Need help figuring out why my powerpc elf file causing seg fault

[dion]

Hello,

basically, i am trying to embed a vxworks image into an elf binary (a simple hello world c application), just to see if it is possible. if it is possible, i plan to use call cast on the c code to verify certain functions inside vxworks image. but after weeks, i find no way to make this elf run without seg fault (using qemu-ppc). thus, i need help.

so, i used debian, and the commands were like these :

Code:

powerpc-linux-gnu-objcopy -I binary -O elf32-powerpc -B powerpc vxs vxw.o
powerpc-linux-gnu-objcopy --set-section-flags .data=alloc,load,code vxw.o
powerpc-linux-gnu-objcopy --rename-section .data=.vxworks vxw.o
powerpc-linux-gnu-gcc -Wall -Werror -g hello.c -o myprog -T myscript vxw.o -static

vxs is prepared vxworks image. but it can be any binary blob. hello.c :

Code:

#include <stdio.h>

extern unsigned char _binary_vxs_start;
extern unsigned char _binary_vxs_end;

int main()
{
	printf("Hello World!\n");
	unsigned char *pblob = &_binary_vxs_start;
    	int i = 0;
	while (i < 100)
	{
	printf("%x: %02X\n", pblob - &_binary_vxs_start, *pblob);
	i++;
	pblob++;
	}

	return 0;
}

the linker script is default linker script modified. i got the default by :

Code:

powerpc-linux-gnu-ld --verbose

i listed here the modifications :

Code:

...
  /* Read-only sections, merged into text segment: */
  /* PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x10000000)); . = SEGMENT_START("text-segment", 0x10000000) + SIZEOF_HEADERS; */
  PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x000FFF4C)); 
  . = SEGMENT_START("text-segment", 0x000FFF4C) + SIZEOF_HEADERS; 

  .vxworks	  : { *(.vxworks) } 
  .interp         : { *(.interp) }
...

the elf file constructed successfully without any warning. but when run it with "qemu-ppc myprog", it seg fault. this seg fault seems only happen when i set the segment start (in linker script) to that very value. if i set them to other value, they seems to run normally. so, is there anyway to track why seg fault happen?

tried to compare both working elf and notworking elf with readelf, the not working one, doesn't have __ehdr_start. i tried to add that symbol in the linker script :

Code:

__ehdr_start = 0x000FFF4C;

but not worked (still seg fault). it compiled the symbol as global and abs. i can not find anything from google concern this.

any help appreciated.
thanks in advance.

[deepzero]

Works perfectly fine for me just following your steps.
I do not understand why you change segment_start though? And where does 0x000FFF4C come from?

I am attaching my tests, sw versions I used:

Quote:

deep@zero:~/tmp/ppc$ powerpc-linux-gnu-gcc --version
powerpc-linux-gnu-gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0

deep@zero:~/tmp/ppc$ qemu-ppc --version
qemu-ppc version 4.2.1 (Debian 1:4.2-3ubuntu6.16)

deep@zero:~/tmp/ppc$ powerpc-linux-gnu-ld --version
GNU ld (GNU Binutils for Ubuntu) 2.34

[dion]

Quote:

Originally Posted by deepzero

Works perfectly fine for me just following your steps.
I do not understand why you change segment_start though? And where does 0x000FFF4C come from?

I am attaching my tests, sw versions I used:

it is because i need to load the image at certain address (which is 0x00100000). the image is position dependent code.

when i used default loading address(0x10000000), the vx section loaded at (0x100000b4). so, i figured, i just need to substract to get loaded to 0x00100000, which is 0x000FFF4C.

btw, i got :

Code:

Error while loading myprog: Permission denied

when i tried to qemu-ppc your file. the sw version seems to be more updated from what's on mine.

[CryptXor]

Ok i'll poke the elephant in the room

Quote:

Originally Posted by dion

basically, i am trying to embed a vxworks image into an elf binary (a simple hello world c application), just to see if it is possible. if it is possible, i plan to use call cast on the c code to verify certain functions inside vxworks image. but after weeks, i find no way to make this elf run without seg fault (using qemu-ppc). thus, i need help.

Why? Does it have to be vxworks specifically? Because it seems a lot more straightforward to just implement whatever functions you want yourself

[dion]

Quote:

Originally Posted by CryptXor

Ok i'll poke the elephant in the room



Why? Does it have to be vxworks specifically? Because it seems a lot more straightforward to just implement whatever functions you want yourself

yes, because it's what i worked on. i am not trying to implement something on source level, but to verify certain crypto function inside.

[deepzero]

makes sense, and since the file works for me but not for you the issue has to be in your setup...

Try

Quote:

qemu-ppc -strace -D log.log -d guest_errors,int myprog

and see if you get any errors.
Or attach gdb

Quote:

qemu-ppc -g 1234 myprog

And in another terminal: gdb -> target remote localhost:1234 -> continue

[dion]

tried in ubuntu 20.04, installed the bintools and gcc, it works.
must be bug somewhere.

thank you deepzero