netbsd-bugs: kern/13189: lost data on mmapped page

Subject: kern/13189: lost data on mmapped page
To: None <gnats-bugs@gnats.netbsd.org>
From: Atsushi Onoe <onoe@sm.sony.co.jp>
List: netbsd-bugs
Date: 06/14/2001 03:10:40
>Number:         13189
>Category:       kern
>Synopsis:       lost data on mmapp'ed page
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 13 11:39:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Atsushi Onoe
>Release:        NetBSD-current 010607
>Organization:
	Sony Corporation
>Environment:
System: NetBSD duplo.sm.sony.co.jp 1.5W NetBSD 1.5W (DUPLO) #422: Wed Jun 13 01:41:29 JST 2001 onoe@duplo.sm.sony.co.jp:/work/netbsd/obj/DUPLO i386
Architecture: i386
Machine: i386
>Description:
	The data on mmaped page is not written to the file system if the
	following conditions are met:
		- the physical disk block is not allocated (i.e. hole)
		- read fault occurs first for the page (read before write)
	Once the mapped page is freed, the data is lost forever.

>How-To-Repeat:

	Attached sample program fails to read the written data on current.

% uname -a
NetBSD duplo.sm.sony.co.jp 1.5W NetBSD 1.5W (DUPLO) #422: Wed Jun 13 01:41:29 JST 2001     onoe@duplo.sm.sony.co.jp:/work/netbsd/obj/DUPLO i386
% ./a.out
a.out: corrupted: off 0x0 data 0x0
% ls -ls testfile
24 -rw-r--r--  1 onoe  wheel  134217728 Jun 14 02:40 testfile

	While it succeeds on 1.5.1.

% uname -a
NetBSD duplo.sm.sony.co.jp 1.5.1_BETA2 NetBSD 1.5.1_BETA2 (DUPLO) #21: Sun Jun  3 16:59:44 PDT 2001     onoe@duplo.sm.sony.co.jp:/work/netbsd/15/obj/DUPLO
% ./a.out
test ok
% ls -ls testfile
131144 -rw-r--r--  1 onoe  wheel  134217728 Jun 14 02:33 testfile

/*----------------------------------------------------------------------*/
#include <sys/types.h>
#include <sys/mman.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>

#define	FNAME	"testfile"
#define	FSIZE	(128*1024*1024)		/* total physical memory */
#define	PSIZE	4096			/* page size */

main()
{
	int fd, off;
	u_char *p;

	if ((fd = open(FNAME, O_RDWR | O_CREAT | O_TRUNC, 0666)) < 0)
		err(1, "open: %s", FNAME);
	if (ftruncate(fd, FSIZE) < 0)
		err(1, "ftruncate: 0x%x", FSIZE);
	p = mmap(NULL, FSIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
	if (p == MAP_FAILED)
		err(1, "mmap");
	for (off = 0; off < FSIZE; off += PSIZE) {
		if (p[off])
			break;
		p[off] = 'a';
	}
	for (off = 0; off < FSIZE; off += PSIZE) {
		if (p[off] != 'a')
			errx(2, "corrupted: off 0x%x data 0x%x", off, p[off]);
	}
	printf("test ok\n");
	exit(0);
}
/*----------------------------------------------------------------------*/
>Fix:
	none provided.
>Release-Note:
>Audit-Trail:
>Unformatted: