Develop Reference

libbpf: sec 'sockops': failed to find program symbol at offset 0

I'd like to use the bpftool prog load to load my program into kernel. However, some errors occurred.
# bpftool prog load sockmap_update_kern.o "/sys/fs/bpf/bpf_sockmap"
libbpf: sec 'sockops': failed to find program symbol at offset 0
Error: failed to open object file
The program compiles fine with LLVM version 6.0.0
#include <linux/bpf.h>
#include "bpf_helpers.h"
struct bpf_map_def SEC("maps") sock_map = {
.type = BPF_MAP_TYPE_SOCKMAP,
.key_size = sizeof(int),
.value_size = sizeof(int),
.max_entries = 10,
};
SEC("sockops")
int sock_map_update(struct bpf_sock_ops *ops)
{
__u32 op, family;
int key;
op = ops->op;
family = ops->family;
switch (op){
case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
if (family == 2){ //AF_INET
key = 1;
bpf_sock_map_update(ops, &sock_map, &key, BPF_ANY);
}
default:
break;
}
return 0;
}
char _license[] SEC("license") = "GPL";
# readelf -a sockmap_update_kern.o
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Linux BPF
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 456 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 64 (bytes)
Number of section headers: 8
Section header string table index: 1
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .strtab STRTAB 0000000000000000 00000170
0000000000000051 0000000000000000 0 0 1
[ 2] .text PROGBITS 0000000000000000 00000040
0000000000000000 0000000000000000 AX 0 0 4
[ 3] sockops PROGBITS 0000000000000000 00000040
0000000000000088 0000000000000000 AX 0 0 8
[ 4] .relsockops REL 0000000000000000 00000160
0000000000000010 0000000000000010 7 3 8
[ 5] maps PROGBITS 0000000000000000 000000c8
000000000000001c 0000000000000000 WA 0 0 4
[ 6] license PROGBITS 0000000000000000 000000e4
0000000000000004 0000000000000000 WA 0 0 1
[ 7] .symtab SYMTAB 0000000000000000 000000e8
0000000000000078 0000000000000018 1 2 8
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
p (processor specific)
There are no section groups in this file.
There are no program headers in this file.
There is no dynamic section in this file.
Relocation section '.relsockops' at offset 0x160 contains 1 entry:
Offset Info Type Sym. Value Sym. Name
000000000058 000300000001 unrecognized: 1 0000000000000000 sock_map
The decoding of unwind sections for machine type Linux BPF is not currently supported.
Symbol table '.symtab' contains 5 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000078 0 NOTYPE LOCAL DEFAULT 3 LBB0_3
2: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 6 _license
3: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 5 sock_map
4: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 3 sock_map_update
No version information found in this file.
My kernel version is 5.3.0-42. I get it by apt-get install, so I guess there are some problems about the kernel. Could you give me some advise? Thanks in advance.
# uname -a
Linux iZ2zehe0r5ccv5sse5ib5fZ 5.3.0-42-generic #34~18.04.1-Ubuntu SMP Fri Feb 28 13:42:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Undefined reference in a custom ELF file, but the symbol is defined in the files symbol table

I have been trying to learn about x86-64 machine code and ELF files. For that purpose i wrote some code to generate an ELF file with some machine code in it. I use a some machine code that i assembled using nasm (it just prints a message and calls the exit syscall, learning to assemble machine code myself comes next) and wrote a C program to write the correct ELF header/Section headers/Symbol table etc. manually into a file.
Now I am trying to link my file (with a single function in it) against another elf file, which I generate via gcc from C code (test.c):
// does not work with or without "extern"
extern void hello();
void _start()
{
hello();
// exit system call
asm(
"movl $60,%eax;"
"xorl %ebx,%ebx;"
"syscall");
}
The output of readelf -a on my ELF file is (hello.o):
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 64 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 64 (bytes)
Number of section headers: 9
Section header string table index: 8
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000000000 00000280
0000000000000044 0000000000000000 AX 0 0 16
[ 2] .rela.text RELA 0000000000000000 000002c8
0000000000000030 0000000000000018 I 6 1 8
[ 3] .data PROGBITS 0000000000000000 00000300
0000000000000005 0000000000000000 WA 0 0 16
[ 4] .bss NOBITS 0000000000000000 00000310
0000000000000080 0000000000000000 A 0 0 16
[ 5] .rodata PROGBITS 0000000000000000 00000310
000000000000000d 0000000000000000 A 0 0 16
[ 6] .symtab SYMTAB 0000000000000000 00000320
0000000000000150 0000000000000018 7 14 8
[ 7] .strtab STRTAB 0000000000000000 00000470
0000000000000028 0000000000000000 0 0 1
[ 8] .shstrtab STRTAB 0000000000000000 00000498
000000000000003f 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
There are no section groups in this file.
There are no program headers in this file.
There is no dynamic section in this file.
Relocation section '.rela.text' at offset 0x2c8 contains 2 entries:
Offset Info Type Sym. Value Sym. Name + Addend
00000000001a 000500000001 R_X86_64_64 0000000000000000 .rodata + 0
000000000024 00050000000a R_X86_64_32 0000000000000000 .rodata + d
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
Symbol table '.symtab' contains 14 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 SECTION LOCAL DEFAULT 1
2: 0000000000000000 0 SECTION LOCAL DEFAULT 2
3: 0000000000000000 0 SECTION LOCAL DEFAULT 3
4: 0000000000000000 0 SECTION LOCAL DEFAULT 4
5: 0000000000000000 0 SECTION LOCAL DEFAULT 5
6: 0000000000000000 0 SECTION LOCAL DEFAULT 6
7: 0000000000000000 0 SECTION LOCAL DEFAULT 7
8: 0000000000000000 0 SECTION LOCAL DEFAULT 8
9: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c
10: 0000000000000000 68 FUNC GLOBAL DEFAULT 1 hello
11: 0000000000000060 13 OBJECT LOCAL DEFAULT 5 msg
12: 000000000000000d 8 NOTYPE LOCAL DEFAULT ABS len
13: 0000000000000050 5 OBJECT GLOBAL DEFAULT 3 _test
No version information found in this file.
I have compiled test.c with
gcc -c -nostdlib -fno-asynchronous-unwind-tables test.c -o test.o
to then link with ld test.o hello.o, which unfortunately yields
ld: test.o: in function `_start':
test.c:(.text+0xa): undefined reference to `hello'
even though the hello function is defined in hello.o (note the entry in the symbol table named hello which is in section 1, the .text section, and seems to have the correct size/type/value/bind).
If I compile a file with just void hello(){} in it the same way I compiled test.c, those two object files can obviously be linked. Also, if I generate my own ELF file hello.o as an executable, renaming the hello function to _start it executes just fine. I have been banging my head against the Wall for a while now, and there is two things I would like to know: Obviously I would like to know my issue with the ELF file. But also I would like to know how I can debug such issues in the future. I have tried to build ld from source (cloning the GNU binutils repo) with debugging symbols, but I did not get very far debugging ld itself.
Edit: I have uploaded my elf file here:
https://drive.google.com/file/d/1cRNr0VPAjkEbueuWFYwLYbpijVnLySqq/view?usp=sharing

This was quite hard to debug.
Here is the output from readelf -WSs hello.o for the file you uploaded to Google drive (it doesn't match the info in your question):
There are 9 section headers, starting at offset 0x40:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 0000000000000000 000280 000044 00 AX 0 0 16
[ 2] .rela.text RELA 0000000000000000 0002c8 000030 18 I 6 1 8
[ 3] .data PROGBITS 0000000000000000 000300 000005 00 WA 0 0 16
[ 4] .bss NOBITS 0000000000000000 000310 000080 00 A 0 0 16
[ 5] .rodata PROGBITS 0000000000000000 000310 00000d 00 A 0 0 16
[ 6] .symtab SYMTAB 0000000000000000 000320 000150 18 7 14 8
[ 7] .strtab STRTAB 0000000000000000 000470 000028 00 0 0 1
[ 8] .shstrtab STRTAB 0000000000000000 000498 00003f 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
Symbol table '.symtab' contains 14 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 SECTION LOCAL DEFAULT 1
2: 0000000000000000 0 SECTION LOCAL DEFAULT 2
3: 0000000000000000 0 SECTION LOCAL DEFAULT 3
4: 0000000000000000 0 SECTION LOCAL DEFAULT 4
5: 0000000000000000 0 SECTION LOCAL DEFAULT 5
6: 0000000000000000 0 SECTION LOCAL DEFAULT 6
7: 0000000000000000 0 SECTION LOCAL DEFAULT 7
8: 0000000000000000 0 SECTION LOCAL DEFAULT 8
9: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c
10: 0000000000000000 68 FUNC GLOBAL DEFAULT 1 hello
11: 0000000000000060 13 OBJECT LOCAL DEFAULT 5 msg
12: 000000000000000d 8 NOTYPE LOCAL DEFAULT ABS len
13: 0000000000000050 5 OBJECT GLOBAL DEFAULT 3 _test
The issue is with the .sh_info value (14) of the .symtab section.
According to documentation, .sh_info for SYMTAB section is supposed to contain "one greater than the symbol table index of the last local symbol (binding STB_LOCAL)."
So the value 14 tells the linker that all symbols in this file are local, and therefore can't possibly be used to resolve any external references to them.
You need to move all LOCAL symbols before GLOBAL ones (here, msg and len would need to move before hello), so that the symbol table looks like this:
...
9: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c
10: 0000000000000060 13 OBJECT LOCAL DEFAULT 5 msg
11: 000000000000000d 8 NOTYPE LOCAL DEFAULT ABS len
12: 0000000000000000 68 FUNC GLOBAL DEFAULT 1 hello
13: 0000000000000050 5 OBJECT GLOBAL DEFAULT 3 _test
and then set .sh_info for the .symtab section to 12.
But also I would like to know how I can debug such issues in the future.
As you've discovered, debugging binutils ld is very hard, partially because it uses libbfd, which is choke-full of macros and is itself very hard to debug.
I debugged this by building Gold from source, which fortunately produced the exact same failure.

How can I get the offset and data from the text section of a shared libray?

I build OpenSSL-1.0.2n with -g 386 shared option (to work with basic assembly version) to generate shared library libcrypto.so.1.0.0.
Inside crypto/aes folder, aes-x86_64.s is generated and it has different global functions/labels.
The total numbers of lines in aes-x86_64.s is 2535 and various labels are present at different place (or line number in .s file).
328 .globl AES_encrypt
.type AES_encrypt,#function
.align 16
.globl asm_AES_encrypt
.hidden asm_AES_encrypt
asm_AES_encrypt:
334 AES_encrypt:
775 .globl AES_decrypt
.type AES_decrypt,#function
.align 16
.globl asm_AES_decrypt
.hidden asm_AES_decrypt
asm_AES_decrypt:
781 AES_decrypt:
844 .globl private_AES_set_encrypt_key
.type private_AES_set_encrypt_key,#function
.align 16
847 private_AES_set_encrypt_key:
1105 .globl private_AES_set_decrypt_key
.type private_AES_set_decrypt_key,#function
.align 16
1108 private_AES_set_decrypt_key:
1292 .globl AES_cbc_encrypt
.type AES_cbc_encrypt,#function
.align 16
.globl asm_AES_cbc_encrypt
.hidden asm_AES_cbc_encrypt
asm_AES_cbc_encrypt:
1299 AES_cbc_encrypt:
1750 .LAES_Te:
.long 0xa56363c6,0xa56363c6
.long 0x847c7cf8,0x847c7cf8
.long 0x997777ee,0x997777ee
.long 0x8d7b7bf6,0x8d7b7bf6
.long 0x0df2f2ff,0x0df2f2ff
.long 0xbd6b6bd6,0xbd6b6bd6
....
....
2140 .LAES_Td:
.long 0x50a7f451,0x50a7f451
.long 0x5365417e,0x5365417e
.long 0xc3a4171a,0xc3a4171a
.long 0x965e273a,0x965e273a
.long 0xcb6bab3b,0xcb6bab3b
AES_cbc_encrypt is global function declared at line number 776 and label AES_cbc_encrypt is at line number 781.
local label .LAES_Te and .LAES_Td are at line number 1750 and 2140 respectively where long data are stored.
I am able to access global label AES_cbc_encrypt of assembly file from another C program by linking with shared library.
//test_glob.c
#include <stdlib.h>
extern void* AES_cbc_encrypt() ;
int main()
{
long *p;
int i;
p=(long *)(&AES_cbc_encrypt);
for(i=0;i<768;i++)
{
printf("p+%d %p %x\n",i, p+i,*(p+i));
}
}
gcc test_glob.c -lcryto
./a.out
This gives some random output and later segmentation fault.
There must be a way to find the offset of this data section (local label .LAES_Te and .LAES_Td) from global label AES_cbc_encrypt
so that the data can be used in encryption/decryption.
I have following questions.
1. How to find the offset from global label AES_cbc_encrypt to local label .LAES_Te and .LAES_Td so that based on
that offset I can access data from another C program ?
2. Is there any other way to access those data of assembly file from C program ?
3. Is there any way to find the location in memory where those data is loaded and access those memory location to access data ?
I am using gcc-5.4 Linux Ubuntu 16.04 . Any help or link will be highly appreciated. Thanks in advance.
EDIT 1:
readelf -a aes-x86_64.o produces following output.
