libcpuidoverride
libcpuidoverride copied to clipboard
Crash in ld
I am trying to use this library to override cpuid
instruction but my patched sample program keeps crashing, and the SIGSEGV
seems to be coming from ld
.
I am doing the test on a virtual machine running Fedora 26 with glibc 2.25.
Patched the sample program as:
# ./patchelf/src/patchelf --set-interpreter /root/work/libcpuidoverride/libcpuidoverride.so patched_memtest
Running it as:
# ./patched_memtest
Segmentation fault (core dumped)
Running in gdb
crash location appears to be in ld-2.25.so
:
# gdb -q ./patched_memtest
Reading symbols from ./patched_memtest...done.
(gdb) r
Starting program: /root/work/patched_memtest
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.
Program received signal SIGSEGV, Segmentation fault.
0x000059006b2a1f3e in ?? ()
(gdb) bt
#0 0x000059006b2a1f3e in ?? ()
#1 0x0000000000000000 in ?? ()
(gdb) info proc map
process 5214
Mapped address spaces:
Start Addr End Addr Size Offset objfile
0x3ff000 0x400000 0x1000 0x0 /root/work/patched_memtest
0x400000 0x402000 0x2000 0x0 /root/work/libcpuidoverride/libcpuidoverride.so
0x602000 0x603000 0x1000 0x2000 /root/work/libcpuidoverride/libcpuidoverride.so
0x59006b2a0000 0x59006b2c6000 0x26000 0x0 /usr/lib64/ld-2.25.so
0x59006b4c5000 0x59006b4c7000 0x2000 0x25000 /usr/lib64/ld-2.25.so
0x59006b4c8000 0x59006b4c9000 0x1000 0x0
0x7ffff7ffa000 0x7ffff7ffd000 0x3000 0x0 [vvar]
0x7ffff7ffd000 0x7ffff7fff000 0x2000 0x0 [vdso]
0x7ffffffde000 0x7ffffffff000 0x21000 0x0 [stack]
0xffffffffff600000 0xffffffffff601000 0x1000 0x0 [vsyscall]
Any idea what could be wrong here?
Some more info:
I tried the cpuid
example mentioned in README of this repo and it failed as well on fedora 26 VM.
But it worked fine on fedora 30 VM (glibc 2.29), however my test C program didn't work and crashed with seg fault.
No core is generated but I do see the following in /var/log/messages
:
Jan 11 17:25:46 localhost audit[16315]: ANOM_ABEND auid=0 uid=0 gid=0 ses=4 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=16315 comm="patched_memtest" exe="/root/work/patched_memtest" sig=11 res=1
Jan 11 17:25:46 localhost kernel: 16315 (patched_memtest): Uhuuh, elf segment at 0000000000400000 requested but the memory is mapped already
I'm not familiar with Fedora and haven't done any testing with it. You could try installing debugging symbols for binutils to get a more useful stack trace and see where it's crashing. This library uses a custom ELF loader that I haven't tested with very many input programs, so that could be where the issue is.
@ddcc which distros is this library known to work on? Ubuntu? I can try using that and do some comparison which may help debugging this issue.
I originally developed this on Ubuntu, probably the 20.04 LTS version but I don't recall exactly. However, I haven't tested it recently, so it's possible that changes in newer glibc are the reason it's crashing.
It is crashing both on Fedora 36 x86_64 (glibc-2.35-22.fc36.x86_64) and Debian 12 x86_64 (libc6 2.36-8).