netbsd-bugs: kern/11584: mmap() file on kern, proc, union file systems returns illegal (bad)

Subject: kern/11584: mmap() file on kern, proc, union file systems returns illegal (bad)
To: None <gnats-bugs@gnats.netbsd.org>
From: Kouichi Matsuda <kmatsuda@jo.tomakomai-ct.ac.jp>
List: netbsd-bugs
Date: 11/28/2000 21:38:14

>Number:         11584
>Category:       kern
>Synopsis:       mmap() file on kern, proc, union file systems returns illegal (bad) pointer.
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 28 21:38:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Kouichi Matsuda
>Release:        NetBSD-current (1.5L at 2000/11/28)
>Organization:
Department of Computer Engineering, Tomakomai National College of Technology
>Environment:
System: NetBSD gamaoyabun.j404.jo.tomakomai-ct.ac.jp 1.5L NetBSD 1.5L (GAMAOYABUN) #116: Wed Nov 29 10:08:30 JST 2000 root@gamaoyabun.j404.jo.tomakomai-ct.ac.jp:/usr/src/sys/arch/i386/compile/GAMAOYABUN i386
Architecture: i386
Machine: i386
>Description:
After UBC code integrated, mmap() file on some filesystems (eg. kern, proc and
union filesystems) returns illegal (bad) pointer.
>How-To-Repeat:
for example, use ftp://ftp.netbsd.org/pub/NetBSD/misc/chs/vmtest.c.

mount union filesystem:

# mount -t union upper lower

run vmtest with test file on union filesystem, this causes memory fault:

# ./vmtest ./lower/test_file
Memory fault
#

# gdb ./vmtest
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsd"...
(gdb) b mmap
Breakpoint 1 at 0x804867c
(gdb) run ./lower/test_file
Starting program: /home/kmatsuda/./vmtest ./lower/test_file
Breakpoint 1 at 0x4805184e
Breakpoint 1 at 0x480db6b2
Breakpoint 1, 0x480db6b2 in _mmap ()
(gdb) step
Single stepping until exit from function _mmap, 
which has no line number information.
main (argc=2, argv=0xbfbfd878) at vmtest.c:30
30          if (cp == (caddr_t)-1)
(gdb) print cp
$1 = 0x480f3000 <Error reading address 0x480f3000: Bad address>
(gdb) step
32          strcpy(cp, obuf);
(gdb) 

Program received signal SIGSEGV, Segmentation fault.
0x480c5d5a in strcpy ()
(gdb) 

more simply, cmp(1) (which uses mmap()) files on these filesystems.

# mount -t union upper lower
# cmp lower/x lower/y
Memory fault (core dumped)
#

# df /kern
Filesystem  1K-blocks     Used     Avail Capacity  Mounted on
kernfs              1        1         0     100%    /kern
# cmp /kern/boottime /kern/hostname
Memory fault (core dumped)
#

>Fix:
N/A
>Release-Note:
>Audit-Trail:
>Unformatted: