Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

overflow in relocation type R_X86_64_32S(11) val 556ddb198110 #5

Open
Rtoax opened this issue Mar 2, 2024 · 9 comments
Open

overflow in relocation type R_X86_64_32S(11) val 556ddb198110 #5

Rtoax opened this issue Mar 2, 2024 · 9 comments
Assignees
@Rtoax
Labels
bug Something isn't working

Comments

@Rtoax
Copy link
Owner

Rtoax commented Mar 2, 2024

When i running tests/hello/hello-pie:

rongtao@rtoax:~/Git/ulpatch/tests/hello$ ./hello-pie
print_hello                     : 0x0000004248f1e8
puts                            : 0x0000007c1fc390
Hello World. 0, 255
Hello World. 1, 255
Hello World. 2, 255
Hello World. 3, 255
Hello World. 4, 255

found the error:

rongtao@rtoax:~/Git/ulpatch/tests/hello$ ./test.sh -u patch-pthread.ulp
Already install ulpatch
make: Nothing to be done for 'build'.
Wrong ELF magic
overflow in relocation type R_X86_64_32S(11) val 556ddb198110
likely not compiled with -mcmodel=kernel.
@Rtoax Rtoax added the bug Something isn't working label Mar 2, 2024
@Rtoax Rtoax self-assigned this Mar 2, 2024
@Rtoax
Copy link
Owner Author

Rtoax commented Mar 2, 2024

The same one overflow in relocation type R_X86_64_32S(11) val 557a42493168

@Rtoax
Copy link
Owner Author

Rtoax commented Mar 2, 2024
edited
Loading

Check the patch-pthread.ulp relocations, found R_X86_64_32 and R_X86_64_32S,

rongtao@rtoax:~/Git/ulpatch/tests/hello$ readelf -r patch-pthread.ulp

Relocation section '.rela.text' at offset 0xaf0 contains 11 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
00000000000d  00040000000a R_X86_64_32       0000000000000000 .rodata + 0
000000000012  001600000004 R_X86_64_PLT32    0000000000000000 puts - 4
00000000001c  001700000004 R_X86_64_PLT32    0000000000000000 sleep - 4
000000000030  001400000002 R_X86_64_PC32     0000000000000000 not_created - 4
000000000039  00040000000a R_X86_64_32       0000000000000000 .rodata + 19
00000000003e  001600000004 R_X86_64_PLT32    0000000000000000 puts - 4
000000000044  001400000002 R_X86_64_PC32     0000000000000000 not_created - 8
000000000052  00190000000a R_X86_64_32       0000000000000000 routine + 0
00000000005c  00180000000a R_X86_64_32       0000000000000008 thread + 0
000000000061  001300000004 R_X86_64_PLT32    0000000000000000 pthread_create - 4
00000000006d  001a00000004 R_X86_64_PLT32    0000000000000000 internal_print_hello - 4

Relocation section '.rela.eh_frame' at offset 0xbf8 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000020  000300000002 R_X86_64_PC32     0000000000000000 .text + 0
00000000003c  000300000002 R_X86_64_PC32     0000000000000000 .text + 22

Relocation section '.rela.debug_aranges' at offset 0xc28 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000006  000d0000000a R_X86_64_32       0000000000000000 .debug_info + 0
000000000010  000300000001 R_X86_64_64       0000000000000000 .text + 0

