kern/93396: dlopen crash with locked page
Zachary Loafman
zachary.loafman at isilon.com
Fri Jan 4 16:20:03 PST 2008
The following reply was made to PR kern/93396; it has been noted by GNATS.
From: "Zachary Loafman" <zachary.loafman at isilon.com>
To: <bug-followup at FreeBSD.org>,
<fabien.thomas at netasq.com>
Cc:
Subject: Re: kern/93396: dlopen crash with locked page
Date: Fri, 4 Jan 2008 15:59:05 -0800
I debugged this issue a bit further before checking the FreeBSD PR
database. The fault in question ends up in this patch of code in
vm_map_lookup:
if ((entry->eflags & MAP_ENTRY_USER_WIRED) &&
(entry->eflags & MAP_ENTRY_COW) &&
(fault_type & VM_PROT_WRITE) &&
(fault_typea & VM_PROT_OVERRIDE_WRITE) =3D=3D 0) {
RETURN(KERN_PROTECTION_FAILURE);
}
I can't discern why this check in vm_map_lookup even exists, but it
borks RTLD completely after mlockall is called. Specifically, it breaks
map_object, which does an mprotect to make the last page of a segment
writable then tries to do a memset to test it, resulting in the crash
above.
More information about the freebsd-bugs
mailing list