This is the mail archive of the mailing list for the elfutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch 0/3] Live PIDs with deleted files by /dev/PID/mem

On Tue, 2014-02-25 at 23:03 +0100, Mark Wielaard wrote:
> On Sat, 2014-02-22 at 22:08 +0100, Jan Kratochvil wrote:
> > This patchset (/dev/PID/mem solution) works only on recent Linux kernels
> > (tested kernel-3.13.3-201.fc20.x86_64) as older kernels (RHEL-6) required
> > PTRACE_ATTACHed PID to read its /dev/PID/mem.  This patch does not try to
> > workaround older kernels by doing PTRACE_ATTACH.
> I had something somewhat working using ptrace attach and the
> elf_from_remote_memory that we are already using for getting access to
> the vdso. But I had trouble with the alignment requirements not always
> working and there was the issue of how to pass through the pid of the
> process from the report callback to the find_elf callback. I'll see if I
> can make that work using your approach and then we can maybe use that as
> fallback when direct access doesn't work on older kernels.

There was one obvious typo in elf_from_remote_memory that I just checked
in. See attached. Still looking at the alignment issues I seem to have
had in handle_segment. I got something somewhat working some time back,
but I don't understand my own patches... (most are really just lots of
extra debug output).


>From 48827ec6cb2169bad15baf7702f86c4bf2847beb Mon Sep 17 00:00:00 2001
From: Mark Wielaard <>
Date: Wed, 26 Feb 2014 17:17:07 +0100
Subject: [PATCH] libdwfl: elf-from-memory.c (elf_from_remote_memory): Check against p64 p_type.

There was a type in the case of parsing ELFCLASS64 phdrs. Check against
p64 p_type, not the p32 p_type which at a different location in the union.

Signed-off-by: Mark Wielaard <>
 libdwfl/ChangeLog         |    5 +++++
 libdwfl/elf-from-memory.c |    2 +-
 2 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index e55b03b..aacc0bf 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2014-02-26  Mark Wielaard  <>
+	* elf-from-memory.c (elf_from_remote_memory): Check against p64
+	p_type in case ELFCLASS64, not against p32 p_type.
 2014-01-17  Petr Machata  <>
 	* relocate.c (relocate_section): Use gelf_fsize instead of relying
diff --git a/libdwfl/elf-from-memory.c b/libdwfl/elf-from-memory.c
index 528c35f..7d35df6 100644
--- a/libdwfl/elf-from-memory.c
+++ b/libdwfl/elf-from-memory.c
@@ -301,7 +301,7 @@ elf_from_remote_memory (GElf_Addr ehdr_vma,
     case ELFCLASS64:
       for (uint_fast16_t i = 0; i < phnum; ++i)
-	if (phdrs.p32[i].p_type == PT_LOAD)
+	if (phdrs.p64[i].p_type == PT_LOAD)
 	  if (handle_segment (phdrs.p64[i].p_vaddr, phdrs.p64[i].p_offset,
 			      phdrs.p64[i].p_filesz, phdrs.p64[i].p_align))
 	    goto read_error;

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]