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 14672 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 64 (bytes)
Number of section headers: 16
Section header string table index: 13
Section Headers:
[Nr] Name Type Address Offset Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000000000 00000040 0000000000002e40 0000000000000000 AX 0 0 64
[ 2] .rela.text RELA 0000000000000000 00003808 0000000000000018 0000000000000018 I 14 1 8
[ 3] .data PROGBITS 0000000000000000 00002e80 0000000000000000 0000000000000000 WA 0 0 1
[ 4] .bss NOBITS 0000000000000000 00002e80 0000000000000000 0000000000000000 WA 0 0 1
[ 5] .note.GNU-stack PROGBITS 0000000000000000 00002e80 0000000000000000 0000000000000000 0 0 1
[ 6] .debug_line PROGBITS 0000000000000000 00002e80 00000000000005a4 0000000000000000 0 0 1
[ 7] .rela.debug_line RELA 0000000000000000 00003820 0000000000000018 0000000000000018 I 14 6 8
[ 8] .debug_info PROGBITS 0000000000000000 00003424 0000000000000071 0000000000000000 0 0 1
[ 9] .rela.debug_info RELA 0000000000000000 00003838 0000000000000060 0000000000000018 I 14 8 8
[10] .debug_abbrev PROGBITS 0000000000000000 00003495 0000000000000014 0000000000000000 0 0 1
[11] .debug_aranges PROGBITS 0000000000000000 000034b0 0000000000000030 0000000000000000 0 0 16
[12] .rela.debug_arang RELA 0000000000000000 00003898 0000000000000030 0000000000000018 I 14 11 8
[13] .shstrtab STRTAB 0000000000000000 000038c8 0000000000000085 0000000000000000 0 0 1
[14] .symtab SYMTAB 0000000000000000 000034e0 0000000000000228 0000000000000018 15 14 8
[15] .strtab STRTAB 0000000000000000 00003708 00000000000000fb 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
There are no program headers in this file.
Relocation section '.rela.text' at offset 0x3808 contains 1 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000000fc0 001600000002 R_X86_64_PC32 0000000000000000 OPENSSL_ia32cap_P - 4
Relocation section '.rela.debug_line' at offset 0x3820 contains 1 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000000030 000100000001 R_X86_64_64 0000000000000000 .text + 0
Relocation section '.rela.debug_info' at offset 0x3838 contains 4 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000000006 000a0000000a R_X86_64_32 0000000000000000 .debug_abbrev + 0
00000000000c 000b0000000a R_X86_64_32 0000000000000000 .debug_line + 0
000000000010 000100000001 R_X86_64_64 0000000000000000 .text + 0
000000000018 000100000001 R_X86_64_64 0000000000000000 .text + 2e40
Relocation section '.rela.debug_aranges' at offset 0x3898 contains 2 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000000006 00090000000a R_X86_64_32 0000000000000000 .debug_info + 0
000000000010 000100000001 R_X86_64_64 0000000000000000 .text + 0
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
Symbol table '.symtab' contains 23 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 SECTION LOCAL DEFAULT 1
2: 0000000000000000 0 SECTION LOCAL DEFAULT 3
3: 0000000000000000 0 SECTION LOCAL DEFAULT 4
4: 0000000000000000 483 FUNC LOCAL DEFAULT 1 _x86_64_AES_encrypt
5: 00000000000001f0 609 FUNC LOCAL DEFAULT 1 _x86_64_AES_encrypt_compa
6: 0000000000000520 465 FUNC LOCAL DEFAULT 1 _x86_64_AES_decrypt
7: 0000000000000700 737 FUNC LOCAL DEFAULT 1 _x86_64_AES_decrypt_compa
8: 0000000000000ae0 649 FUNC LOCAL DEFAULT 1 _x86_64_AES_set_encrypt_k
9: 0000000000000000 0 SECTION LOCAL DEFAULT 8
10: 0000000000000000 0 SECTION LOCAL DEFAULT 10
11: 0000000000000000 0 SECTION LOCAL DEFAULT 6
12: 0000000000000000 0 SECTION LOCAL DEFAULT 11
13: 0000000000000000 0 SECTION LOCAL DEFAULT 5
14: 0000000000000460 177 FUNC GLOBAL DEFAULT 1 AES_encrypt
15: 0000000000000460 0 NOTYPE GLOBAL HIDDEN 1 asm_AES_encrypt
16: 00000000000009f0 184 FUNC GLOBAL DEFAULT 1 AES_decrypt
17: 00000000000009f0 0 NOTYPE GLOBAL HIDDEN 1 asm_AES_decrypt
18: 0000000000000ab0 35 FUNC GLOBAL DEFAULT 1 private_AES_set_encrypt_k
19: 0000000000000d70 541 FUNC GLOBAL DEFAULT 1 private_AES_set_decrypt_k
20: 0000000000000f90 1411 FUNC GLOBAL DEFAULT 1 AES_cbc_encrypt
21: 0000000000000f90 0 NOTYPE GLOBAL HIDDEN 1 asm_AES_cbc_encrypt
22: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND OPENSSL_ia32cap_P
No version information found in this file.
EDIT 2:
nm aes-x86_64.o produces following output.
0000000000000f90 T AES_cbc_encrypt
00000000000009f0 T AES_decrypt
0000000000000460 T AES_encrypt
0000000000000f90 T asm_AES_cbc_encrypt
00000000000009f0 T asm_AES_decrypt
0000000000000460 T asm_AES_encrypt
U OPENSSL_ia32cap_P
0000000000000d70 T private_AES_set_decrypt_key
0000000000000ab0 T private_AES_set_encrypt_key
0000000000000520 t _x86_64_AES_decrypt
0000000000000700 t _x86_64_AES_decrypt_compact
0000000000000000 t _x86_64_AES_encrypt
00000000000001f0 t _x86_64_AES_encrypt_compact
0000000000000ae0 t _x86_64_AES_set_encrypt_key
Edit 3:
nm -a gives following output
0000000000000f90 T AES_cbc_encrypt
00000000000009f0 T AES_decrypt
0000000000000460 T AES_encrypt
0000000000000f90 T asm_AES_cbc_encrypt
00000000000009f0 T asm_AES_decrypt
0000000000000460 T asm_AES_encrypt
0000000000000000 b .bss
0000000000000000 d .data
0000000000000000 N .debug_abbrev
0000000000000000 N .debug_aranges
0000000000000000 N .debug_info
0000000000000000 N .debug_line
0000000000000000 n .note.GNU-stack
U OPENSSL_ia32cap_P
0000000000000d70 T private_AES_set_decrypt_key
0000000000000ab0 T private_AES_set_encrypt_key
0000000000000000 t .text
0000000000000520 t _x86_64_AES_decrypt
0000000000000700 t _x86_64_AES_decrypt_compact
0000000000000000 t _x86_64_AES_encrypt
00000000000001f0 t _x86_64_AES_encrypt_compact
0000000000000ae0 t _x86_64_AES_set_encrypt_key

If you hard-code an offset based on this version of the library, it could break with a different version that has any changes in aes-x86_64.s.
