GEF doesn't print kernel symbol as well #920
Description
GEF+GDB version
GEF: rev:4e8903400efa6abf3c80cd5a9d43420323936b35 (Git - clean)
SHA256(/root/gef/gef.py): a9a82de9b388b183dc4af94e4fd03c44a25cdee0fff070b1d73bd80e36855bb4
GDB: 9.2
GDB-Python: 3.8Operating System
Ubuntu 20.04.3 LTS
Describe the issue you encountered
I tried to debug ubuntu which ran on the qemu, and I found that gdb with gef won't display detailed symbol when I typed "p f" when I set breakpoint on fs/read_write.c:619. In contrast, gef showed "No symbol "f" in current context."
It seems that gef can't get symbol f even if I run command "add-symbol-file [vmlinux with debug symbol] [address]" before.
I also tried to use gdb without any plugin, this time gdb print struct fd f properly, so I thought maybe this is a bug for gef
Do you read the docs and look at previously closed issues/PRs for similar cases?
Yes
Architecture impacted
- X86
- X64
- ARM
- ARM64
- MIPS
- MIPS64
- PPC
- PPC64
- RISCV
Describe your issue. Without a proper reproduction step-by-step, your issue will be ignored.
Provide a step-by-step to reproduce your issue.
I tried to run ubuntu 22.04 on qemu and use gdb to debug it.
Here is the script I modified from askUbuntu
#!/bin/bash
set -eux
id=ubuntu-22.04.1-desktop-amd64
disk_img="${id}.img.qcow2"
disk_img_snapshot="${id}.snapshot.qcow2"
iso="${id}.iso"
if [ ! -f "$iso" ]; then
wget "https://releases.ubuntu.com/22.04/${id}"
fi
#create base img
if [ ! -f "${disk_img}" ]; then
qemu-img create -f qcow2 "$disk_img" 1T
qemu-system-x86_64 \
-cdrom "${iso}" \
-drive "file=${disk_img},format=qcow2" \
-enable-kvm \
-m 2G \
-smp 2 \
;
fi
# create snapshot base on disk_img
if [ ! -f "${disk_img_snapshot}" ]; then
qemu-img create -b "${disk_img}" -f qcow2 "${disk_img_snapshot}" \
;
fi
qemu-system-x86_64 \
-drive "file=${disk_img_snapshot},format=qcow2" \
-enable-kvm \
-m 2G \
-smp 2 \
-soundhw hda \
-vga virtio \
"$@" \
;
I downloaded the vmlinux with symbol from this url and linux-source from this url
After downloaded these two files, I extracted both of them in host.
I installed ubuntu by following script I mentioned before then ran the qemu with this command qemu-system-x86_64 -drive file=ubuntu-22.04.1-desktop-amd64.snapshot.qcow2,format=qcow2 -enable-kvm -m 2G -smp 2 -soundhw hda -vga virtio -nic user,hostfwd=tcp::8888-:22 -s
To use gef-remote, I run gdb-gef in root: sudo gdb-gef and run following command
gef-remote --qemu-user --qemu-binary vmlinux-5.15.0-53-generic localhost 1234
add-symbol-file ./vmlinux-5.15.0-53-generic 0xffffffffa5600000
set substitute-path /build/linux-JjvoxS/linux-5.15.0 /tmp/extract/x/usr/src/linux-source-5.15.0/linux-source-5.15.0
b fs/read_write.c:619
c
During the debug, I didn't stop qemu guest so the text address 0xffffffffa5600000 won't change.
When gdb stop because of breakpoint, I treid to run command p f to print struct fd content, gdb showed
(remote) gef➤ p f
No symbol "f" in current context.
However, when I use gdb without any plugin and run following command:
target remote :1234
add-symbol-file ./vmlinux-5.15.0-53-generic 0xffffffffa5600000
set substitute-path /build/linux-JjvoxS/linux-5.15.0 /tmp/extract/x/usr/src/linux-source-5.15.0/linux-source-5.15.0
b fs/read_write.c:619
c
When gdb stop because of breakpoint, I treid to run command p f to print struct fd content, this time gdb work as fine
Thread 2 hit Breakpoint 1, ksys_read (fd=<optimized out>, buf=0x7ffcc25ca0a0 "\001", count=8) at /build/linux-JjvoxS/linux-5.15.0/fs/read_write.c:619
619 if (f.file) {
(gdb) p f
$1 = {file = 0xffff98a4027dd400, flags = <optimized out>}
Minimalist test case
Use this field for a minimal code to compile and spot the issue:
// compile with gcc -fPIE -pic -o my_issue.out my_issue.c
int main(){ return 0; }You can also provide a Dockerfile if you prefer
Additional context?
- Screenshots
gdb with gef
gdb without any plugin
- Callstack
- Coredumps
- If possible and useful, please upload the binary