Crash when memset of shared mapped memory in ARM

naveen yadav yad.naveen at gmail.com
Wed Nov 16 00:35:49 EST 2011


Hi All,

I am running below Test program on ARM cortex a9/a8 on kernel version
2.6.35.14 as well as on 3.0.

Please find the test case where:

1. Create shared memory object using shm_open(If we use normal open
then no problem only problem with shm_open)

2. ftruncate to given size

3. memory map the shared object to given memory address ( I haved
tested without MAP_SHARED, MAP_FIXED as well, problem exist)

4. Memset the shared memory (got page fault when accessing the second page)




Observation: Only observed in ARM ( i.e not present in MIPS and X86)


#undef NDEBUG
#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <errno.h>
#include <pthread.h>
#include <string.h>
#include <signal.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/mman.h>

enum {
 SHM_INIT,
 SHM_GET
 };

enum {
 PARENT,
 CHILD
 };

#define FIXED_MMAP_ADDR 0x20000000
#define MMAP_SIZE	0x10000

static int shmid;
static char shm_name[100];
static int sleep_period = 100000;
void * shmem_init(int flag)
{	
	int start = FIXED_MMAP_ADDR;
	int memory_size = MMAP_SIZE;
	int mode = 0666;
	void *addr;
	int ret;
	sprintf(shm_name, "/shmem_1234");
	shmid = shm_open (shm_name, O_RDWR | O_EXCL | O_CREAT | O_TRUNC, mode);
	if (shmid < 0) {
    		if (errno == EEXIST) {
			printf ("shm_open: %s\n", strerror(errno));
       			shmid = shm_open (shm_name, O_RDWR, mode);

		} else {
    			printf("failed to shm_open, err=%s\n", strerror(errno));
			return NULL;
  		}
	}
  	ret = fcntl (shmid, F_SETFD, FD_CLOEXEC);
  	if (ret < 0) {
    		printf("fcntl: %s\n", strerror(errno));
		return NULL;
  	}
	ret = ftruncate (shmid, memory_size);
	if (ret < 0) {
    		printf("ftruncate: %s\n", strerror(errno));
		return NULL;
  	}
	addr = mmap ((void *)start, memory_size, PROT_READ | PROT_WRITE,
 			     MAP_SHARED | MAP_FIXED, shmid, 0);
  	if (addr == MAP_FAILED) {
		printf ("mmap: %s\n", strerror(errno));
     		close (shmid);
    		shm_unlink (shm_name);
		return NULL;
	}
	
	if (flag == SHM_INIT){
		printf ("mmap: addr %p\n", addr);
		/* memset on arm creates a unhandled page fault, works fine on mips */
		memset(addr, 0, memory_size);
	}
	return (void *)addr;
}

pthread_mutex_t * shmem_mutex_init(int flag)
{
	pthread_mutex_t * pmutex = (pthread_mutex_t *)shmem_init(flag);
#if 0
	pthread_mutexattr_t attr;
	if (flag == SHM_INIT) {
		pthread_mutexattr_init (&attr);
		pthread_mutexattr_setpshared (&attr, PTHREAD_PROCESS_SHARED);
		pthread_mutexattr_setprotocol (&attr, PTHREAD_PRIO_INHERIT);
		pthread_mutexattr_setrobust_np (&attr,
 						PTHREAD_MUTEX_STALLED_NP);
		pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_ERRORCHECK);
		if (pthread_mutex_init (pmutex, &attr) != 0) {
    			printf("Init mutex failed, err=%s\n", strerror(errno));
			pthread_mutexattr_destroy (&attr);
			return NULL;
		}
	}
#endif
	return pmutex;
}

void long_running_task(int flag)
{	
	static int counter = 0;
	if (flag == PARENT)
 		usleep(5*sleep_period);
	else
		usleep(3*sleep_period);
	counter = (counter + 1) % 100;
	printf("%d: completed %d computing\n", getpid(), counter);
}

void sig_handler(int signum)
{
	close(shmid);
	shm_unlink(shm_name);
	exit(0);
}

int main(int argc, char *argv[])
{
	pthread_mutex_t *mutex_parent, *mutex_child;
//	signal(SIGUSR1, sig_handler);
//	if (fork()) {
		/* parent process */
		if ((mutex_parent = shmem_mutex_init(SHM_INIT)) == NULL) {
			printf("failed to get the shmem_mutex\n");
			exit(-1);
		}
#if 0
		while (1) {
			printf("%d: try to hold the lock\n", getpid());
 			pthread_mutex_lock(mutex_parent);
			printf("%d: got the lock\n", getpid());
 			long_running_task(PARENT);
			pthread_mutex_unlock(mutex_parent);
			printf("%d: released the lock\n", getpid());
		}
#endif
//	} else {
#if 0
		/* child process */
		usleep(sleep_period);
		if ((mutex_child = shmem_mutex_init(SHM_GET)) == NULL) {
			printf("failed to get the shmem_mutex\n");
			exit(-1);
		}
		while (1) {
			printf("%d: try to hold the lock\n", getpid());
 			pthread_mutex_lock(mutex_child);
			printf("%d: got the lock\n", getpid());
 			long_running_task(CHILD);
			pthread_mutex_unlock(mutex_child);
			printf("%d: released the lock\n", getpid());
		}
#endif
//	}
	return 0;
}



More information about the linux-arm-kernel mailing list