Crash when memset of shared mapped memory in ARM

Wed Nov 16 03:27:59 EST 2011

On Wed, Nov 16, 2011 at 11:05:49AM +0530, naveen yadav wrote:
> Hi All,
> 
> I am running below Test program on ARM cortex a9/a8 on kernel version
> 2.6.35.14 as well as on 3.0.
> 
> Please find the test case where:
> 
> 1. Create shared memory object using shm_open(If we use normal open
> then no problem only problem with shm_open)
> 
> 2. ftruncate to given size
> 
> 3. memory map the shared object to given memory address ( I haved
> tested without MAP_SHARED, MAP_FIXED as well, problem exist)
> 
> 4. Memset the shared memory (got page fault when accessing the second page)
> 
> 
> 
> 
> Observation: Only observed in ARM ( i.e not present in MIPS and X86)

Yes, so, what happens?

> 
> 
> #undef NDEBUG
> #define _GNU_SOURCE
> #include <unistd.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/ipc.h>
> #include <sys/shm.h>
> #include <errno.h>
> #include <pthread.h>
> #include <string.h>
> #include <signal.h>
> #include <fcntl.h>
> #include <sys/types.h>
> #include <sys/mman.h>
> 
> enum {
>  SHM_INIT,
>  SHM_GET
>  };
> 
> enum {
>  PARENT,
>  CHILD
>  };
> 
> #define FIXED_MMAP_ADDR 0x20000000
> #define MMAP_SIZE	0x10000
> 
> static int shmid;
> static char shm_name[100];
> static int sleep_period = 100000;
> void * shmem_init(int flag)
> {	
> 	int start = FIXED_MMAP_ADDR;
> 	int memory_size = MMAP_SIZE;
> 	int mode = 0666;
> 	void *addr;
> 	int ret;
> 	sprintf(shm_name, "/shmem_1234");
> 	shmid = shm_open (shm_name, O_RDWR | O_EXCL | O_CREAT | O_TRUNC, mode);
> 	if (shmid < 0) {
>     		if (errno == EEXIST) {
> 			printf ("shm_open: %s\n", strerror(errno));
>        			shmid = shm_open (shm_name, O_RDWR, mode);
> 
> 		} else {
>     			printf("failed to shm_open, err=%s\n", strerror(errno));
> 			return NULL;
>   		}
> 	}
>   	ret = fcntl (shmid, F_SETFD, FD_CLOEXEC);
>   	if (ret < 0) {
>     		printf("fcntl: %s\n", strerror(errno));
> 		return NULL;
>   	}
> 	ret = ftruncate (shmid, memory_size);
> 	if (ret < 0) {
>     		printf("ftruncate: %s\n", strerror(errno));
> 		return NULL;
>   	}
> 	addr = mmap ((void *)start, memory_size, PROT_READ | PROT_WRITE,
>  			     MAP_SHARED | MAP_FIXED, shmid, 0);
>   	if (addr == MAP_FAILED) {
> 		printf ("mmap: %s\n", strerror(errno));
>      		close (shmid);
>     		shm_unlink (shm_name);
> 		return NULL;
> 	}
> 	
> 	if (flag == SHM_INIT){
> 		printf ("mmap: addr %p\n", addr);
> 		/* memset on arm creates a unhandled page fault, works fine on mips */
> 		memset(addr, 0, memory_size);
> 	}
> 	return (void *)addr;
> }
> 
> pthread_mutex_t * shmem_mutex_init(int flag)
> {
> 	pthread_mutex_t * pmutex = (pthread_mutex_t *)shmem_init(flag);
> #if 0
> 	pthread_mutexattr_t attr;
> 	if (flag == SHM_INIT) {
> 		pthread_mutexattr_init (&attr);
> 		pthread_mutexattr_setpshared (&attr, PTHREAD_PROCESS_SHARED);
> 		pthread_mutexattr_setprotocol (&attr, PTHREAD_PRIO_INHERIT);
> 		pthread_mutexattr_setrobust_np (&attr,
>  						PTHREAD_MUTEX_STALLED_NP);
> 		pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_ERRORCHECK);
> 		if (pthread_mutex_init (pmutex, &attr) != 0) {
>     			printf("Init mutex failed, err=%s\n", strerror(errno));
> 			pthread_mutexattr_destroy (&attr);
> 			return NULL;
> 		}
> 	}
> #endif
> 	return pmutex;
> }
> 
> void long_running_task(int flag)
> {	
> 	static int counter = 0;
> 	if (flag == PARENT)
>  		usleep(5*sleep_period);
> 	else
> 		usleep(3*sleep_period);
> 	counter = (counter + 1) % 100;
> 	printf("%d: completed %d computing\n", getpid(), counter);
> }
> 
> void sig_handler(int signum)
> {
> 	close(shmid);
> 	shm_unlink(shm_name);
> 	exit(0);
> }
> 
> int main(int argc, char *argv[])
> {
> 	pthread_mutex_t *mutex_parent, *mutex_child;
> //	signal(SIGUSR1, sig_handler);
> //	if (fork()) {
> 		/* parent process */
> 		if ((mutex_parent = shmem_mutex_init(SHM_INIT)) == NULL) {
> 			printf("failed to get the shmem_mutex\n");
> 			exit(-1);
> 		}
> #if 0
> 		while (1) {
> 			printf("%d: try to hold the lock\n", getpid());
>  			pthread_mutex_lock(mutex_parent);
> 			printf("%d: got the lock\n", getpid());
>  			long_running_task(PARENT);
> 			pthread_mutex_unlock(mutex_parent);
> 			printf("%d: released the lock\n", getpid());
> 		}
> #endif
> //	} else {
> #if 0
> 		/* child process */
> 		usleep(sleep_period);
> 		if ((mutex_child = shmem_mutex_init(SHM_GET)) == NULL) {
> 			printf("failed to get the shmem_mutex\n");
> 			exit(-1);
> 		}
> 		while (1) {
> 			printf("%d: try to hold the lock\n", getpid());
>  			pthread_mutex_lock(mutex_child);
> 			printf("%d: got the lock\n", getpid());
>  			long_running_task(CHILD);
> 			pthread_mutex_unlock(mutex_child);
> 			printf("%d: released the lock\n", getpid());
> 		}
> #endif
> //	}
> 	return 0;
> }