This is an archive of the discontinued LLVM Phabricator instance.

Differential D67370

Fix ELF core file memory reading for PT_LOAD program headers with no p_filesz
ClosedPublic

Authored by clayborg on Sep 9 2019, 1:34 PM.

Details

Reviewers
labath
aprantl
Commits
rG4f68c226a561: Fix ELF core file memory reading for PT_LOAD program headers with no p_filesz
rL371457: Fix ELF core file memory reading for PT_LOAD program headers with no p_filesz
rLLDB371457: Fix ELF core file memory reading for PT_LOAD program headers with no p_filesz
Summary

Prior to this fix, ELF files might contain PT_LOAD program headers that had a valid p_vaddr, and a valid file p_offset, but the p_filesz would be zero. For example in llvm-project/lldb/test/testcases/functionalities/postmortem/elf-core/thread_crash/linux-i386.core we see:

Program Headers:
Index   p_type           p_flags    p_offset           p_vaddr            p_paddr            p_filesz           p_memsz            p_align
======= ---------------- ---------- ------------------ ------------------ ------------------ ------------------ ------------------ ------------------
[    0] PT_NOTE          0x00000000 0x0000000000000474 0x0000000000000000 0x0000000000000000 0x0000000000001940 0x0000000000000000 0x0000000000000000
[    1] PT_LOAD          0x00000005 0x0000000000002000 0x0000000008048000 0x0000000000000000 0x0000000000000000 0x0000000000003000 0x0000000000001000
[    2] PT_LOAD          0x00000004 0x0000000000002000 0x000000000804b000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[    3] PT_LOAD          0x00000006 0x0000000000002000 0x000000000804c000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[    4] PT_LOAD          0x00000006 0x0000000000002000 0x0000000009036000 0x0000000000000000 0x0000000000000000 0x0000000000025000 0x0000000000001000
[    5] PT_LOAD          0x00000000 0x0000000000002000 0x00000000f63a1000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[    6] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f63a2000 0x0000000000000000 0x0000000000000000 0x0000000000800000 0x0000000000001000
[    7] PT_LOAD          0x00000000 0x0000000000002000 0x00000000f6ba2000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[    8] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f6ba3000 0x0000000000000000 0x0000000000000000 0x0000000000804000 0x0000000000001000
[    9] PT_LOAD          0x00000005 0x0000000000002000 0x00000000f73a7000 0x0000000000000000 0x0000000000000000 0x00000000001b1000 0x0000000000001000
[   10] PT_LOAD          0x00000004 0x0000000000002000 0x00000000f7558000 0x0000000000000000 0x0000000000000000 0x0000000000002000 0x0000000000001000
[   11] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f755a000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   12] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f755b000 0x0000000000000000 0x0000000000000000 0x0000000000003000 0x0000000000001000
[   13] PT_LOAD          0x00000005 0x0000000000002000 0x00000000f755e000 0x0000000000000000 0x0000000000000000 0x0000000000019000 0x0000000000001000
[   14] PT_LOAD          0x00000004 0x0000000000002000 0x00000000f7577000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   15] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f7578000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   16] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f7579000 0x0000000000000000 0x0000000000000000 0x0000000000002000 0x0000000000001000
[   17] PT_LOAD          0x00000005 0x0000000000002000 0x00000000f757b000 0x0000000000000000 0x0000000000000000 0x000000000001c000 0x0000000000001000
[   18] PT_LOAD          0x00000004 0x0000000000002000 0x00000000f7597000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   19] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f7598000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   20] PT_LOAD          0x00000005 0x0000000000002000 0x00000000f7599000 0x0000000000000000 0x0000000000000000 0x0000000000053000 0x0000000000001000
[   21] PT_LOAD          0x00000004 0x0000000000002000 0x00000000f75ec000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   22] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f75ed000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   23] PT_LOAD          0x00000005 0x0000000000002000 0x00000000f75ee000 0x0000000000000000 0x0000000000000000 0x0000000000176000 0x0000000000001000
[   24] PT_LOAD          0x00000004 0x0000000000002000 0x00000000f7764000 0x0000000000000000 0x0000000000000000 0x0000000000006000 0x0000000000001000
[   25] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f776a000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   26] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f776b000 0x0000000000000000 0x0000000000000000 0x0000000000003000 0x0000000000001000
[   27] PT_LOAD          0x00000006 0x0000000000002000 0x00000000f778a000 0x0000000000000000 0x0000000000000000 0x0000000000002000 0x0000000000001000
[   28] PT_LOAD          0x00000004 0x0000000000002000 0x00000000f778c000 0x0000000000000000 0x0000000000002000 0x0000000000002000 0x0000000000001000
[   29] PT_LOAD          0x00000005 0x0000000000004000 0x00000000f778e000 0x0000000000000000 0x0000000000002000 0x0000000000002000 0x0000000000001000
[   30] PT_LOAD          0x00000005 0x0000000000006000 0x00000000f7790000 0x0000000000000000 0x0000000000000000 0x0000000000022000 0x0000000000001000
[   31] PT_LOAD          0x00000004 0x0000000000006000 0x00000000f77b3000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   32] PT_LOAD          0x00000006 0x0000000000006000 0x00000000f77b4000 0x0000000000000000 0x0000000000000000 0x0000000000001000 0x0000000000001000
[   33] PT_LOAD          0x00000006 0x0000000000006000 0x00000000ffa25000 0x0000000000000000 0x0000000000000000 0x0000000000022000 0x0000000000001000