So you should add a .globl foo and foo: label to the .s at the position of the data you want to access, and declare it in C as extern uint32_t foo[].
Then the normal code-gen mechanisms for accessing static data from a shared library will kick in. (i.e. load the address from the GOT if necessary).
Also, unless you compile with -fno-plt, &AES_cbc_encrypt will be the address of the PLT stub / wrapper, not the actual function in the library.
If you only need it to work with a specific build of the library:
Then yes I think with -fno-plt, taking the address of a function in the library will compile/assemble to a load from the GOT, so you get the actual address after dynamic linking. -fno-plt is essential for this to work.
It might be fairly far away if it's in another section (.rodata instead of .text probably) so your simple scan of 768 * 4 bytes may not find the table, though.
A better way to find the offset from a symbol you can use & on in C:
Use a debugger: single-step into a function that uses the data, and find what address it's loading from (gdb's built-in disassembly should work).
Or disassemble the binary and look at the little-endian rel32 offset in a RIP-relative load or LEA of the table address. (That offset won't be fixed-up at run-time). Look at the asm source to find an instruction that references the hidden symbol you want, then find that instruction in the disassembly.
That will give you the distance in bytes from the end of that instruction to the table. You can probably see the distance from that instruction to a symbol you can take the address of in C (like you're doing with the function pointer). Also, the disassembler will fill in absolute addresses (relative to some arbitrary base) for load addresses, and for symbols / instructions, so you can subtract those.

Linker script location counter invalid value

I am writing a linker script as:
SECTIONS
{
. = 0x100000;
.phys . :
{
*(.phys.text)
*(.phys.data)
. = ALIGN(4K);
}
.phys.bss . (NOLOAD) :
{
boot_stack_bottom = .;
. = . + 4K;
boot_stack_top = .;
*(.phys.bss)
}
. = . + KERNEL_OFFSET;
.boot . : AT(ADDR(.boot) - KERNEL_OFFSET)
{
*(.boot.text)
*(.boot.data)
}
}
When compiling my code, I expect to have .phys section at address 0x100000 which is true. I also expect .phy.bss to be at address 0x100000 + SIZEOF(.phys) but its not. The .phys.bss section has address 0x0. But, if i remove the . from the .phys.bss section and simply write .phys.bss (NOLOAD) : or explicitly specify the address using 0x100000 + SIZEOF(.phys) everything work OK. Why is . invalid for the .phys.bss section!?
This is output of the objdump for two cases:
.phys.bss (NOLOAD) :
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x00000000001012b3
Program Header:
LOAD off 0x0000000000001000 vaddr 0x0000000000100000 paddr 0x0000000000100000 align 2**12
filesz 0x0000000000003000 memsz 0x0000000000006000 flags rw-
LOAD off 0x0000000000004000 vaddr 0xffffffff80106000 paddr 0x0000000000106000 align 2**5
filesz 0x0000000000008918 memsz 0x000000000060a000 flags rwx
LOAD off 0x000000000000d000 vaddr 0xffffffff80710000 paddr 0x0000000000710000 align 2**12
filesz 0x0000000000013aa7 memsz 0x0000000000023000 flags rwx
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rwx
Sections:
Idx Name Size VMA LMA File off Algn
0 .phys 00003000 0000000000100000 0000000000100000 00001000 2**12
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .phys.bss 00003000 0000000000103000 0000000000103000 00004000 2**12
ALLOC
2 .boot 00008918 ffffffff80106000 0000000000106000 00004000 2**5
CONTENTS, ALLOC, LOAD, CODE
3 .boot.bss 006016e8 ffffffff8010e918 000000000010e918 0000c918 2**5
ALLOC
4 .text 00011735 ffffffff80710000 0000000000710000 0000d000 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
5 .rodata 00002372 ffffffff80721735 0000000000721735 0001e735 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .bss 0000e571 ffffffff80723aa7 0000000000723aa7 00020aa7 2**12
ALLOC
7 .ehframe 00000fe8 ffffffff80732018 0000000000732018 00020aa7 2**0
ALLOC
SYMBOL TABLE:
0000000000100000 l d .phys 0000000000000000 .phys
0000000000103000 l d .phys.bss 0000000000000000 .phys.bss
ffffffff80106000 l d .boot 0000000000000000 .boot
ffffffff8010e918 l d .boot.bss 0000000000000000 .boot.bss
ffffffff80710000 l d .text 0000000000000000 .text
ffffffff80721735 l d .rodata 0000000000000000 .rodata
ffffffff80723aa7 l d .bss 0000000000000000 .bss
ffffffff80732018 l d .ehframe 0000000000000000 .ehframe
0000000000000000 l df *ABS* 0000000000000000 src/arch/x86/64/head.o
000000000010102e l .phys 0000000000000000 huge_page_error_string
0000000000000029 l *ABS* 0000000000000000 huge_page_error_size
00000000001010ff l .phys 0000000000000000 pcid_error_string
0000000000000025 l *ABS* 0000000000000000 pcid_error_size
0000000000101148 l .phys 0000000000000000 invpcid_error_string
0000000000000033 l *ABS* 0000000000000000 invpcid_error_size
000000000010119f l .phys 0000000000000000 syscall_error_string
000000000000003a l *ABS* 0000000000000000 syscall_error_size
0000000000101205 l .phys 0000000000000000 fsgsbase_error_string
0000000000000035 l *ABS* 0000000000000000 fsgsbase_error_size
0000000000102010 l .phys 0000000000000000 _gdt64_ptr
0000000000102020 l .phys 0000000000000000 _gdt64
0000000000000000 l df *ABS* 0000000000000000 kernel_final.c
ffffffff80106030 l F .boot 00000000000000a5 merge_regions
ffffffff8030f0c0 l O .boot.bss 0000000000400118 allocated_p_regions
ffffffff80713930 l F .text 00000000000000a4 lookupIOPTSlot_resolve_levels
ffffffff807139e0 l F .text 00000000000000b9 vtd_process_faults
ffffffff80713aa0 l F .text 000000000000005b single_ioapic_init
ffffffff80723ae0 l O .bss 0000000000000060 ioredtbl_state
