Skip to content
GitLab
Closed
Issue created by Derek Bruening@derekbrueningContributor

recent vdso has a PT_LOAD entry only for its first page

For a recent kernel (4.19.37-ish for me), the vdso seems to have a different header structure than it used to. DR ends up marking the endpoint of the loaded module as being just one page in, while the vdso actually occupies 2 pages. For other purposes inside DR, both pages are used, resulting in confusing discrepancies. Observe:

start=0x00007ffd40f6d000 end=0x00007ffd40f6f000 prot=5 comment=[vdso]
module_add_segment_data: 0x00007ffd40f6d000-0x0000000000000ffb 5
in add_vm_area 0x00007ffd40f6d000 0x00007ffd40f6e000 
=> adding 0x00007ffd40f6d000-0x00007ffd40f6e000
        module <no name> segment [0x00007ffd40f6d000,0x00007ffd40f6e000] added
os_module_area_init: hashtab=0x00007ffd40f6d160, dynsym=0x00007ffd40f6d1a8, dynstr=0x00007ffd40f6d298, strsz=94, symsz=24
module linux-vdso.so.1 |[vdso]| [0x00007ffd40f6d000,0x00007ffd40f6f000] added
os_walk_address_space: adding: 0x00007ffd40f6d000-0x00007ffd40f6f000 prot=5
        updating all_memory_areas 0x00007ffd40f6d000-0x00007ffd40f6f000 prot->5
update_all_memory_areas 0x00007ffd40f6d000-0x00007ffd40f6f000 5 2
update_all_memory_areas: adding: 0x00007ffd40f6d000-0x00007ffd40f6f000 prot=5 type=2 share=0
in add_vm_area all_memory_areas 0x00007ffd40f6d000 0x00007ffd40f6f000 
=> adding 0x00007ffd40f6d000-0x00007ffd40f6f000
New +x app memory region: 0x00007ffd40f6d000-0x00007ffd40f6f000 r-x
in add_vm_area executable_areas 0x00007ffd40f6d000 0x00007ffd40f6f000 Private
=> adding 0x00007ffd40f6d000-0x00007ffd40f6f000
new executable vm area: 0x00007ffd40f6d000-0x00007ffd40f6f000 ---- Private linux-vdso.so.1

Loaded modules:
  0x00007fd69fc36000-0x00007fd69fc3bfff entry=0x00007fd69fc37170 base_address=0x0000000000000000
        name="simple_app" 
  0x00007fd6a3a13000-0x00007fd6a3c3bfff entry=0x00007fd6a3a13f30 base_address=0x0000000000000000
        name="ld-linux-x86-64.so.2" 
  0x00007fd6a3c3d000-0x00007fd6a40b8fff entry=0x00007fd6a3ed94e6 base_address=0x0000000071000000
        name="libdynamorio.so" 
  0x00007ffd40f6d000-0x00007ffd40f6dfff entry=0x00007ffd40f6d970 base_address=0x0000000000000000
        name="linux-vdso.so.1" 

Execution is allowed in 4 areas
  0x00007fd69fc37000-0x00007fd69fc39000 ---- ELF SO simple_app
  0x00007fd6a3a13000-0x00007fd6a3a39000 ---- ELF SO ld-linux-x86-64.so.2
  0x00007fd6a3c7e000-0x00007fd6a3f42000 ---- ELF SO libdynamorio.so
  0x00007ffd40f6d000-0x00007ffd40f6f000 ---- Private linux-vdso.so.1

So there's now a PT_LOAD entry that just covers one page and no entry for the 2nd page??

It is not clear the precise consequences of different parts of DR using different sizes but it would be best to have them all agree.