SYSCHK(epoll_ctl(epfd, EPOLL_CTL_ADD, fd, &ev));

[hojeezila]

what does this error means? SYSCHK(epoll_ctl(epfd, EPOLL_CTL_ADD, fd, &ev)); this error shows always when I try runing the code on Galaxy S21FE. @0xkol can you explain that to me? or suggest a solution?

[0xkol]

Try issue #5

[hojeezila]

Try issue #5

thank you. the problem solved. can you explain more about implementation of 512 offset error? you said in this #6 issue that the problem is some garbage value in this offset. I'd be grateful if you could explain this issue further . I am very interested to implement this offset for my poco x4 pro. I was wondering if you could clear up the solution for garbage value in this offset by providing more details?

[0xkol]

hi, good to hear that the problem solved. regarding your question - in the 512 offset there's the (obfuscated) slub freelist pointer. you can regard this value as "random" bits. currently, the exploit is taking advantage of the fact that freed memory is not initialized, i.e. the memory value there is 0x00000041, even after it has been freed. this assumption is true in all offsets, except 512, for reasons explained above. this assumption is not mandatory, just how i engineered the exploit. to fix it, you need to enter spin_lock() when the memory is still allocated, free it from another cpu (that's easy), and then fire the timer interrupt on the same cpu that spins. the last step is a bit more tricky, because you can't schedule the timer interrupt while the lock spins (i explained it in the white paper), but it is doable if you engineer the timings correctly. good luck and feel free to submit a pull request if you managed to get it working.