ffffffff80713b00 l F .text 000000000000005e lookupPDPTSlot
ffffffff801060e0 l F .boot 0000000000000037 init_pat_msr.part.173
ffffffff80713b60 l F .text 0000000000000016 Arch_fpuThreadDelete.part.177
ffffffff80713b80 l F .text 0000000000000046 preemptionPoint.part.183
ffffffff80713bd0 l F .text 0000000000000094 tcbSchedEnqueue.part.186
ffffffff80713c70 l F .text 0000000000000094 tcbSchedAppend.part.189
ffffffff80713d10 l F .text 0000000000000026 invokeTCB_NotificationControl.part.193
ffffffff80713d40 l F .text 000000000000009a parse_bool.constprop.210
ffffffff80714120 l F .text 000000000000014e cap_get_capPtr
ffffffff80714270 l F .text 000000000000002c cap_get_capMappedASID
ffffffff80714540 l F .text 000000000000006d lookup_vtd_context_slot
ffffffff807146d0 l F .text 0000000000000071 makeUserPDPTEHugePage
ffffffff80106d30 l F .boot 000000000000005e add_mem_p_regs
ffffffff807150d0 l F .text 0000000000000076 unmapPDPT
ffffffff8010e920 l O .boot.bss 0000000000000018 cpu_identity
ffffffff80716640 l F .text 0000000000000088 possibleSwitchTo
ffffffff807166f0 l F .text 0000000000000021 scheduleTCB.part.187
ffffffff80716740 l F .text 0000000000000012 setThreadState.part.188
ffffffff80717390 l F .text 000000000000001a capSwapForDelete.part.184
ffffffff80723ad0 l O .bss 0000000000000004 num_ioapics
ffffffff80723ac8 l O .bss 0000000000000008 ioapic_target_cpu
ffffffff8071ce80 l F .text 0000000000000062 maskInterrupt.part.196
ffffffff8071d100 l F .text 0000000000000113 emptySlot.part.197
ffffffff8071d220 l F .text 000000000000004a cteDeleteOne.part.198
ffffffff8071d3b0 l F .text 000000000000004d handleReply
ffffffff8071e3a0 l F .text 00000000000001cc handleRecv
ffffffff80720b00 l F .text 00000000000001b4 handleInvocation
ffffffff80723b40 l O .bss 0000000000000008 control_reg_order
ffffffff80712e90 g F .text 0000000000000038 int_d3
000000000010117b g F .phys 000000000000005e syscall_check
ffffffff80733000 g .ehframe 0000000000000000 ki_end
ffffffff80714da0 g F .text 000000000000001f findMapForASID
ffffffff8071dc80 g F .text 00000000000000f0 decodeWriteRegisters
ffffffff807122c0 g F .text 0000000000000038 int_9d
ffffffff80712fe0 g F .text 0000000000000038 int_d9
ffffffff80713750 g F .text 0000000000000038 int_fb
ffffffff8010d620 g F .boot 000000000000012f apic_init
ffffffff80712b10 g F .text 0000000000000038 int_c3
ffffffff80715a10 g F .text 0000000000000011 decodeX86IOSpaceInvocation
ffffffff80712e20 g F .text 0000000000000038 int_d1
ffffffff80710f48 g F .text 0000000000000038 int_44
ffffffff807100ae g F .text 0000000000000038 int_01
ffffffff807120c8 g F .text 0000000000000038 int_94
ffffffff80721520 g F .text 0000000000000022 c_handle_syscall
ffffffff80711ca0 g F .text 0000000000000038 int_81
ffffffff807101fe g F .text 0000000000000038 int_07
ffffffff80712d08 g F .text 0000000000000038 int_cc
ffffffff8010cbf0 g F .boot 00000000000001ba acpi_dmar_scan
ffffffff807185c0 g F .text 00000000000007b2 decodeX86ModeMMUInvocation
ffffffff8010e120 g F .boot 00000000000001c5 x86_cpuid_initialize
ffffffff80717130 g F .text 0000000000000096 cteMove
ffffffff80724000 g O .bss 0000000000000010 current_fault
ffffffff80711f40 g F .text 0000000000000038 int_8d
ffffffff807103b2 g F .text 0000000000000038 int_0f
ffffffff80710ab0 g F .text 0000000000000038 int_2f
ffffffff80724010 g O .bss 0000000000000008 seL4_VMFault_Msg
ffffffff801061d0 g F .boot 0000000000000021 apic_send_init_ipi
ffffffff807184f0 g F .text 0000000000000082 isFinalCapability
ffffffff80717870 g F .text 0000000000000012 isIRQActive
ffffffff8071e370 g F .text 0000000000000025 deleteCallerCap
ffffffff807145b0 g F .text 0000000000000085 makeUserPDELargePage
ffffffff807118b0 g F .text 0000000000000038 int_6f
ffffffff80715be0 g F .text 0000000000000077 Arch_maskCapRights
ffffffff80719690 g F .text 00000000000000ae lookupExtraCaps
ffffffff8010d810 g F .boot 00000000000000fe tsc_init
ffffffff8071a030 g F .text 0000000000000021 performInvocation_Endpoint
ffffffff807168e0 g F .text 0000000000000210 decodeX86PortInvocation
ffffffff80107090 g F .boot 00000000000031c4 init_vm_state
ffffffff80710960 g F .text 0000000000000038 int_29
ffffffff80712aa0 g F .text 0000000000000038 int_c1
ffffffff80713478 g F .text 0000000000000038 int_ee
ffffffff807190b0 g F .text 000000000000011c createNewObjects
ffffffff80711b88 g F .text 0000000000000038 int_7c
ffffffff807155d0 g F .text 0000000000000042 switchLocalFpuOwner
ffffffff80714f20 g F .text 0000000000000005 Arch_switchToThread
ffffffff80715a30 g F .text 00000000000000c5 Arch_deriveCap
ffffffff80713050 g F .text 0000000000000038 int_db
ffffffff80713e90 g F .text 0000000000000030 makeUserPDEPageTable
ffffffff80711e60 g F .text 0000000000000038 int_89
ffffffff80710ed8 g F .text 0000000000000038 int_42
ffffffff8071382a g F .text 0000000000000035 int_ff
ffffffff807118e8 g F .text 0000000000000038 int_70
ffffffff80714d90 g F .text 0000000000000002 isValidNativeRoot
ffffffff80710e30 g F .text 0000000000000038 int_3f
ffffffff80724018 g O .bss 0000000000000008 seL4_UnknownSyscall_Msg
ffffffff80719320 g F .text 0000000000000092 chooseThread
ffffffff8071ef60 g F .text 00000000000002d0 invokeTCB_ThreadControl
ffffffff80725000 g O .bss 0000000000001000 x64KSGlobalPD
ffffffff8010b1e0 g F .boot 00000000000004b1 create_it_address_space
ffffffff80712b80 g F .text 0000000000000038 int_c5
ffffffff80711df0 g F .text 0000000000000038 int_87
0000000000100000 g *ABS* 0000000000000000 PADDR_LOAD
ffffffff80716e30 g F .text 000000000000005f timerTick
ffffffff80712d40 g F .text 0000000000000038 int_cd
ffffffff80715350 g F .text 00000000000000f7 unmapPage
ffffffff80711098 g F .text 0000000000000038 int_4a
ffffffff80723a14 g O .rodata 0000000000000004 gpRegisters
ffffffff8071d9c0 g F .text 0000000000000010 invokeTCB_Resume
