[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
panic: pmap_page_protect removing a wired page
|
From: |
Justus Winter |
|
Subject: |
panic: pmap_page_protect removing a wired page |
|
Date: |
Sun, 02 Oct 2016 14:09:02 +0200 |
Hello,
we spoke briefly in #hurd about a problem with wired memory I
encountered during my work on the malleable syscall interface. I
managed to create a more minimal test case. The attached program
crashes stock Mach kernels as packaged by Debian.
Cheers,
Justus
signature.asc
Description: PGP signature
#define _GNU_SOURCE
#include <assert.h>
#include <fcntl.h>
#include <hurd.h>
#include <device/device.h>
#include <errno.h>
#include <error.h>
#include <stdio.h>
#include <unistd.h>
/* Verbatim copy, s/VM_INHERIT_NONE/VM_INHERIT_SHARE/ */
error_t
maptime_map (int use_mach_dev, char *dev_name,
volatile struct mapped_time_value **mtime)
{
error_t err;
mach_port_t memobj;
if (use_mach_dev)
{
device_t device;
mach_port_t device_master;
err = get_privileged_ports (0, &device_master);
if (err)
return err;
err = device_open (device_master, 0, dev_name ?: "time", &device);
mach_port_deallocate (mach_task_self (), device_master);
if (err)
return err;
err = device_map (device, VM_PROT_READ, 0, sizeof *mtime, &memobj, 0);
/* Deallocate the device port. The mapping is independent of
this port. */
mach_port_deallocate (mach_task_self (), device);
}
else
{
mach_port_t wr_memobj;
file_t node = file_name_lookup (dev_name ?: "/dev/time", O_RDONLY, 0);
if (node == MACH_PORT_NULL)
return errno;
err = io_map (node, &memobj, &wr_memobj);
if (!err && wr_memobj != MACH_PORT_NULL)
mach_port_deallocate (mach_task_self (), wr_memobj);
mach_port_deallocate (mach_task_self (), node);
}
if (! err)
{
*mtime = 0;
err =
vm_map (mach_task_self (), (vm_address_t *)mtime, sizeof *mtime, 0, 1,
memobj, 0, 0, VM_PROT_READ, VM_PROT_READ, VM_INHERIT_SHARE);
mach_port_deallocate (mach_task_self (), memobj);
}
return err;
}
int
main ()
{
error_t err;
volatile struct mapped_time_value *mtime;
err = maptime_map (0, NULL, &mtime);
assert_perror (err);
fprintf (stderr, "%d\n", fork ());
return 0;
}
root@debian:~# ./pmap-assertion
681
panic: pmap_page_protect removing a wired page
Debugger invoked: panic
Kernel Breakpoint trap, eip 0xc1020314
Stopped at Debugger+0x13: int $3
Debugger(c10dfbec,0,f5cb8e2c,0,f9a3fbe0)+0x13
panic(c10e2380,f48439a0,f5cb8e4c,c101b47f,399c3)+0x79
pmap_page_protect(399d3000,0,f42db0b8,1,f40dfab8)+0x217
vm_object_pmap_remove(f9a3fbe0,0,1000,f5cb8ee0)+0x46
vm_map_entry_delete(f9a43510,f4843108,f5cb8f00,f5cb8f50,c1052466)+0x105
vm_map_delete(f9a43510,0,c0000000,f8c0c000,f54c2a90)+0x100
vm_map_deallocate.part.5(f5f80248,c1146920,f5cb8f6c,c102a73e,f9a43510)+0x1e
vm_map_deallocate(f9a43510,f5f80248,803,f54c2a90,f54c2a90)+0x25
task_deallocate(f5f80248,f54c2a90,f5cb8f9c,c102b7e5)+0x4e
thread_deallocate(f54c2a90,1,803,c102bcdd,1)+0x197
reaper_thread_continue(f99d0ce8,f99d2c00,f5cb8ec0,f5cb8ef8,f5f80248)+0x33
>>>>> user space <<<<<
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- panic: pmap_page_protect removing a wired page,
Justus Winter <=