Prior to this fix if users tried to read memory from one of these addresses like 0x8048000, they would end up incorrectly reading from the next memory region that actually had a p_filesz which would be 0x00000000f778c000 in this case. This fix correctly doesn't include program headers with zero p_filesz in the ProcessELFCore::m_core_aranges that is used to read memory. I found two cores files that have this same issue and added tests.

Diff Detail

Repository
rL LLVM

Event Timeline

clayborg created this revision.Sep 9 2019, 1:34 PM
aprantl accepted this revision.Sep 9 2019, 2:24 PM
This revision is now accepted and ready to land.Sep 9 2019, 2:24 PM
Closed by commit rL371457: Fix ELF core file memory reading for PT_LOAD program headers with no p_filesz (authored by gclayton). · Explain WhySep 9 2019, 2:44 PM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptSep 9 2019, 2:44 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
clayborg added a comment.Sep 9 2019, 2:44 PM

$ git llvm push
Pushing 1 monorepo commit:

f54a49a8133 Fix ELF core file memory reading for PT_LOAD program headers with no p_filesz

Sending lldb/trunk/packages/Python/lldbsuite/test/functionalities/postmortem/elf-core/thread_crash/TestLinuxCoreThreads.py
Sending lldb/trunk/source/Plugins/Process/elf-core/ProcessElfCore.cpp
Transmitting file data ..done
Committing transaction...
Committed revision 371457.
Committed f54a49a8133 to svn.

Revision Contents

PathSize
lldb/
trunk/
packages/
Python/
lldbsuite/
test/
functionalities/
postmortem/
elf-core/
thread_crash/
11 lines
source/
Plugins/
Process/
elf-core/
22 lines

Diff 219436

lldb/trunk/packages/Python/lldbsuite/test/functionalities/postmortem/elf-core/thread_crash/TestLinuxCoreThreads.py

Show First 20 LinesShow All 45 Lines▼ Show 20 Linesclass LinuxCoreThreadsTestCase(TestBase):
def do_test(self, filename, pid, tid): def do_test(self, filename, pid, tid):
target = self.dbg.CreateTarget("") target = self.dbg.CreateTarget("")
process = target.LoadCore(filename + ".core") process = target.LoadCore(filename + ".core")
self.assertTrue(process, PROCESS_IS_VALID) self.assertTrue(process, PROCESS_IS_VALID)
self.assertEqual(process.GetNumThreads(), 3) self.assertEqual(process.GetNumThreads(), 3)
self.assertEqual(process.GetProcessID(), pid) self.assertEqual(process.GetProcessID(), pid)
for thread in process: for thread in process:
# Verify that if we try to read memory from a PT_LOAD that has
# p_filesz of zero that we don't get bytes from the next section
# that actually did have bytes. The addresses below were found by
# dumping the program headers of linux-i386.core and
# linux-x86_64.core and verifying that they had a p_filesz of zero.
mem_err = lldb.SBError()
if process.GetAddressByteSize() == 4:
bytes_read = process.ReadMemory(0x8048000, 4, mem_err)
else:
bytes_read = process.ReadMemory(0x400000, 4, mem_err)
self.assertEqual(bytes_read, None)
reason = thread.GetStopReason() reason = thread.GetStopReason()
if( thread.GetThreadID() == tid ): if( thread.GetThreadID() == tid ):
self.assertEqual(reason, lldb.eStopReasonSignal) self.assertEqual(reason, lldb.eStopReasonSignal)
signal = thread.GetStopReasonDataAtIndex(1) signal = thread.GetStopReasonDataAtIndex(1)
# Check we got signal 4 (SIGILL) # Check we got signal 4 (SIGILL)
self.assertEqual(signal, 4) self.assertEqual(signal, 4)
else: else:
signal = thread.GetStopReasonDataAtIndex(1) signal = thread.GetStopReasonDataAtIndex(1)
# Check we got no signal on the other threads # Check we got no signal on the other threads
self.assertEqual(signal, 0) self.assertEqual(signal, 0)
self.dbg.DeleteTarget(target) self.dbg.DeleteTarget(target)