ffffffff807132b8 g F .text 0000000000000038 int_e6
ffffffff80712560 g F .text 0000000000000038 int_a9
ffffffff80718580 g F .text 000000000000003d slotCapLongRunningDelete
ffffffff80726000 g O .bss 0000000000000008 seL4_CapFault_Msg
ffffffff80106000 g F .boot 0000000000000027 _entry_64
ffffffff80711258 g F .text 0000000000000038 int_52
ffffffff80711370 g F .text 0000000000000038 int_57
ffffffff80710458 g F .text 0000000000000038 int_12
ffffffff80726008 g O .bss 0000000000000008 x64KSCurrentCR3
.phys.bss . (NOLOAD) :
architecture: i386:x86-64, flags 0x00000012:
EXEC_P, HAS_SYMS
start address 0x00000000001012b3
Program Header:
LOAD off 0x0000000000001000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12
filesz 0x0000000000000000 memsz 0x0000000000003000 flags rw-
LOAD off 0x0000000000000160 vaddr 0xffffffff80003000 paddr 0x0000000000003000 align 2**5
filesz 0x0000000000008918 memsz 0x000000000060a000 flags rwx
LOAD off 0x0000000000009000 vaddr 0x0000000000100000 paddr 0x0000000000100000 align 2**12
filesz 0x0000000000003000 memsz 0x0000000000003000 flags r--
LOAD off 0x000000000000c000 vaddr 0xffffffff8060d000 paddr 0x000000000060d000 align 2**12
filesz 0x0000000000013aa7 memsz 0x0000000000023000 flags rwx
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rwx
Sections:
Idx Name Size VMA LMA File off Algn
0 .phys 00003000 0000000000100000 0000000000100000 00009000 2**12
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .phys.bss 00003000 0000000000000000 0000000000000000 00001000 2**12
ALLOC
2 .boot 00008918 ffffffff80003000 0000000000003000 00000160 2**5
CONTENTS, ALLOC, LOAD, CODE
3 .boot.bss 006016e8 ffffffff8000b918 000000000000b918 00008a78 2**5
ALLOC
4 .text 00011735 ffffffff8060d000 000000000060d000 0000c000 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
5 .rodata 00002372 ffffffff8061e735 000000000061e735 0001d735 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .bss 0000e571 ffffffff80620aa7 0000000000620aa7 0001faa7 2**12
ALLOC
7 .ehframe 00000fe8 ffffffff8062f018 000000000062f018 0001faa7 2**0
ALLOC
SYMBOL TABLE:
0000000000100000 l d .phys 0000000000000000 .phys
0000000000000000 l d .phys.bss 0000000000000000 .phys.bss
ffffffff80003000 l d .boot 0000000000000000 .boot
ffffffff8000b918 l d .boot.bss 0000000000000000 .boot.bss
ffffffff8060d000 l d .text 0000000000000000 .text
ffffffff8061e735 l d .rodata 0000000000000000 .rodata
ffffffff80620aa7 l d .bss 0000000000000000 .bss
ffffffff8062f018 l d .ehframe 0000000000000000 .ehframe
0000000000000000 l df *ABS* 0000000000000000 src/arch/x86/64/head.o
000000000010102e l .phys 0000000000000000 huge_page_error_string
0000000000000029 l *ABS* 0000000000000000 huge_page_error_size
00000000001010ff l .phys 0000000000000000 pcid_error_string
0000000000000025 l *ABS* 0000000000000000 pcid_error_size
0000000000101148 l .phys 0000000000000000 invpcid_error_string
0000000000000033 l *ABS* 0000000000000000 invpcid_error_size
000000000010119f l .phys 0000000000000000 syscall_error_string
000000000000003a l *ABS* 0000000000000000 syscall_error_size
0000000000101205 l .phys 0000000000000000 fsgsbase_error_string
0000000000000035 l *ABS* 0000000000000000 fsgsbase_error_size
0000000000102010 l .phys 0000000000000000 _gdt64_ptr
0000000000102020 l .phys 0000000000000000 _gdt64
0000000000000000 l df *ABS* 0000000000000000 kernel_final.c
ffffffff80003030 l F .boot 00000000000000a5 merge_regions
ffffffff8020c0c0 l O .boot.bss 0000000000400118 allocated_p_regions
ffffffff80610930 l F .text 00000000000000a4 lookupIOPTSlot_resolve_levels
ffffffff806109e0 l F .text 00000000000000b9 vtd_process_faults
ffffffff80610aa0 l F .text 000000000000005b single_ioapic_init
ffffffff80620ae0 l O .bss 0000000000000060 ioredtbl_state
ffffffff80610b00 l F .text 000000000000005e lookupPDPTSlot
ffffffff800030e0 l F .boot 0000000000000037 init_pat_msr.part.173
ffffffff80610b60 l F .text 0000000000000016 Arch_fpuThreadDelete.part.177
ffffffff80610b80 l F .text 0000000000000046 preemptionPoint.part.183
ffffffff80610bd0 l F .text 0000000000000094 tcbSchedEnqueue.part.186
ffffffff80610c70 l F .text 0000000000000094 tcbSchedAppend.part.189
ffffffff80610d10 l F .text 0000000000000026 invokeTCB_NotificationControl.part.193
ffffffff80610d40 l F .text 000000000000009a parse_bool.constprop.210
ffffffff80611120 l F .text 000000000000014e cap_get_capPtr
ffffffff80611270 l F .text 000000000000002c cap_get_capMappedASID
ffffffff80611540 l F .text 000000000000006d lookup_vtd_context_slot
ffffffff806116d0 l F .text 0000000000000071 makeUserPDPTEHugePage
ffffffff80003d30 l F .boot 000000000000005e add_mem_p_regs
ffffffff806120d0 l F .text 0000000000000076 unmapPDPT
ffffffff8000b920 l O .boot.bss 0000000000000018 cpu_identity
ffffffff80613640 l F .text 0000000000000088 possibleSwitchTo
ffffffff806136f0 l F .text 0000000000000021 scheduleTCB.part.187
ffffffff80613740 l F .text 0000000000000012 setThreadState.part.188
ffffffff80614390 l F .text 000000000000001a capSwapForDelete.part.184
ffffffff80620ad0 l O .bss 0000000000000004 num_ioapics
ffffffff80620ac8 l O .bss 0000000000000008 ioapic_target_cpu
ffffffff80619e80 l F .text 0000000000000062 maskInterrupt.part.196
ffffffff8061a100 l F .text 0000000000000113 emptySlot.part.197
ffffffff8061a220 l F .text 000000000000004a cteDeleteOne.part.198
ffffffff8061a3b0 l F .text 000000000000004d handleReply
ffffffff8061b3a0 l F .text 00000000000001cc handleRecv
ffffffff8061db00 l F .text 00000000000001b4 handleInvocation
ffffffff80620b40 l O .bss 0000000000000008 control_reg_order
ffffffff8060fe90 g F .text 0000000000000038 int_d3
000000000010117b g F .phys 000000000000005e syscall_check
ffffffff80630000 g .ehframe 0000000000000000 ki_end
