I'm using the mmap mechanism to pass data between drvr and user-space app. Drvr sets up memory and vma hooks(__get_free_pages, etc..) as described in Rubini&Corbet's vma-mmap chapter. App opens the device then calls mmap(0, MY_MMAP_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0)...
I created a simple test app (because the more involved real app crashes too):
- open device,
- mmap,
- read/write the whole mapped memory,
- sleep 5 secs,
- wake up and cause an intentional segmentation fault.
At this point, my drvr's vma-op-close and file-close are called in sequence. I hold on to shared memory and do a memset of the whole shared memory. Up to this point everything seems ok.
Then the kernel crashes in the following scenario: I manually restart the app quickly at the shell -- "./test-app &". When the app is up a 2nd time and comes to the end of the above test sequence of mmap, r/w mem, ... the kernel dumps w/ "Unable to handle paging request at virtual address 00000000, ...... Oops in fault.c:do_page_fault, line 204".
The kernel does NOT crash in the following 2 scenarios:
- If I waited at least something like 15 seconds before restarting. (NOTE: I get kernel dump w/ the real app on 2nd restart no matter how it's restarted.)
- If I restarted the test app in the foreground -- "./test-app".
Can anyone help me understand what's going on? Does kernel automatically cleanup for mmap on app faults (manpage say region is release when process is terminated)? The drvr needs to explicitly clean up vma? The objective is for the drvr to recover from app faults. Thanx. RM