From: Gilles Chanteperdrix <gilles.chanteperdrix@xenomai.org>
To: Jan Kiszka <jan.kiszka@domain.hid>
Cc: "xenomai@xenomai.org" <xenomai@xenomai.org>
Subject: Re: [Xenomai-help] Segmentation fault in rt_printf print thread
Date: Wed, 09 Sep 2009 13:58:35 +0200 [thread overview]
Message-ID: <4AA7986B.8000704@domain.hid> (raw)
In-Reply-To: <4AA794B5.3080403@domain.hid>
[-- Attachment #1: Type: text/plain, Size: 2499 bytes --]
Gilles Chanteperdrix wrote:
> Jan Kiszka wrote:
>> Gilles Chanteperdrix wrote:
>>> Jan Kiszka wrote:
>>>> Christoph Permes wrote:
>>>>> Hi,
>>>>>
>>>>> I've created a patch that provides a workaround for the segmentation
>>>>> fault:
>>>>>
>>>>> --- a/src/rtdk/rt_print.c 2009-05-21 16:34:54.000000000 +0200
>>>>> +++ b/src/rtdk/rt_print.c 2009-09-04 10:09:19.000000000 +0200
>>>>> @@ -40,6 +40,7 @@
>>>>> struct entry_head {
>>>>> FILE *dest;
>>>>> uint32_t seq_no;
>>>>> + uint32_t len;
>>>>> char text[1];
>>>>> } __attribute__((packed));
>>>>>
>>>>> @@ -113,6 +114,7 @@
>>>>> /* Write out empty entry */
>>>>> head = buffer->ring + write_pos;
>>>>> head->seq_no = __seq_no;
>>>>> + head->len = 0;
>>>>> head->text[0] = 0;
>>>>>
>>>>> /* Forward to the ring buffer start */
>>>>> @@ -146,6 +148,7 @@
>>>>> /* If we were able to write some text, finalise the entry */
>>>>> if (len > 0) {
>>>>> head->seq_no = ++__seq_no;
>>>>> + head->len = len;
>>>>> head->dest = stream;
>>>>>
>>>>> /* Move forward by text and head length */
>>>>> @@ -158,6 +161,7 @@
>>>>> /* An empty entry marks the wrap-around */
>>>>> head = buffer->ring + write_pos;
>>>>> head->seq_no = __seq_no;
>>>>> + head->len = 0;
>>>>> head->text[0] = 0;
>>>>>
>>>>> write_pos = 0;
>>>>> @@ -373,7 +377,7 @@
>>>>>
>>>>> read_pos = buffer->read_pos;
>>>>> head = buffer->ring + read_pos;
>>>>> - len = strlen(head->text);
>>>>> + len = head->len;
>>>>>
>>>>> if (len) {
>>>>> /* Print out non-empty entry and proceed */
>>>>>
>>>>> With this patch I get no segfaults anymore, but of course it would be
>>>>> interesting why parts of the ring buffer are overwritten with null
>>>>> characters.
>>>>>
>>>> Frankly, I'm suspecting some issue in your application here - at least
>>>> as long as you do not have some broken-out test case for us...
>>> Would not it be possible to mprotect the rtdk buffer when it is not used
>>> in order to catch any write to it outside of rtdk functions?
>>>
>> Hmm, good idea, should work. Once set up, only rt_vsnprintf requires
>> write access to the ring.
>
> Ok. Here it comes. Note however that calling rt_printf with this patch
> will cause the caller to switch to secondary mode, but that is OK for
> debugging. Also note that I only compile-tested the patch.
Except that the first mprotect should go before the read barrier. So, a
better version.
--
Gilles
[-- Attachment #2: xeno-rtdk-mprotect.2.diff --]
[-- Type: text/x-patch, Size: 1456 bytes --]
diff --git a/src/rtdk/rt_print.c b/src/rtdk/rt_print.c
index 0615247..fd752d1 100644
--- a/src/rtdk/rt_print.c
+++ b/src/rtdk/rt_print.c
@@ -101,6 +101,7 @@ int rt_vfprintf(FILE *stream, const char *format, va_list args)
/* Take a snapshot of the ring buffer state */
write_pos = buffer->write_pos;
read_pos = buffer->read_pos;
+ mprotect(buffer->ring, buffer->size, PROT_READ | PROT_WRITE);
xnarch_read_memory_barrier();
/* Is our write limit the end of the ring buffer? */
@@ -167,6 +168,7 @@ int rt_vfprintf(FILE *stream, const char *format, va_list args)
/* All entry data must be written before we can update write_pos */
xnarch_write_memory_barrier();
+ mprotect(buffer->ring, buffer->size, PROT_READ);
buffer->write_pos = write_pos;
@@ -223,6 +225,7 @@ int rt_print_init(size_t buffer_size, const char *buffer_name)
size = default_buffer_size;
else if (size < RT_PRINT_LINE_BREAK)
return EINVAL;
+ size = (size + getpagesize() - 1) & ~(getpagesize() - 1);
if (buffer) {
/* Only set name if buffer size is unchanged or default */
@@ -237,12 +240,11 @@ int rt_print_init(size_t buffer_size, const char *buffer_name)
if (!buffer)
return ENOMEM;
- buffer->ring = malloc(size);
+ buffer->ring = mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
if (!buffer->ring) {
free(buffer);
return ENOMEM;
}
- memset(buffer->ring, 0, size);
buffer->read_pos = 0;
buffer->write_pos = 0;
prev parent reply other threads:[~2009-09-09 11:58 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-26 8:01 [Xenomai-help] Segmentation fault in rt_printf print thread Christoph Permes
2009-08-26 8:12 ` Gilles Chanteperdrix
2009-08-27 6:24 ` Christoph Permes
2009-08-27 8:24 ` Jan Kiszka
2009-08-27 12:00 ` Christoph Permes
2009-08-28 7:38 ` Jan Kiszka
2009-08-28 8:38 ` Christoph Permes
2009-08-28 9:07 ` Jan Kiszka
2009-08-31 8:09 ` Christoph Permes
2009-09-07 7:35 ` Christoph Permes
2009-09-07 8:43 ` Jan Kiszka
2009-09-07 8:58 ` Gilles Chanteperdrix
2009-09-07 9:17 ` Jan Kiszka
2009-09-09 11:42 ` Gilles Chanteperdrix
2009-09-09 11:58 ` Gilles Chanteperdrix [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AA7986B.8000704@domain.hid \
--to=gilles.chanteperdrix@xenomai.org \
--cc=jan.kiszka@domain.hid \
--cc=xenomai@xenomai.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.