ffffffff80611da0 g F .text 000000000000001f findMapForASID
ffffffff8061ac80 g F .text 00000000000000f0 decodeWriteRegisters
ffffffff8060f2c0 g F .text 0000000000000038 int_9d
ffffffff8060ffe0 g F .text 0000000000000038 int_d9
ffffffff80610750 g F .text 0000000000000038 int_fb
ffffffff8000a620 g F .boot 000000000000012f apic_init
ffffffff8060fb10 g F .text 0000000000000038 int_c3
ffffffff80612a10 g F .text 0000000000000011 decodeX86IOSpaceInvocation
ffffffff8060fe20 g F .text 0000000000000038 int_d1
ffffffff8060df48 g F .text 0000000000000038 int_44
ffffffff8060d0ae g F .text 0000000000000038 int_01
ffffffff8060f0c8 g F .text 0000000000000038 int_94
ffffffff8061e520 g F .text 0000000000000022 c_handle_syscall
ffffffff8060eca0 g F .text 0000000000000038 int_81
ffffffff8060d1fe g F .text 0000000000000038 int_07
ffffffff8060fd08 g F .text 0000000000000038 int_cc
ffffffff80009bf0 g F .boot 00000000000001ba acpi_dmar_scan
ffffffff806155c0 g F .text 00000000000007b2 decodeX86ModeMMUInvocation
ffffffff8000b120 g F .boot 00000000000001c5 x86_cpuid_initialize
ffffffff80614130 g F .text 0000000000000096 cteMove
ffffffff80621000 g O .bss 0000000000000010 current_fault
ffffffff8060ef40 g F .text 0000000000000038 int_8d
ffffffff8060d3b2 g F .text 0000000000000038 int_0f
ffffffff8060dab0 g F .text 0000000000000038 int_2f
ffffffff80621010 g O .bss 0000000000000008 seL4_VMFault_Msg
ffffffff800031d0 g F .boot 0000000000000021 apic_send_init_ipi
ffffffff806154f0 g F .text 0000000000000082 isFinalCapability
ffffffff80614870 g F .text 0000000000000012 isIRQActive
ffffffff8061b370 g F .text 0000000000000025 deleteCallerCap
ffffffff806115b0 g F .text 0000000000000085 makeUserPDELargePage
ffffffff8060e8b0 g F .text 0000000000000038 int_6f
ffffffff80612be0 g F .text 0000000000000077 Arch_maskCapRights
ffffffff80616690 g F .text 00000000000000ae lookupExtraCaps
ffffffff8000a810 g F .boot 00000000000000fe tsc_init
ffffffff80617030 g F .text 0000000000000021 performInvocation_Endpoint
ffffffff806138e0 g F .text 0000000000000210 decodeX86PortInvocation
ffffffff80004090 g F .boot 00000000000031c4 init_vm_state
ffffffff8060d960 g F .text 0000000000000038 int_29
ffffffff8060faa0 g F .text 0000000000000038 int_c1
ffffffff80610478 g F .text 0000000000000038 int_ee
ffffffff806160b0 g F .text 000000000000011c createNewObjects
ffffffff8060eb88 g F .text 0000000000000038 int_7c
ffffffff806125d0 g F .text 0000000000000042 switchLocalFpuOwner
ffffffff80611f20 g F .text 0000000000000005 Arch_switchToThread
ffffffff80612a30 g F .text 00000000000000c5 Arch_deriveCap
ffffffff80610050 g F .text 0000000000000038 int_db
ffffffff80610e90 g F .text 0000000000000030 makeUserPDEPageTable
ffffffff8060ee60 g F .text 0000000000000038 int_89
ffffffff8060ded8 g F .text 0000000000000038 int_42
ffffffff8061082a g F .text 0000000000000035 int_ff
ffffffff8060e8e8 g F .text 0000000000000038 int_70
ffffffff80611d90 g F .text 0000000000000002 isValidNativeRoot
ffffffff8060de30 g F .text 0000000000000038 int_3f
ffffffff80621018 g O .bss 0000000000000008 seL4_UnknownSyscall_Msg
ffffffff80616320 g F .text 0000000000000092 chooseThread
ffffffff8061bf60 g F .text 00000000000002d0 invokeTCB_ThreadControl
ffffffff80622000 g O .bss 0000000000001000 x64KSGlobalPD
ffffffff800081e0 g F .boot 00000000000004b1 create_it_address_space
ffffffff8060fb80 g F .text 0000000000000038 int_c5
ffffffff8060edf0 g F .text 0000000000000038 int_87
0000000000100000 g *ABS* 0000000000000000 PADDR_LOAD
ffffffff80613e30 g F .text 000000000000005f timerTick
ffffffff8060fd40 g F .text 0000000000000038 int_cd
ffffffff80612350 g F .text 00000000000000f7 unmapPage
ffffffff8060e098 g F .text 0000000000000038 int_4a
ffffffff80620a14 g O .rodata 0000000000000004 gpRegisters
ffffffff8061a9c0 g F .text 0000000000000010 invokeTCB_Resume
ffffffff806102b8 g F .text 0000000000000038 int_e6
ffffffff8060f560 g F .text 0000000000000038 int_a9
ffffffff80615580 g F .text 000000000000003d slotCapLongRunningDelete
ffffffff80623000 g O .bss 0000000000000008 seL4_CapFault_Msg
ffffffff80003000 g F .boot 0000000000000027 _entry_64
ffffffff8060e258 g F .text 0000000000000038 int_52
ffffffff8060e370 g F .text 0000000000000038 int_57
ffffffff8060d458 g F .text 0000000000000038 int_12
ffffffff80623008 g O .bss 0000000000000008 x64KSCurrentCR3

Wrong pointer operation while iterating over structs in an ELF section

I have this POC compilable code:
hello-1.c
#include <linux/module.h>
#include <linux/kernel.h>
char a, b, c;
asm(".section counters, \"aw\"");
typedef struct {
atomic_t counter;
char *name;
int a;
int b;
void *ff;
void *rf;
} __attribute__((packed)) counter_info_t;
#define __PUT_STUFF_IN_SECTION(_name) \
do{ \
static counter_info_t __counter_info_##_name \
__attribute((used, section("counters"))) = { \
.counter = ATOMIC_INIT(0), \
.name = #_name, \
.a = 0, \
.b = 0, \
.ff = init_module, \
.rf = init_module, \
}; \
}while(0)
extern counter_info_t __start_counters[];
extern counter_info_t __stop_counters[];
int init_module(void){
__PUT_STUFF_IN_SECTION(a);
__PUT_STUFF_IN_SECTION(b);
__PUT_STUFF_IN_SECTION(c);
return 0;
}
void cleanup_module(void){
counter_info_t *iter = __start_counters;
printk(KERN_INFO "Start %p\n", &__start_counters);
for(; iter < __stop_counters; ++iter){
printk(KERN_INFO "Name: %s.\n", iter->name);
}
printk(KERN_INFO "End %p\n", &__stop_counters);
printk(KERN_INFO "Goodbye world!\n");
}
linkerscript.ld
SECTIONS
{
counters : {
__start_counters = . ;
*(counters)
__stop_counters = . ;
}
}
Makefile
obj-m += hello.o
hello-y += hello-1.o
ldflags-y += -T$(M)/linkerscript.ld
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
What this code does is put a few structs in a section and then iterate over those structs, printing the name of each one.
