Bug #14004
closed
kernel core dumps never set EI_VERSION
100%
Description
While trying to use the rust-based Gimli tool to perform a dwarfdump to test #13925, I found that one of the tools reported an unsupported ELF header. This was suspicious because when I used a gcore of it, it worked fine and other tools like mdb, readelf, etc. were all happy with this. So digging into and checking the source code of the underlying object crate that was driving it, they were refusing to operate on a file whose e_ident[EI_VERSION] was not EV_CURRENT. A quite reasonable thing to do.
It turns out that kernel initiated core dumps set e_version to EV_CURRENT, but never touch the e_ident variant. libproc does actually set both. In this case, the kernel is wrong and if there's any doubt, even the linkers and libraries guide makes a point that this should be set. Thankfully the fix is simple and when editing the file with mdb, it proved that it worked correctly.
Updated by Robert Mustacchi almost 2 years ago
I tested this by doing a pkill -ABRT of a process. I verified that the rust utilities that had issues no longer did. I don't think this is too much risk here as gcore has always been setting this for a long time.
Updated by Electric Monk almost 2 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 5129ec5540641658a8117392986ba9828a893edc
commit 5129ec5540641658a8117392986ba9828a893edc
Author: Robert Mustacchi <rm@fingolfin.org>
Date: 2021-08-10T18:21:06.000Z
14004 kernel core dumps never set EI_VERSION
Reviewed by: Rich Lowe <richlowe@richlowe.net>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@joyent.com>