2

I was trying to understand the maps in the /proc file system in Linux. I observed that every shared file was mapped 4 times, with different offsets and permissions. I concluded that these must be the different sections in the ELF and hence are mapped differently (.text, .data, .rodata, etc).

But what was surprising is that two of the mappings always had the same offset in the file. Consider the example - 

7fb8eebd6000-7fb8eebe0000 r-xp 00000000 08:06 3285700 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb8eebe0000-7fb8eeddf000 ---p 0000a000 08:06 3285700 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb8eeddf000-7fb8eede0000 r--p 00009000 08:06 3285700 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb8eede0000-7fb8eede1000 rw-p 0000a000 08:06 3285700 /lib/x86_64-linux-gnu/libnss_files-2.19.so

The 2nd and the 4th entry is mapped at the same offset in the file with different permissions. Upon running objdump --headers on the mentioned .so file, file offset 0xa000 seems to the .got.plt section. 

24 .got.plt      00000160  000000000020a000  000000000020a000  0000a000  2**3
                 CONTENTS, ALLOC, LOAD, DATA

Can some one throw light on why it is mapped twice?

I know about the PLT table that it is patched the first time the function is visited, and hence might need a write permission, but why another mapping without any read/write permissions?

Edit: I checked a few other shared library mappings and it is not the .got.plt section that is mapped twice. But there is always one section that is mapped twice and the double mapping always has the ---p permissions.

Joseph Sible-Reinstate Monica
  • 45,431
  • 5
  • 48
  • 98
Ajay Brahmakshatriya
  • 8,993
  • 3
  • 26
  • 49
  • I expect it's mapped with copy-on-write. So the second mapping is the copy. – Barmar Jul 11 '18 at 18:35
  • @Barmar I understand that it must be a CoW, but the virtual addresses for both the entries are different. Why have the first one at all? It doesn't even have read permissions on it. – Ajay Brahmakshatriya Jul 11 '18 at 18:41
  • Haven't read it yet, but [this](https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html) may be helpful. – Barmar Jul 11 '18 at 18:47
  • @Barmar read that just a few minutes ago. Doesn't mention anything about the double mappings. Actually I checked a few other libraries. It is not the `.got.plt` that is double mapped always. Some times it is some other section. But there is always one section double mapped and always it is with `---p`. permissions. I will edit the question and add this. – Ajay Brahmakshatriya Jul 11 '18 at 18:49
  • You might get a response by posting this on [unix.se]. – Barmar Jul 12 '18 at 14:57

0 Answers0