Note that the code as-is will fail, printing wrong data. Anyways, removing just one member from the struct (e.g. the member b) the module will start working correctly.
My question is: Why is it failing? Why ++iter won't do the correct pointer operation when the struct has 6 members, but it will work fine with 5 members?
Steps to reproduce: make, sudo insmod hello.ko, sudo rmmod hello, dmesg
Edit: Add readelf output
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 2808 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 64 (bytes)
Number of section headers: 15
Section header string table index: 10
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000000000 00000040
0000000000000088 0000000000000000 AX 0 0 16
[ 2] .rela.text RELA 0000000000000000 00000838
0000000000000168 0000000000000018 11 1 8
[ 3] .data PROGBITS 0000000000000000 000000c8
0000000000000000 0000000000000000 WA 0 0 4
[ 4] .bss NOBITS 0000000000000000 000000c8
0000000000000003 0000000000000000 WA 0 0 4
[ 5] counters PROGBITS 0000000000000000 000000e0
00000000000000a4 0000000000000000 WA 0 0 32
[ 6] .relacounters RELA 0000000000000000 000009a0
00000000000000d8 0000000000000018 11 5 8
[ 7] .rodata.str1.1 PROGBITS 0000000000000000 00000184
000000000000003b 0000000000000001 AMS 0 0 1
[ 8] .comment PROGBITS 0000000000000000 000001bf
000000000000002b 0000000000000001 MS 0 0 1
[ 9] .note.GNU-stack PROGBITS 0000000000000000 000001ea
0000000000000000 0000000000000000 0 0 1
[10] .shstrtab STRTAB 0000000000000000 00000a78
0000000000000079 0000000000000000 0 0 1
[11] .symtab SYMTAB 0000000000000000 00000598
00000000000001f8 0000000000000018 12 12 8
[12] .strtab STRTAB 0000000000000000 00000790
00000000000000a4 0000000000000000 0 0 1
[13] __mcount_loc PROGBITS 0000000000000000 00000eb8
0000000000000010 0000000000000008 A 0 0 8
[14] .rela__mcount_loc RELA 0000000000000000 00000ec8
0000000000000030 0000000000000018 11 13 8
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
There are no program headers in this file.
Relocation section '.rela.text' at offset 0x838 contains 15 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000000001 000d00000002 R_X86_64_PC32 0000000000000000 __fentry__ - 4
000000000011 000d00000002 R_X86_64_PC32 0000000000000000 __fentry__ - 4
00000000001b 000f0000000b R_X86_64_32S 0000000000000000 __start_counters + 0
000000000022 00060000000b R_X86_64_32S 0000000000000000 .rodata.str1.1 + 0
00000000002b 001000000002 R_X86_64_PC32 0000000000000000 printk - 4
000000000032 000f0000000b R_X86_64_32S 0000000000000000 __start_counters + 0
000000000038 00110000000b R_X86_64_32S 0000000000000000 __stop_counters + 0
000000000041 00110000000b R_X86_64_32S 0000000000000000 __stop_counters + 0
000000000048 00060000000b R_X86_64_32S 0000000000000000 .rodata.str1.1 + c
00000000004f 001000000002 R_X86_64_PC32 0000000000000000 printk - 4
000000000056 00060000000b R_X86_64_32S 0000000000000000 .rodata.str1.1 + 16
00000000005d 001000000002 R_X86_64_PC32 0000000000000000 printk - 4
000000000070 00060000000b R_X86_64_32S 0000000000000000 .rodata.str1.1 + 28
000000000079 001000000002 R_X86_64_PC32 0000000000000000 printk - 4
000000000080 00110000000b R_X86_64_32S 0000000000000000 __stop_counters + 0
Relocation section '.relacounters' at offset 0x9a0 contains 9 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000000004 000600000001 R_X86_64_64 0000000000000000 .rodata.str1.1 + 35
000000000014 000c00000001 R_X86_64_64 0000000000000000 init_module + 0
00000000001c 000c00000001 R_X86_64_64 0000000000000000 init_module + 0
000000000044 000600000001 R_X86_64_64 0000000000000000 .rodata.str1.1 + 37
000000000054 000c00000001 R_X86_64_64 0000000000000000 init_module + 0
00000000005c 000c00000001 R_X86_64_64 0000000000000000 init_module + 0
000000000084 000600000001 R_X86_64_64 0000000000000000 .rodata.str1.1 + 39
000000000094 000c00000001 R_X86_64_64 0000000000000000 init_module + 0
00000000009c 000c00000001 R_X86_64_64 0000000000000000 init_module + 0
Relocation section '.rela__mcount_loc' at offset 0xec8 contains 2 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000000000 000200000001 R_X86_64_64 0000000000000000 .text + 0
000000000008 000200000001 R_X86_64_64 0000000000000000 .text + 10
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
Symbol table '.symtab' contains 21 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello-1.c
2: 0000000000000000 0 SECTION LOCAL DEFAULT 1
3: 0000000000000000 0 SECTION LOCAL DEFAULT 3
4: 0000000000000000 0 SECTION LOCAL DEFAULT 4
5: 0000000000000000 0 SECTION LOCAL DEFAULT 5
6: 0000000000000000 0 SECTION LOCAL DEFAULT 7
7: 0000000000000000 36 OBJECT LOCAL DEFAULT 5 __counter_info_a.14513
8: 0000000000000040 36 OBJECT LOCAL DEFAULT 5 __counter_info_b.14514
9: 0000000000000080 36 OBJECT LOCAL DEFAULT 5 __counter_info_c.14515
10: 0000000000000000 0 SECTION LOCAL DEFAULT 9
11: 0000000000000000 0 SECTION LOCAL DEFAULT 8
12: 0000000000000000 13 FUNC GLOBAL DEFAULT 1 init_module
13: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __fentry__
14: 0000000000000010 120 FUNC GLOBAL DEFAULT 1 cleanup_module
15: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __start_counters
16: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND printk
17: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __stop_counters
18: 0000000000000000 1 OBJECT GLOBAL DEFAULT 4 c
19: 0000000000000001 1 OBJECT GLOBAL DEFAULT 4 b
20: 0000000000000002 1 OBJECT GLOBAL DEFAULT 4 a
No version information found in this file.