From mboxrd@z Thu Jan  1 00:00:00 1970
MIME-Version: 1.0
From: Venkatesh Srinivas <me@acm.jhu.edu>
Date: Thu, 24 Sep 2009 23:33:52 -0400
Message-ID: <f75780240909242033k11fb23a0o237f7dbedf9a7bee@mail.gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Type: text/plain; charset=UTF-8
Subject: [9fans] segattach off-by-one?
Topicbox-Message-UUID: 77453bb6-ead5-11e9-9d60-3106f5b1d025

Hi,

This little program:

#include <u.h>
#include <libc.h>
#define SEGBASE ((char *) 0x10001001)
#define SEGSIZE 0x1000

void main(void) {
   segattach(0, "shared", SEGBASE, SEGSIZE);
   // Works fine (writing to 0x10001fff)
   *(char *) (SEGBASE + SEGSIZE - 2) = 'a';
   // Suicide! (writing to 0x10002000)
   *(char *) (SEGBASE + SEGSIZE - 1) = 'a';
}

However, segattach's manpage claims: "... and va+len is rounded up."
Shouldn't the second page here be mapped?

I propose this patch to /sys/src/9/port/segment.c::
--- segment.c.orig	2009-09-24 22:41:59.000000000 -0400
+++ segment.c	2009-09-24 22:38:25.000000000 -0400
@@ -641,6 +641,11 @@
 	int sno;
 	Segment *s, *os;
 	Physseg *ps;
+	ulong ova;
+
+	ova = va;
+	va = va&~(BY2PG-1);
+	len += (ova - va);

 	if(va != 0 && va >= USTKTOP)
 		error(Ebadarg);

This patch also prevents segattaching to the zero page, which I think
was worth doing...

Could people try this? Comments?

Thanks,
-- vs