Ptrace allows to write to executable program segment, but process_vm_writev doesn't

Question

While experimenting with editing opcodes of running process on Linux with C language, I found out that I can't to edit program opcodes by PID with process_vm_writev, but using ptrace and pwrite I can do it. process_vm_writev returns -1 and errno says "Bad address". But when I use ptrace with same address it successes. I run program as root. Is it an issue of GNU/Linux and should I open an issue on GitHub? Code for process_vm_writev (without includes to be short):

ssize_t write_pmem(pid_t pid, off_t addr, void* value, size_t size) {
    struct iovec local[1];
    local[0].iov_base = value;
    local[0].iov_len = size;
    struct iovec remote[1];
    remote[0].iov_base = (void*)addr;
    remote[0].iov_len = size;

    return process_vm_writev(pid, local, 1, remote, 1, 0);
}

int main() {
    pid_t pid;
    off_t opcode_ptr = 0x45B5A7;

    printf("PID: ");
    scanf("%d", &pid);

    char nops[5] = {0x90, 0x90, 0x90, 0x90, 0x90};
    ssize_t res = write_pmem(pid, opcode_ptr, &nops, sizeof(nops));

    printf("%ld\n%s", res, strerror(errno));
    /* and it prints:
       -1
       Bad address */
    return 0;
}

/proc/PID/maps says that 0x45B5A7 is 00406000-004f0000 r-xp 00006000 for that process (no write rights) but I think it's still writable for the root.

I want to use new process_vm Linux API, so I want to fix that code. Any ideas?

Answer 1

The reason it works with ptrace but not with process_vm_writev is that ptrace writes to memory in the kernel and the kernel uses a different page table with different access permissions than the usermode process. Whereas process_vm_writev copies bytes from one userspace address space to another using the usermode page tables.