[Bug 160284] bad mmap causes cores in KPCMemoryDevice

Michael Pyne mpyne at purinchu.net
Sun Jun 1 08:08:47 CEST 2008


------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=160284         




------- Additional Comments From mpyne purinchu net  2008-06-01 08:08 -------
I've constructed a couple of test cases to explore the behavior of mmap.  I can reliably reproduce SIGBUS if I truncate the shared file.  However, if I do nothing but unlink the shared file then everything continues as normal.

So, I think that the source of the problem may be the info->file->resize() call in ::invalidateMmapFiles().  If the new size is less than the old size we have effectively truncated the file and any shared memory accesses in that last part of the file should crash with SIGBUS.

Sebastian, do you still get crashes if you apply my alignment fix patch but not your changes to cache deletion, but in addition change line 459 from:

if (!info->file->resize(info->available)) {

to
if (info->file->size() < newsize && !info->file->resize(info->available)) {

Note that you will have to uncomment the #define USE_MMAP near the top if you are using the latest kdelibs.

We may of course still have to fix cache deletion.  If you continue to get crashes we could possibly use POSIX shm (shm_open and shm_unlink) which explicitly requires that shared memory last after an unlink until all processes have unmapped the memory regions.

Either way it looks like we may not have to handle SIGBUS as a matter of course after all which is reassuring, especially as there's not too many alternatives.  (SysV IPC is absolutely not an alternative...)I've constructed a couple of test cases to explore the behavior of mmap.  I can reliably reproduce SIGBUS if I truncate the shared file.  However, if I do nothing but unlink the shared file then everything continues as normal.

So, I think that the source of the problem may be the info->file->resize() call in ::invalidateMmapFiles().  If the new size is less than the old size we have effectively truncated the file and any shared memory accesses in that last part of the file should crash with SIGBUS.

Sebastian, do you still get crashes if you apply my alignment fix patch but not your changes to cache deletion, but in addition change line 459 from:

if (!info->file->resize(info->available)) {

to
if (info->file->size() < newsize && !info->file->resize(info->available)) {

Note that you will have to uncomment the #define USE_MMAP near the top if you are using the latest kdelibs.

We may of course still have to fix cache deletion.  If you continue to get crashes we could possibly use POSIX shm (shm_open and shm_unlink) which explicitly requires that shared memory last after an unlink until all processes have unmapped the memory regions.

Either way it looks like we may not have to handle SIGBUS as a matter of course after all which is reassuring, especially as there's not too many alternatives.  (SysV IPC is absolutely not an alternative...)


More information about the Kdelibs-bugs mailing list