lldb/trunk/source/Plugins/Process/elf-core/ProcessElfCore.cpp

Show First 20 LinesShow All 112 Lines▼ Show 20 Lines
uint32_t ProcessElfCore::GetPluginVersion() { return 1; } uint32_t ProcessElfCore::GetPluginVersion() { return 1; }
lldb::addr_t ProcessElfCore::AddAddressRangeFromLoadSegment( lldb::addr_t ProcessElfCore::AddAddressRangeFromLoadSegment(
const elf::ELFProgramHeader &header) { const elf::ELFProgramHeader &header) {
const lldb::addr_t addr = header.p_vaddr; const lldb::addr_t addr = header.p_vaddr;
FileRange file_range(header.p_offset, header.p_filesz); FileRange file_range(header.p_offset, header.p_filesz);
VMRangeToFileOffset::Entry range_entry(addr, header.p_memsz, file_range); VMRangeToFileOffset::Entry range_entry(addr, header.p_memsz, file_range);
// Only add to m_core_aranges if the file size is non zero. Some core files
// have PT_LOAD segments for all address ranges, but set f_filesz to zero for
// the .text sections since they can be retrieved from the object files.
if (header.p_filesz > 0) {
VMRangeToFileOffset::Entry *last_entry = m_core_aranges.Back(); VMRangeToFileOffset::Entry *last_entry = m_core_aranges.Back();
if (last_entry && last_entry->GetRangeEnd() == range_entry.GetRangeBase() && if (last_entry && last_entry->GetRangeEnd() == range_entry.GetRangeBase() &&
last_entry->data.GetRangeEnd() == range_entry.data.GetRangeBase() && last_entry->data.GetRangeEnd() == range_entry.data.GetRangeBase() &&
last_entry->GetByteSize() == last_entry->data.GetByteSize()) { last_entry->GetByteSize() == last_entry->data.GetByteSize()) {
last_entry->SetRangeEnd(range_entry.GetRangeEnd()); last_entry->SetRangeEnd(range_entry.GetRangeEnd());
last_entry->data.SetRangeEnd(range_entry.data.GetRangeEnd()); last_entry->data.SetRangeEnd(range_entry.data.GetRangeEnd());
} else { } else {
m_core_aranges.Append(range_entry); m_core_aranges.Append(range_entry);
} }
}
// Keep a separate map of permissions that that isn't coalesced so all ranges // Keep a separate map of permissions that that isn't coalesced so all ranges
// are maintained. // are maintained.
const uint32_t permissions = const uint32_t permissions =
((header.p_flags & llvm::ELF::PF_R) ? lldb::ePermissionsReadable : 0u) | ((header.p_flags & llvm::ELF::PF_R) ? lldb::ePermissionsReadable : 0u) |
((header.p_flags & llvm::ELF::PF_W) ? lldb::ePermissionsWritable : 0u) | ((header.p_flags & llvm::ELF::PF_W) ? lldb::ePermissionsWritable : 0u) |
((header.p_flags & llvm::ELF::PF_X) ? lldb::ePermissionsExecutable : 0u); ((header.p_flags & llvm::ELF::PF_X) ? lldb::ePermissionsExecutable : 0u);
m_core_range_infos.Append( m_core_range_infos.Append(
▲ Show 20 LinesShow All 778 LinesShow Last 20 Lines