Relocation section '.rela.debug_info' at offset 0xc58 contains 32 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000008  000e0000000a R_X86_64_32       0000000000000000 .debug_abbrev + 0
00000000000d  00100000000a R_X86_64_32       0000000000000000 .debug_str + e
000000000012  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 26
000000000016  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 0
00000000001a  000300000001 R_X86_64_64       0000000000000000 .text + 0
00000000002a  000f0000000a R_X86_64_32       0000000000000000 .debug_line + 0
000000000031  00100000000a R_X86_64_32       0000000000000000 .debug_str + 8b
000000000038  00100000000a R_X86_64_32       0000000000000000 .debug_str + 63
000000000046  00100000000a R_X86_64_32       0000000000000000 .debug_str + cf
00000000004d  00100000000a R_X86_64_32       0000000000000000 .debug_str + 100
000000000054  00100000000a R_X86_64_32       0000000000000000 .debug_str + 113
00000000005b  00100000000a R_X86_64_32       0000000000000000 .debug_str + 127
000000000069  00100000000a R_X86_64_32       0000000000000000 .debug_str + e8
000000000070  00100000000a R_X86_64_32       0000000000000000 .debug_str + dd
000000000077  00100000000a R_X86_64_32       0000000000000000 .debug_str + 9d
00000000007c  00100000000a R_X86_64_32       0000000000000000 .debug_str + 14d
000000000087  00100000000a R_X86_64_32       0000000000000000 .debug_str + 70
000000000094  00100000000a R_X86_64_32       0000000000000000 .debug_str + f9
00000000009f  00100000000a R_X86_64_32       0000000000000000 .debug_str + 11f
0000000000bb  00100000000a R_X86_64_32       0000000000000000 .debug_str + 70
0000000000cd  00100000000a R_X86_64_32       0000000000000000 .debug_str + 0
0000000000d2  00100000000a R_X86_64_32       0000000000000000 .debug_str + 7f
0000000000de  001400000001 R_X86_64_64       0000000000000000 not_created + 0
0000000000e7  00100000000a R_X86_64_32       0000000000000000 .debug_str + 131
0000000000f3  001800000001 R_X86_64_64       0000000000000008 thread + 0
0000000000fc  00100000000a R_X86_64_32       0000000000000000 .debug_str + 138
00000000010e  00100000000a R_X86_64_32       0000000000000000 .debug_str + c0
00000000015b  00100000000a R_X86_64_32       0000000000000000 .debug_str + e2
000000000172  00100000000a R_X86_64_32       0000000000000000 .debug_str + b4
000000000179  000300000001 R_X86_64_64       0000000000000000 .text + 22
00000000019e  00100000000a R_X86_64_32       0000000000000000 .debug_str + f1
0000000001a9  000300000001 R_X86_64_64       0000000000000000 .text + 0

Relocation section '.rela.debug_line' at offset 0xf58 contains 9 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000022  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 36
000000000026  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 5c
00000000002a  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 6e
000000000034  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 7b
000000000039  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 8b
00000000003e  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + 9b
000000000043  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + aa
000000000048  00110000000a R_X86_64_32       0000000000000000 .debug_line_str + b4
000000000052  000300000001 R_X86_64_64       0000000000000000 .text + 0

Because the address value bigger than 32bit, thus overflow.

If i compile the ulpatch ELF file without -g -ggdb, relocations like:

rongtao@rtoax:~/Git/ulpatch/tests/hello$ readelf -r patch-pthread.ulp

Relocation section '.rela.text' at offset 0x490 contains 11 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
00000000000d  00040000000a R_X86_64_32       0000000000000000 .rodata + 0
000000000012  001000000004 R_X86_64_PLT32    0000000000000000 puts - 4
00000000001c  001100000004 R_X86_64_PLT32    0000000000000000 sleep - 4
000000000030  000e00000002 R_X86_64_PC32     0000000000000000 not_created - 4
000000000039  00040000000a R_X86_64_32       0000000000000000 .rodata + 19
00000000003e  001000000004 R_X86_64_PLT32    0000000000000000 puts - 4
000000000044  000e00000002 R_X86_64_PC32     0000000000000000 not_created - 8
000000000052  00130000000a R_X86_64_32       0000000000000000 routine + 0
00000000005c  00120000000a R_X86_64_32       0000000000000008 thread + 0
000000000061  000d00000004 R_X86_64_PLT32    0000000000000000 pthread_create - 4
00000000006d  001400000004 R_X86_64_PLT32    0000000000000000 internal_print_hello - 4

Relocation section '.rela.eh_frame' at offset 0x598 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000020  000300000002 R_X86_64_PC32     0000000000000000 .text + 0
00000000003c  000300000002 R_X86_64_PC32     0000000000000000 .text + 22

Rtoax added a commit that referenced this issue Mar 2, 2024
@Rtoax
docs: relocations.md: Add more sections
5c830ad 
Link: #5
Signed-off-by: Rong Tao <[email protected]>
@Rtoax
Copy link
Owner Author

Rtoax commented Mar 2, 2024

libcare/libcareplus seems work fine!!

