Something about EPO

$ ./date
Fri Jul 22 [ Entering tracer
Work's done.

Virus is OK!] 14:48:38 EEST 2011

nevertheless would be released in EOF#3 ;-)

Off-by-page error while unmapping

There was the interesting bug with the code I posted recently. Here is the excerpt from the fs/binfmt_elf.c:

270  static unsigned long elf_map(struct file *filep, unsigned long addr,
   271                  struct elf_phdr *eppnt, int prot, int type)
   272  {
   273          unsigned long map_addr;
   274          unsigned long pageoffset = ELF_PAGEOFFSET(eppnt->p_vaddr);
       
   275          down_write(¤t->mm->mmap_sem);
   276          /* mmap() will return -EINVAL if given a zero size, but a
   277           * segment with zero filesize is perfectly valid */
   278          if (eppnt->p_filesz + pageoffset)
   279                  map_addr = do_mmap(filep, ELF_PAGESTART(addr),
   280                                     eppnt->p_filesz + pageoffset,
                                           prot, type,
   281                                     eppnt->p_offset - pageoffset);

Then I tried to munmap the process' segments I did munmap(p_vaddr & 0xffff000, (p_filesz + 4095) & ~4095) And this was wrong, sometimes this produced off-by-page off-by-one error. When I replaced my alignment code with rewritten ELF_PAGESTART/ELF_PAGEOFFSET stuff all became ok.

Pasting posts from the past

I have another blog (in russian) and I will post some of the posts from there. It will take some time. There are a lot of posts and not all of them are worth to re-post, not saying that I need to translate it first. But I will drag some here from time to time.

Writing to executable (and currently running) file

If you are trying to write to the currently executing file, like this:

open(argv[0], O_RDWR);

You will get the ETXTBSY error. It seems that the only way to do is to unmap all process memory (both text and data):