On Fri, Aug 22, 2008 at 08:06:15PM +0300, Andy Shevchenko wrote: > On Fri, Aug 22, 2008 at 7:35 PM, David Holland > <dholland-tech%netbsd.org@localhost> wrote: > > Your test program exhibits undefined behavior because it asks the > > kernel to dereference an invalid pointer. EFAULT is therefore a > > perfectly legitimate result. > For what function? rc = fcntl(fd, -2, 0); > I could agree if the called function is <a function with a pointer as > main arg>, f.e. > (I think the main argument for fcntl() may be file descriptor, or FD > and command pair.) There are two things wrong with that command. EFAULT is telling you about one of them. If you really care about a specific error code, make sure you have only one specific error in your invocation. One of the other things that is going on is that we have an extension to fnctl which directs half of the command integer space to the file system hosting the file descriptor. -2 is in that number space. Commands in this number space are treated exactly like ioctl commands, except that they are directed to the underlying file system as opposed to a device driver. This fd is for /dev/null. ioctl() calls go to the device driver, but fnctl() calls go to the ffs on which the device node /dev/null exists. Thus the fnctl code doesn't know that -2 is invalid. So it tries to read in the data at NULL. -2 happens to be in the number space that would be a read-write operation, and would copy I think it is 4095 bytes of data. So we then copy in data from NULL, and generate the fault. You'll have more luck getting the results you want testing operation codes 2147483647 and below. Take care, Bill
Attachment:
pgpF1X8GvFJD3.pgp
Description: PGP signature