Bug 145746 - mmap() system call can return Nil
Summary: mmap() system call can return Nil
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 3.0
Hardware: i686
OS: Linux
medium
low
Target Milestone: ---
Assignee: Rik van Riel
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
: 158879 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-21 00:56 UTC by Geronimo A. Ordanza II
Modified: 2007-11-30 22:07 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-18 13:29:09 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Sample program to illustrate the problem (573 bytes, text/plain)
2005-01-21 01:01 UTC, Geronimo A. Ordanza II
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:294 normal SHIPPED_LIVE Moderate: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 5 2005-05-18 04:00:00 UTC

Description Geronimo A. Ordanza II 2005-01-21 00:56:17 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0

Description of problem:
  
Problem:  mmap() system call can return Nil 
  
 The manual page states that a Nil return is not possible: 
  
------------ Cut Here -------- Cut Here 

 MMAP(2)                    Linux Programmer's Manual                
  MMAP(2) 
  
 NAME 
        mmap, munmap - map or unmap files or devices into memory 
  
 SYNOPSIS 
        #include <sys/mman.h> 
  
        void  *  mmap(void *start, size_t length, int prot , int
flags, int fd, 
        off_t offset); 
  
        int munmap(void *start, size_t length); 
  
 DESCRIPTION 
        The mmap function asks to map length bytes starting  at 
offset  offset 
        from  the  file  (or  other object) specified by the file
descriptor fd 
        into memory, preferably at address start.  This  latter 
address  is  a 
        hint  only,  and is usually specified as 0.  The actual place
where the 
        object is mapped is returned by mmap, and is never 0. 
  
        ... 
  
------------ Cut Here -------- Cut Here 
  
  
 Note the last line:  "... returned by mmap, and is never 0." 
  
 Allowing mmap() to return Nil causes all sorts of problems. 
 Not the least of which de-referencing Nil no longer causes a SEGV. 
 Not a happy state of affairs. 



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Sample program is attached to reproduce the problem
2.
3.
    

Expected Results:  mmap should not return 0 because it never
places a memory mapping at address 0.
mmap returns -1 (the value of the MAP_FAILED
macro) on failure.

Additional info:

Comment 1 Geronimo A. Ordanza II 2005-01-21 01:01:15 UTC
Created attachment 110038 [details]
Sample program to illustrate the problem

Comment 2 Geronimo A. Ordanza II 2005-01-21 01:04:47 UTC
Linking this bugzilla ID to Issue Tracker (ie. 63665)

--gene

Comment 3 Ernie Petrides 2005-02-07 20:30:25 UTC
This has been deemed a kernel bug in the mmap() system call handling.

A fix for this problem was committed to the RHEL3 U5 patch pool last
week on 3-Feb-2005 (in kernel version 2.4.21-27.11.EL).


Comment 4 Tim Powers 2005-05-18 13:29:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-294.html


Comment 5 Ernie Petrides 2005-05-26 21:28:32 UTC
*** Bug 158879 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.