Hi, The following code: 1 char *mm_mem; 2 mm_mem = mmap (0, pagesize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0); 3 mm_mem[0] = 'a'; 4 mprotect (mm_mem, pagesize, PROT_NONE) != 0 5 mm_mem[0] = 'b'; shows two bugs on Mac OS X 10.2.4 (xnu-344.26): 1. mmap (line 2) seems to ignore the protection flags given to it; it always assumes (at least) PROT_READ|PROT_WRITE even though I've explicitly specified PROT_NONE. Line 3 executes without an error, even though it should return a SIGSEGV. Which leads me to the more serious bug #2 ... 2. When line 5 is executed, the kernel should raise a SIGSEGV. Instead, a SIGBUS is raised. This is important because various libraries will install a SIGSEGV signal handler to intercept the segmentation fault, and won't be expecting a SIGBUS. I have feeling that the following diff to xnu-10 is a start to solving the problem, and may even be sufficient: --- ./bsd/uxkern/ux_exception.c.old Tue Apr 1 22:52:52 2003 +++ ./bsd/uxkern/ux_exception.c Tue Apr 1 22:53:39 2003 @@ -277,7 +277,8 @@ switch(exception) { case EXC_BAD_ACCESS: - if (code == KERN_INVALID_ADDRESS) + if (code == KERN_INVALID_ADDRESS || + code == KERN_PROTECTION_FAILURE) *ux_signal = SIGSEGV; else *ux_signal = SIGBUS; However, I can't actually test this because I'm running Mac OS X 10.2.4, and the 10.2.4 kernel (xnu-344.26) isn't up on the Apple CVS servers yet :(. Is there a temporary workaround for this bug? I need to install a SIGSEGV signal handler for the mmap'ed region so that I can flip the protection bits, enable PROT_READ for the faulting address and then restart execution of the program. This works fine on Linux and seems to be POSIX behaviour; I can provide code examples if needed. Thanks, -- % Andre Pang : just.your.average.bounty.hunter _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.