Subject: kern/3493: mmap() with PROT_WRITE is wrong.
To: None <gnats-bugs@gnats.netbsd.org>
From: Lennart Augustsson <augustss@cs.chalmers.se>
List: netbsd-bugs
Date: 04/15/1997 01:47:01
>Number:         3493
>Category:       kern
>Synopsis:       mmap() with PROT_WRITE is wrong.
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 14 16:50:01 1997
>Last-Modified:
>Originator:     Lennart Augustsson
>Organization:
Department of Computing Science, Chalmers University
>Release:        NetBSD-current 970414
>Environment:
	
System: NetBSD calvin 1.2D NetBSD 1.2D (CALVIN) #24: Tue Apr 15 01:33:29 MEST 1997 augustss@calvin:/users/NetBSD/src/sys/arch/i386/compile/CALVIN i386


>Description:
	If you mmap() a character device (the only kind I tested)
	with protection PROT_WRITE only and then try to write to
	it you get a segmentation fault.  If you mmap() it R&W it works.

	This may be a i386 specficic problem, I've not tested it further.

>How-To-Repeat:
	Try this program.  It will generate a segmentation fault.
	You can check the instruction that actually writes the
	data, it does not involve reading the data first.

#include <sys/types.h>
#include <sys/mman.h>

#include <errno.h>

main()
{
    int fd;
    void *a;
    fd = open("/dev/zero", 2);
    if (fd < 0)
	errx(1, "open %d", errno);
    a = mmap(0, 32768, PROT_WRITE, 0, fd, 0);
    if (a == (void *)-1)
	errx(1, "mmap %d", errno);
    *(int *)a = 1;
    exit(0);
}

>Fix:
	Dunno.
>Audit-Trail:
>Unformatted: