Subject: kern/13189: lost data on mmapped page
To: None <gnats-bugs@gnats.netbsd.org>
From: Atsushi Onoe <onoe@sm.sony.co.jp>
List: netbsd-bugs
Date: 06/14/2001 03:10:40
>Number: 13189
>Category: kern
>Synopsis: lost data on mmapp'ed page
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jun 13 11:39:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Atsushi Onoe
>Release: NetBSD-current 010607
>Organization:
Sony Corporation
>Environment:
System: NetBSD duplo.sm.sony.co.jp 1.5W NetBSD 1.5W (DUPLO) #422: Wed Jun 13 01:41:29 JST 2001 onoe@duplo.sm.sony.co.jp:/work/netbsd/obj/DUPLO i386
Architecture: i386
Machine: i386
>Description:
The data on mmaped page is not written to the file system if the
following conditions are met:
- the physical disk block is not allocated (i.e. hole)
- read fault occurs first for the page (read before write)
Once the mapped page is freed, the data is lost forever.
>How-To-Repeat:
Attached sample program fails to read the written data on current.
% uname -a
NetBSD duplo.sm.sony.co.jp 1.5W NetBSD 1.5W (DUPLO) #422: Wed Jun 13 01:41:29 JST 2001 onoe@duplo.sm.sony.co.jp:/work/netbsd/obj/DUPLO i386
% ./a.out
a.out: corrupted: off 0x0 data 0x0
% ls -ls testfile
24 -rw-r--r-- 1 onoe wheel 134217728 Jun 14 02:40 testfile
While it succeeds on 1.5.1.
% uname -a
NetBSD duplo.sm.sony.co.jp 1.5.1_BETA2 NetBSD 1.5.1_BETA2 (DUPLO) #21: Sun Jun 3 16:59:44 PDT 2001 onoe@duplo.sm.sony.co.jp:/work/netbsd/15/obj/DUPLO
% ./a.out
test ok
% ls -ls testfile
131144 -rw-r--r-- 1 onoe wheel 134217728 Jun 14 02:33 testfile
/*----------------------------------------------------------------------*/
#include <sys/types.h>
#include <sys/mman.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#define FNAME "testfile"
#define FSIZE (128*1024*1024) /* total physical memory */
#define PSIZE 4096 /* page size */
main()
{
int fd, off;
u_char *p;
if ((fd = open(FNAME, O_RDWR | O_CREAT | O_TRUNC, 0666)) < 0)
err(1, "open: %s", FNAME);
if (ftruncate(fd, FSIZE) < 0)
err(1, "ftruncate: 0x%x", FSIZE);
p = mmap(NULL, FSIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
if (p == MAP_FAILED)
err(1, "mmap");
for (off = 0; off < FSIZE; off += PSIZE) {
if (p[off])
break;
p[off] = 'a';
}
for (off = 0; off < FSIZE; off += PSIZE) {
if (p[off] != 'a')
errx(2, "corrupted: off 0x%x data 0x%x", off, p[off]);
}
printf("test ok\n");
exit(0);
}
/*----------------------------------------------------------------------*/
>Fix:
none provided.
>Release-Note:
>Audit-Trail:
>Unformatted: