From: Rusty Russell <rusty@rustcorp.com.au>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: get_user_pages vs mmap MAP_FIXED bug
Date: Mon, 07 May 2007 11:26:44 +1000 [thread overview]
Message-ID: <1178501204.7731.35.camel@localhost.localdomain> (raw)
In-Reply-To: <1178434876.12284.175.camel@localhost.localdomain>
On Sun, 2007-05-06 at 17:01 +1000, Rusty Russell wrote:
> This bug is in 2.6.21-rc7-mm2, but not 2.6.21. Haven't tested
> 2.6.21-mm1 yet.
OK, 2.6.21-mm1 fails too. 2.6.21-git6 ... is fine.
Here's a standalone test using ptrace. No kernel module req'd.
rusty@debussy:~/linux-2.6.21-mm1$ ../examiner
ptrace says 0, child says 0x464c457f
Any clues Andrew? Or should I take your patches and do a binary search?
Cheers,
Rusty.
/* Make with gcc -o examine_mmap examine_mmap.c */
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/ptrace.h>
#include <signal.h>
#include <err.h>
#include <errno.h>
/* Compare ptrace (ie. get_user_pages()) result with what process
* actually sees. */
int main(int argc, char *argv[])
{
long int *p, res1, res2;
int fd, child;
int child2parent[2], parent2child[2];
char c = 0;
pipe(child2parent);
pipe(parent2child);
if ((child = fork()) == 0) {
/* Grab some file to mmap. */
fd = open(argv[0], O_RDONLY);
if (fd < 0)
err(1, "open");
/* Map one page of it at 4096 */
p = (void *)4096;
if (mmap(p, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, fd, 0) != p)
err(1, "mmap");
/* This makes it work. */
if (argc > 1 && strcmp(argv[1], "--touch") == 0)
printf("Before: %p == %li\n", p, *p);
/* Allow parent to trace me. */
if (ptrace(PTRACE_TRACEME, 0, 0, 0) != 0)
err(1, "PTRACE_TRACEME");
/* Tell parent to look at memory, and wait for response. */
write(child2parent[1], &c, 1);
read(parent2child[0], &c, 1);
/* Write what we see to pipe */
write(child2parent[1], p, sizeof(*p));
exit(0);
}
/* Wait for child to be ready. */
read(child2parent[0], &c, 1);
/* Child needs to be stopped. What a POS. */
kill(child, SIGSTOP);
sleep(1);
/* Get ptrace to tell us what the kernel thinks the value is */
res1 = ptrace(PTRACE_PEEKDATA, child, (void *)4096, NULL);
/* Continue the child. */
ptrace(PTRACE_DETACH, child, NULL, NULL);
/* Tell the child to continue. */
write(parent2child[1], &c, 1);
/* Get the child's opinion of what the value is. */
read(child2parent[0], &res2, sizeof(res2));
printf("ptrace says %#lx, child says %#lx\n", res1, res2);
exit(res1 == res2 ? 0 : 1);
}
next prev parent reply other threads:[~2007-05-07 1:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-06 7:01 get_user_pages vs mmap MAP_FIXED bug Rusty Russell
2007-05-07 1:26 ` Rusty Russell [this message]
2007-05-07 3:22 ` Andrew Morton
2007-05-08 7:41 ` Nick Piggin
2007-05-08 23:34 ` Rusty Russell
2007-05-09 0:08 ` Nick Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1178501204.7731.35.camel@localhost.localdomain \
--to=rusty@rustcorp.com.au \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox