This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: find_aux_sym triggers a kernel heuristic


On Fri, 2014-03-07 at 17:39 -0800, Josh Stone wrote:
> The gist is that I have an ET_EXEC binary, /usr/bin/ls.  When I call
> dwfl_module_getsymtab -> find_symtab -> find_aux_sym -> open_elf, the
> following heuristic is triggered:
> 
> libdwfl/dwfl_module_getdwarf.c
> 134│   mod->e_type = ehdr->e_type;
> 135│
> 136│   /* Relocatable Linux kernels are ET_EXEC but act like ET_DYN.  */
> 137│   if (mod->e_type == ET_EXEC && file->vaddr != mod->low_addr)
> 138├>    mod->e_type = ET_DYN;
> 
> Here file->vaddr = 0x400020 and mod->low_addr = 0x400000, but this
> certainly is not a kernel, and should not be treated as ET_DYN.

Right, this check doesn't make sense for a debug or aux file. Thanks for
finding this.
 
> Maybe this only needs to add a check that file == &mod->main

Yes, I think that would be the correct thing to do. Both find_dw and
find_symtab call __libdwfl_getelf first. So the main ELF file will
always be loaded through open_elf first. After mod->e_type has been set
it should not be set or changed again by either debug of aux file
opening.

> , but I
> wonder if this heuristic is even needed at all, because report_kernel()
> forcibly sets ET_DYN itself.

There is also dwfl_linux_kernel_report_offline which uses
report_kernel_archive which might report a kernel through
dwfl_report_offline which won't force the mod->e_type.

Cheers,

Mark



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]