On 08/23/2012 01:19 PM, Andrew Bernat wrote:
>> However, if it really doesn't matter that the mmap is so low, then why
>> not pick somewhere arbitrary for the starting point? The 32-bit case is
>> using loAddr=0x50000000. The 64-bit case could use the same, or choose
>> some other wild loAddr in the huge address space.
>> For that matter, why do you want mmap in specific ranges at all? If you
>> don't care where this ends up, then just mmap(NULL,...) and let the
>> kernel find an open address in a single syscall.
>
> So that we can allocate "close" to original code for instrumentation,
> where "close" means "within branch range". So for 32-bit it doesn't
> matter, since there's a 5-byte jump. For 64-bit it's actually important.
Ah, of course, that makes sense.
Incidentally, another SELinux hit on my plate is allow_execstack. If
this boolean is not enabled, then libdyninstAPI_RT.so is completely
blocked. Now, it's obvious why Dyninst needs to both write and execute
the same memory, but the default security settings are understandably
wary of such games. See:
http://www.akkadia.org/drepper/selinux-mem.html
I'm not certain why Dyninst is triggering execstack rather than execmem,
but anyway...
To avoid these protections, it suggests mapping the same memory at two
locations, once writable and once executable. So this is another thing
I might look into doing for Dyninst, if you're game.
Josh
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}