@Rtoax
Copy link
Owner Author

Rtoax commented Mar 2, 2024

libcare/libcareplus seems work fine!!

Figure it out there is no R_X86_64_32S

@Rtoax
Copy link
Owner Author

Rtoax commented Mar 2, 2024

You can see this:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "common.h"

int local_i = 123;
static long __unused static_i = 1024;
static char __unused *static_s = "you";

void init(void)
{
	local_i++;
	static_i++;
	static_s++;
	printf("\n");
	debug();
}

void done(void)
{
	debug();
}
Compile  libhello.c to libhello.o
gcc -Werror -Wall -Wstrict-prototypes -DDEBUG -O0 -g -I../../  -o libhello.o -c libhello.c
Compile  libhello.o to libhello.so
gcc -Werror -Wall -Wstrict-prototypes -DDEBUG -O0 -g -I../../  -o libhello.so libhello.o -shared -fpic
/usr/bin/ld: libhello.o: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
make: *** [Makefile:49: libhello.so] Error 1
rm libhello.o

@Rtoax
Copy link
Owner Author

Rtoax commented Mar 2, 2024

You can see this, it's could give you some advise:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "common.h"

int local_i = 123;
static long __unused static_i = 1024;
static char __unused *static_s = "you";

void init(void)
{
	local_i++;
	static_i++;
	static_s++;
	printf("\n");
	debug();
}

void done(void)
{
	debug();
}
Compile  libhello.c to libhello.o
gcc -Werror -Wall -Wstrict-prototypes -DDEBUG -O0 -g -I../../  -o libhello.o -c libhello.c
Compile  libhello.o to libhello.so
gcc -Werror -Wall -Wstrict-prototypes -DDEBUG -O0 -g -I../../  -o libhello.so libhello.o -shared -fpic
/usr/bin/ld: libhello.o: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status
make: *** [Makefile:49: libhello.so] Error 1
rm libhello.o

@Rtoax
Copy link
Owner Author

Rtoax commented Mar 4, 2024

Some useful informations:

The ulpatch file compile without -fpic:

rongtao@RT-NUC:~/Git/ulpatch/tests/hello$ readelf -r patch-add-vars.ulp.1 

Relocation section '.rela.text' at offset 0x498 contains 16 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000015  001100000002 R_X86_64_PC32     0000000000000000 local_i - 4
00000000001e  001100000002 R_X86_64_PC32     0000000000000000 local_i - 4
000000000025  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
000000000030  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
000000000037  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
000000000042  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
000000000049  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
00000000004f  001100000002 R_X86_64_PC32     0000000000000000 local_i - 4
000000000061  00040000000a R_X86_64_32       0000000000000000 .rodata + 10
00000000006b  000f00000004 R_X86_64_PLT32    0000000000000000 printf - 4
000000000072  000700000002 R_X86_64_PC32     0000000000000000 .data + 14
000000000079  001200000002 R_X86_64_PC32     0000000000000010 local_s - 4
000000000081  00040000000a R_X86_64_32       0000000000000000 .rodata + 35
00000000008b  000f00000004 R_X86_64_PLT32    0000000000000000 printf - 4
00000000009e  00040000000a R_X86_64_32       0000000000000000 .rodata + 3c
0000000000a8  000f00000004 R_X86_64_PLT32    0000000000000000 printf - 4

Relocation section '.rela.eh_frame' at offset 0x618 contains 1 entry:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000020  000300000002 R_X86_64_PC32     0000000000000000 .text + 0

Relocation section '.rela.data' at offset 0x630 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000010  000400000001 R_X86_64_64       0000000000000000 .rodata + 0
000000000018  000400000001 R_X86_64_64       0000000000000000 .rodata + 5

