 bytes at 0xee000000
Segmentation fault

I can reproduce this problem unter NetBSD 1.3.2, 1.4.1 and current.

>Fix:
None given.
>Audit-Trail:
>Unformatted: