NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > OpenBSD Security> 2004-02

Re: mmap semantics (kernel/975)

From: Tobias Oberstein (tobias.obersteingmx.de)
Date: Mon Feb 02 2004 - 06:55:55 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

the test program that comes with the bug report succeeds on obsd-3.3
if one unmaps the mapped file before remapping it a second time by
including the line

..
fsync(fd);

=> munmap(base_shared, 10000);

    base_private = mmap((caddr_t)0, 8, PROT_READ,
                      MAP_PRIVATE | MAP_FILE,
                      fd, 0L);
    ..

just before the second "mmap".

on my stock linux 2.4.21, the test program succeeds with AND without
the "munmap".

i've researched the latest Posix standard on the required semantics
for this situation. i know this might not apply if obsd does not make
posix claims. anyway. details:

"MAP_SHARED and MAP_PRIVATE describe the disposition of write
references to the memory object. If MAP_SHARED is specified, write
references shall change the underlying object. If MAP_PRIVATE is
specified, modifications to the mapped data by the calling process
shall be visible only to the calling process and shall not change
the underlying object. It is unspecified whether modifications to
the underlying object done after the MAP_PRIVATE mapping is established
are visible through the MAP_PRIVATE mapping."

IEEE Std 1003.1, 2003 Edition
http://www.opengroup.org/onlinepubs/007904975/functions/mmap.html

So, without the second mmap, the standard leaves the semantics
unspecified. On both my obsd and linux, without the second mmap,
the changes will NOT show up. The difference is when including the
second mmap. From my understanding, in that case the standard is
clear:

"The mapping established by mmap() shall replace any previous mappings
for those whole pages containing any part of the address space of the
process starting at pa and continuing for len bytes."

That is, the second mmap "shall" replace the first, and thus the
changes "shall" show up. OK. I'm puzzled what they mean by "shall";)
Does it actually mean "must"? If not, what's the difference between
they speaking of "shall" and "left unspecified". Puh.

tobias

> -----Ursprüngliche Nachricht-----
> Von: owner-miscopenbsd.org [mailto:owner-miscopenbsd.org]Im Auftrag
> von Tobias Oberstein
> Gesendet: Montag, 2. Februar 2004 12:47
> An: miscopenbsd.org
> Betreff: mmap semantics (kernel/975)
>
>
> >Number: 975
> >Category: kernel
> >Synopsis: mmap does not detect file changes.
>
> from gnats i've learned that "kernel/975" is closed
> since 2001. the comment even says it is fixed.
>
> however, on my obsd-3.3-release w/ softupdates enabled,
> the test program fails.
>
> am i missing something?
>
> tobias

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]