Wednesday, July 20, 2011

Off-by-page error while unmapping

There was the interesting bug with the code I posted recently. Here is the excerpt from the fs/binfmt_elf.c: 
270  static unsigned long elf_map(struct file *filep, unsigned long addr,
   271                  struct elf_phdr *eppnt, int prot, int type)
   272  {
   273          unsigned long map_addr;
   274          unsigned long pageoffset = ELF_PAGEOFFSET(eppnt->p_vaddr);
       
   275          down_write(¤t->mm->mmap_sem);
   276          /* mmap() will return -EINVAL if given a zero size, but a
   277           * segment with zero filesize is perfectly valid */
   278          if (eppnt->p_filesz + pageoffset)
   279                  map_addr = do_mmap(filep, ELF_PAGESTART(addr),
   280                                     eppnt->p_filesz + pageoffset,
                                           prot, type,
   281                                     eppnt->p_offset - pageoffset);
Then I tried to munmap the process' segments I did munmap(p_vaddr & 0xffff000, (p_filesz + 4095) & ~4095) And this was wrong, sometimes this produced off-by-page off-by-one error. When I replaced my alignment code with rewritten ELF_PAGESTART/ELF_PAGEOFFSET stuff all became ok.
Posted by herm1t at 10:56 PM
Labels: , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)