The ulpatch file compile with -fpic:

rongtao@RT-NUC:~/Git/ulpatch/tests/hello$ readelf -r patch-add-vars.ulp.2 

Relocation section '.rela.text' at offset 0x500 contains 16 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000016  00120000002a R_X86_64_REX_GOTP 0000000000000000 local_i - 4
000000000022  00120000002a R_X86_64_REX_GOTP 0000000000000000 local_i - 4
00000000002b  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
000000000036  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
00000000003d  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
000000000048  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
00000000004f  000700000002 R_X86_64_PC32     0000000000000000 .data + 4
000000000056  00120000002a R_X86_64_REX_GOTP 0000000000000000 local_i - 4
00000000006c  000400000002 R_X86_64_PC32     0000000000000000 .rodata + c
000000000079  001000000004 R_X86_64_PLT32    0000000000000000 printf - 4
000000000080  000800000002 R_X86_64_PC32     0000000000000000 .data.rel.local + 4
000000000087  00130000002a R_X86_64_REX_GOTP 0000000000000000 local_s - 4
000000000094  000400000002 R_X86_64_PC32     0000000000000000 .rodata + 31
0000000000a1  001000000004 R_X86_64_PLT32    0000000000000000 printf - 4
0000000000b6  000400000002 R_X86_64_PC32     0000000000000000 .rodata + 38
0000000000c3  001000000004 R_X86_64_PLT32    0000000000000000 printf - 4

Relocation section '.rela.eh_frame' at offset 0x680 contains 1 entry:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000020  000300000002 R_X86_64_PC32     0000000000000000 .text + 0

Relocation section '.rela.data.rel.local' at offset 0x698 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000000  000400000001 R_X86_64_64       0000000000000000 .rodata + 0
000000000008  000400000001 R_X86_64_64       0000000000000000 .rodata + 5

@Rtoax
Copy link
Owner Author

Rtoax commented Apr 16, 2024

See https://github.com/Rtoax/test-linux/issues/6, Like kernel Makefile KBUILD_CFLAGS:

$(info KBUILD_CFLAGS:${KBUILD_CFLAGS})

-Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Wno-format-security -std=gnu89 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fcf-protection=none -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -Wno-sign-compare -fno-asynchronous-unwind-tables -mindirect-branch=thunk-extern -mindirect-branch-register -mindirect-branch-cs-prefix -mfunction-return=thunk-extern -fno-jump-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -Wno-address-of-packed-member -O2 -fno-allow-store-data-races -Wframe-larger-than=2048 -fstack-protector-strong -Wimplicit-fallthrough=5 -Wno-main -Wno-unused-but-set-variable -Wno-unused-const-variable  -fno-stack-clash-protection -g -pg -mrecord-mcount -mfentry -DCC_USING_FENTRY -fno-inline-functions-called-once -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-stringop-truncation -Wno-zero-length-bounds -Wno-array-bounds -Wno-stringop-overflow -Wno-restrict -Wno-maybe-uninitialized -Wno-alloc-size-larger-than -fno-strict-overflow -fno-stack-check -fconserve-stack -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -Wno-packed-not-aligned

@Rtoax
Copy link
Owner Author

Rtoax commented Apr 17, 2024
edited
Loading

rongtao@rtoax:~/Git/ulpatch/tests/hello$ ./test.sh -u patch-pthread.ulp
Already install ulpatch
make: Nothing to be done for 'build'.
Wrong ELF magic
overflow in relocation type R_X86_64_32S(11) val 556ddb198110

Maybe 8cd1f73 could resolve this problem. and i'm sure kernel module address is smaller than 0xFFFFFFFFUL (see https://github.com/Rtoax/test-linux/commit/76a2208a5b0c04e7c4c8414c2de8cedd752c1763)

Rtoax referenced this issue Apr 17, 2024
@Rtoax
utils/task: find_vma_span_area(): Add MIN_ULP_START_VMA_ADDR
8cd1f73 
Finish: commit 8500222 ("utils/task: find_vma_span_area(): Add first var")
Signed-off-by: Rong Tao <[email protected]>
Rtoax added a commit that referenced this issue Apr 17, 2024
@Rtoax
x86_64: patch: Add -fpic -fno-PIE hint
7992bb6 
Link: #5
Signed-off-by: Rong Tao <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rtoax Rtoax

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Rtoax