On Feb 18, 2025, at 12:54 AM, Michael Stapelberg <michael@xxxxxxxxxxxxx> wrote: > I think in your testing, you probably did not try the eu-stack tool > from the elfutils package, because I think I found a bug: Hi Michael, Thanks for the report. I can confirm that this issue does seem to be from this commit. I tested it with Juniper's Linux kernel with and without the changes. You're correct that the original testing done did not include the eu-stack tool. > Current elfutils cannot symbolize core dumps created by Linux 6.12+. > I noticed this because systemd-coredump(8) uses elfutils, and when > a program crashed on my machine, syslog did not show function names. > > I reported this issue with elfutils at: > https://urldefense.com/v3/__https://sourceware.org/bugzilla/show_bug.cgi?id=32713__;!!NEt6yMaO-gk!DbttKuHxkBdrV4Cj9axM3ED6mlBHXeQGY3NVzvfDlthl-K39e9QIrZcwT8iCXLRu0OivWRGgficcD-aCuus$ > …but figured it would be good to give a heads-up here, too. > > Is this breakage sufficient reason to revert the commit? > Or are we saying userspace just needs to be updated to cope? The way I see it is that, as long as we're in compliance with the applicable ELF specifications, then the issue lies with userspace apps to ensure that they are not making additional erroneous assumptions. However, Eric mentioned a while ago in v1 of this patch that he believes that the ELF specification requires program headers be written in memory order. Digging through the ELF specifications, I found that any loadable segment entries in the program header table must be sorted on the virtual address of the first byte of which the segment resides in memory. This indicates that we have deviated from the ELF specification with this commit. One thing we can do to remedy this is to have program headers sorted according to the specification, but then continue dumping in VMA size ordering. This would make the dumping logic significantly more complex though. Seeing how most popular userspace apps, with the exception of eu-stack, seem to work, we could also just leave it, and tell userspace apps to fix it on their end. Eric and Kees, thoughts? I'm open to going either way. Best, Brian
