https://bugs.kde.org/show_bug.cgi?id=359249
Bug ID: 359249
Summary: valgrind unable to load 64-bit linux executable linked
with -mcmodel=medium
Product: valgrind
Version: 3.11.0
Platform: RedHat RPMs
OS: other
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: jsew...@acm.org
Reporter: dbe...@bloomberg.net
Valgrind seems to be unable to load a 64-bit executable with a large data
section built with gcc on linux if the '-mcmodel=medium' option is specified.
All symbols in messages from valgrind show as '???' and running 'valgrind -v'
shows the error "ELF section outside all mapped regions". Removing the
'mcmodel' option fixes the issue, but is not always possible as it may be
needed in some configurations.
The issue seems to happen if there is a read-only LOAD section in the ELF
program headers.
I am building using gcc 4.8.2 on RHEL 6.4 and testing using valgrind 3.11.0.
Reproducible: Always
Steps to Reproduce:
$ cat >test.cpp <<END
#include <stdlib.h>
int main(int argc, char **argv) {
static const char data[1024 * 1024] = {0};
malloc(1024);
return 0;
}
END
$ gcc -m64 -mcmodel=medium test.cpp -o test
$ valgrind --leak-check=full ./test
$ ../temp/opt/bb/lib64/bin/valgrind --leak-check=full ./test
==27562== Memcheck, a memory error detector
==27562== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==27562== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==27562== Command: ./test
...
==27562== HEAP SUMMARY:
==27562== in use at exit: 1,024 bytes in 1 blocks
==27562== total heap usage: 1 allocs, 0 frees, 1,024 bytes allocated
==27562==
==27562== 1,024 bytes in 1 blocks are definitely lost in loss record 1 of 1
==27562== at 0x4A05BED: malloc (vg_replace_malloc.c:299)
==27562== by 0x400588: ??? (in ./test)
==27562== by 0x3EA821ED5C: (below main) (in /lib64/libc-2.12.so)
==27562==
==27562== LEAK SUMMARY:
==27562== definitely lost: 1,024 bytes in 1 blocks
==27562== indirectly lost: 0 bytes in 0 blocks
==27562== possibly lost: 0 bytes in 0 blocks
==27562== still reachable: 0 bytes in 0 blocks
==27562== suppressed: 0 bytes in 0 blocks
==27562==
==27562== For counts of detected and suppressed errors, rerun with: -v
==27562== Use --track-origins=yes to see where uninitialised values come from
==27562== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)
$ valgrind --leak-check=full -v ./test
==29881== Memcheck, a memory error detector
==29881== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==29881== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==29881== Command: ./test
==29881==
--29881-- Valgrind options:
--29881-- --leak-check=full
--29881-- -v
--29881-- Contents of /proc/version:
--29881-- Linux version 2.6.32-358.41.1.el6.x86_64
(mockbu...@x86-029.build.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red
Hat 4.4.7-3) (GCC) ) #1 SMP Mon Apr 21 15:58:42 EDT 2014
--29881--
--29881-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-rdtscp-sse3-avx
--29881-- Page sizes: currently 4096, max supported 4096
--29881-- Valgrind library directory: /usr/lib64/valgrind
--29881-- Reading syms from ./test
--29881-- ELF section outside all mapped regions
Actual Results:
valgrind shows ??? instead of 'main' in the call stack, and shows the error
"ELF section outside all mapped regions" while reading my executable
Expected Results:
Should show 'main' in the call stack.
=== gcc version info ===
$ gcc -v
Using built-in specs.
COLLECT_GCC=/opt/rh/devtoolset-2/root/usr/bin/gcc
COLLECT_LTO_WRAPPER=/opt/rh/devtoolset-2/root/usr/libexec/gcc/x86_64-redhat-linux/4.8.2/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/opt/rh/devtoolset-2/root/usr
--mandir=/opt/rh/devtoolset-2/root/usr/share/man
--infodir=/opt/rh/devtoolset-2/root/usr/share/info
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap
--enable-shared --enable-threads=posix --enable-checking=release
--with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions
--enable-gnu-unique-object --enable-linker-build-id
--enable-languages=c,c++,fortran,lto --enable-plugin
--with-linker-hash-style=gnu --enable-initfini-array --disable-libgcj
--with-isl=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/isl-install
--with-cloog=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/cloog-install
--with-mpc=/builddir/build/BUILD/gcc-4.8.2-20140120/obj-x86_64-redhat-linux/mpc-install
--with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.8.2 20140120 (Red Hat 4.8.2-15) (GCC)
=== readelf dump of program headers ===
$ readelf -l test
Elf file type is EXEC (Executable file)
Entry point 0x400410
There are 9 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001f8 0x00000000000001f8 R E 8
INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238
0x000000000000001c 0x000000000000001c R 1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x00000000000006cc 0x00000000000006cc R E 200000
LOAD 0x00000000000006d0 0x00000000006006d0 0x00000000006006d0
0x000000000000021c 0x0000000000000220 RW 200000
LOAD 0x00000000000008f0 0x00000000008008f0 0x00000000008008f0
0x0000000000100010 0x0000000000100010 R 200000
DYNAMIC 0x00000000000006e8 0x00000000006006e8 0x00000000006006e8
0x00000000000001d0 0x00000000000001d0 RW 8
NOTE 0x0000000000000254 0x0000000000400254 0x0000000000400254
0x0000000000000044 0x0000000000000044 R 4
GNU_EH_FRAME 0x00000000000005f8 0x00000000004005f8 0x00000000004005f8
0x000000000000002c 0x000000000000002c R 4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 10
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr
.gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata
.eh_frame_hdr .eh_frame
03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss
04 .lrodata
05 .dynamic
06 .note.ABI-tag .note.gnu.build-id
07 .eh_frame_hdr
08
=== valgrind trace of program header loading ===
$ valgrind --trace-symtab=yes ./test
==52969== Memcheck, a memory error detector
==52969== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==52969== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==52969== Command: ./test
==52969==
------ start ELF OBJECT -------------------------------------------------------
------ name = ./test
Un-de-overlapped _DebugInfoMappings:
[0] avma 0x400000 size 4096 foff 0 rx -- --
[1] avma 0x600000 size 4096 foff 0 -- rw --
De-overlapped DebugInfoMappings:
[0] avma 0x400000 size 4096 foff 0 rx -- --
[1] avma 0x600000 size 4096 foff 0 -- rw --
Checking that there are no remaining overlaps.
Check successful.
------ Basic facts about the object ------
object: n_oimage 1055514
phdr: ioff 64 nent 9 ent_szB 56
shdr: ioff 1051248 nent 31 ent_szB 64
rx_map: avma 0x400000 size 4096 foff 0
rw_map: avma 0x600000 size 4096 foff 0
shdr: string table at 1050969
------ Examining the program headers ------
PT_LOAD[2]: p_vaddr 0x400000 (prev 0x0)
PT_LOAD[2]: p_offset 0, p_filesz 1740, perms r-x
PT_LOAD[2]: acquired as rx, bias 0x0
PT_LOAD[3]: p_vaddr 0x6006d0 (prev 0x400000)
PT_LOAD[3]: p_offset 1744, p_filesz 540, perms rw-
PT_LOAD[3]: acquired as rw, bias 0x0
PT_LOAD[4]: p_vaddr 0x8008f0 (prev 0x6006d0)
PT_LOAD[4]: p_offset 2288, p_filesz 1048592, perms r--
------ ELF reading failed ------
------ name = ./test
------ end ELF OBJECT -------------------------------------------------------
--
You are receiving this mail because:
You are watching all bug changes.
