Date: Wed, 4 Dec 2002 11:59:01 -0800 (PST) From: Archie Cobbs <archie@packetdesign.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/45994: Pages marked read-only via mprotect() are zeroed in core files Message-ID: <200212041959.gB4Jx15C068577@bubba.packetdesign.com>
next in thread | raw e-mail | index | archive | help
>Number: 45994
>Category: kern
>Synopsis: Pages marked read-only via mprotect() are zeroed in core files
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Dec 04 12:00:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Archie Cobbs
>Release: FreeBSD 4.7-PRERELEASE i386
>Organization:
Packet Design
>Environment:
FYI this also happens on -current.
System: FreeBSD bubba.packetdesign.com 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #0: Sat Sep 14 10:55:14 PDT 2002 archie@bubba.packetdesign.com:/usr/obj/usr/src/sys/BUBBA i386
>Description:
Program marks a page read-only via mprotect(2).
Program gets a fatal signal and dumps core.
GDB is then run on the core file.
Problem: the mprotected()'ed page is all zeroes, even though
the page had non-zero contents when the program was actually
running.
If the program is run directly under GDB, this does not happen.
>How-To-Repeat:
$ cat > mprotect.c
#include <stdlib.h>
#include <stdio.h>
#include <signal.h>
#include <err.h>
#include <sys/types.h>
#include <sys/mman.h>
#define PGPROTECT 4096
static char buf[PGPROTECT+1] __attribute__ ((aligned(PGPROTECT)));
static void
sighandler(int signum)
{
switch (signum) {
case SIGBUS:
case SIGSEGV:
#if 0
/* Uncomment this and buf is dumped properly in the core file */
if (mprotect(buf, PGPROTECT, PROT_READ | PROT_WRITE) == -1)
err(1, "mprotect");
#endif
abort();
}
}
int
main(int argc, char *argv[])
{
int prot_mode = PROT_READ;
int len;
signal(SIGBUS, sighandler);
signal(SIGSEGV, sighandler);
strcpy(buf, "This is a test");
len = strlen(buf);
if (mprotect(buf, PGPROTECT, prot_mode) == -1)
err(1, "mprotect(PROT_READ)");
printf("buf: %s\n", buf);
buf[len] = '!';
printf("buf: %s\n", buf);
return (0);
}
^D
$ cc -g -Wall -o mprotect mprotect.c
$ ./mprotect
buf: This is a test
Abort(core dumped)
$ gdb mprotect mprotect.core
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in elfstab_build_psymtabs
Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf
Core was generated by `mprotect'.
Program terminated with signal 6, Abort trap.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0 0x2809c50c in kill () from /usr/lib/libc.so.4
(gdb) x/16b buf
0x804b000 <buf>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x804b008 <buf+8>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
(gdb)
>Fix:
Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212041959.gB4Jx15C068577>