Examining the Linux VDSO

anomit | April 18, 2010

I have been recently looking into the sysenter/sysexit way of implementing system calls on Linux. It’s then that I came to know about the concept of VDSO (Virtual Dynamic Shared Object). It may look hacky to some but IMO, it’s quite an elegant and practical solution to overcome the incompatibilities that might be introduced if it was left to the userland libraries like libc to use the software interrupt or sysenter/sysexit mechanism. You will get more information about the VDSO here than I could ever dig into.

Even though the post linked above is very informative, it suffers from the same problems that plague most of the resources on linux kernel on the web. A couple of things are outdated there which could seriously put you off if you like to get your hands dirty along with reading such stuff.

  • It states that the VDSO is

    a shared object exposed by the kernel at a fixed address in every process’ memory

    Unfortunately, this isn’t the case anymore. It might have been true for the <2.6.15 kernels but it certainly isn't that way on my 2.6.32 kernel. To get an idea, try this command a few times:
    cat /proc/self/maps | fgrep vdso
    This will give you the memory map of the process running `cat` itself. You will see the memory address to which the vdso is mapped is different each time rather than the fixed mapping to 0xffffe000 as the post claims, which brings us to our second problem.

  • Assuming the fixed mapping at 0xffffe000, the post tells you to use dd to extract the relevant information by accessing the process' pages through /proc/self/mem.
    dd if=/proc/self/mem of=linux-gate.dso bs=4096 skip=1048574 count=1
    But things aren't the same now. You will never know the pages to skip over because the VDSO is always mapped at a different location everytime you run the `dd` command. If you don't believe me, try it out yourself.

To overcome this problem, I created this small script in python which will extracts the VDSO from its own mapping into a file and then you can use `objdump` to examine it.

"""
This script writes the VDSO to the file linux-gate.dso.1 .
Use `objdump -d linux-gate.dso.1` to examine it.
You might also want to play around more with the other objdump options and
the readelf tool :) 

LICENSE: MIT License ( http://www.opensource.org/licenses/mit-license.php )
"""
from __future__ import with_statement
import os
import re

## regex pattern for finding out the memory address range from the output line
pattern = re.compile(r'[\w\d]+-[\w\d]+')
with open('/proc/self/maps', 'r') as file:
    for line in file:
        line = line.rstrip()
        if '[vdso]' in line:
            addr_range = pattern.findall(line)[0]
            start_addr, end_addr = [int(addr, 16)
                                    for addr in addr_range.split('-')]

fd = os.open('/proc/self/mem', os.O_RDONLY)
os.lseek(fd, start_addr, os.SEEK_SET)
buf = os.read(fd, (end_addr-start_addr))

with open('linux-gate.dso.1', 'w') as file:
    file.write(buf)
    file.close()
os.close(fd)

I also created a github gist in case you need to track any further corrections to problems that might arise later on or maybe fork it.

Comments
10 Comments »
Categories
Coding, GNU/Linux
Tags
, , , ,
Comments rss Comments rss
Trackback Trackback