libdwfl: read_address should use increasing address in intuit_kernel_bounds

In kernels from 4.14 up to 4.19 in /proc/kallsyms there are special
__entry_SYSCALL_64_trampoline symbols. The problem is that they come
after the last kernel address, but before the module addresses.
And they are (much) smaller than the start address we found. This
confuses intuit_kernel_bounds and makes it fail.

Make sure to check read_address returns an increasing address when
searching for the end.

https://sourceware.org/bugzilla/show_bug.cgi?id=26177

Reported-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 72cd5003463ec69a276f0580c5a2e6c4dd2dce49..c11df151edbf53f516b330d7495352533543f50e 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2020-06-28  Mark Wielaard  <mark@klomp.org>
+
+       * linux-kernel-modules.c (intuit_kernel_bounds): Check read_address
+       returns an increasing address when searching for end.
+
 2020-06-16  Mark Wielaard  <mark@klomp.org>
 
        * cfi.c (execute_cfi): Add missing FALLTHROUGH.

diff --git a/libdwfl/linux-kernel-modules.c b/libdwfl/linux-kernel-modules.c
index 84a05f28bd55c855343625205e1acb59c8b13d4e..548cb56f9ad6ac74fcf514fed62db80dee3639cf 100644 (file)
--- a/libdwfl/linux-kernel-modules.c
+++ b/libdwfl/linux-kernel-modules.c
@@ -538,10 +538,14 @@ intuit_kernel_bounds (Dwarf_Addr *start, Dwarf_Addr *end, Dwarf_Addr *notes)
 
   if (result == 0)
     {
+      Dwarf_Addr addr;
       *end = *start;
-      while (read_address (&state, end))
-       if (*notes == 0 && !strcmp (state.p, "__start_notes\n"))
-         *notes = *end;
+      while (read_address (&state, &addr) && addr >= *end)
+       {
+         *end = addr;
+         if (*notes == 0 && !strcmp (state.p, "__start_notes\n"))
+           *notes = *end;
+       }
 
       Dwarf_Addr round_kernel = sysconf (_SC_PAGESIZE);
       *start &= -(Dwarf_Addr) round_kernel;